Privacy Policy

Last Updated: February 6, 2026

Threadline CX LLC ("Threadline," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information when you access or use the Threadline website and platform (the "Services").

Threadline is a customer experience intelligence platform that analyzes customer feedback on behalf of businesses. We design our systems with data minimization, isolation, and transparency as core principles.

1. Information We Collect

A. Account & Profile Information

When you create an account, we collect:

Name
Email address
Company name
Job title (optional)
Password (stored only as a cryptographic hash, never in plaintext)

B. Organization & Membership Data

Organization name and identifier
Role assignments (owner, admin, member)
Organization membership history

C. Customer Experience Content (User-Generated Content)

When you use Threadline to analyze feedback, including uploaded internal customer surveys, we process and store:

Brand or product name
Feedback source (e.g., public reviews, uploaded surveys)
Feedback count and analysis type
Analysis tier and outputs (including structured insights and visualizations)
Optional audio narrations (title, type, associated brand)

D. Feedback Vault

Threadline stores customer feedback text per organization in a secure Feedback Vault:

Feedback is stored only for analysis and benchmarking
SHA-256 hashing is used for deduplication
A cutoff date of January 1, 2024 is enforced for benchmarking datasets
Feedback Vault entries are strictly scoped to the owning organization

E. Session & Technical Data

Collected automatically to operate the service:

Session tokens
IP addresses (partially masked in exports)
User agent strings
Authentication and security logs

F. Analytics Data (Consent-Based)

If you provide consent, we collect:

Page visits and navigation paths
Referrer URLs
Approximate location (city, region, country via ipapi.co)
Browser and device metadata

2. Cookies & Local Storage

Essential (No Consent Required)

session_token – authentication and session management
threadline_cookie_consent – stores your consent preference (localStorage)

Analytics (Consent Required)

Google Analytics scripts
Internal visit tracking via /api/visit-notification

You may withdraw or update consent at any time from your profile settings.

3. How We Use Information

We process personal data based on contractual necessity, legitimate interests in operating and securing the platform, and user consent where required.

Information is used to:

Provide, operate, and improve the Services
Perform customer experience analysis and reporting, including analysis of uploaded survey data
Maintain security and prevent abuse
Enforce usage limits and subscription tiers
Generate anonymized, aggregate industry benchmarks

Threadline does not sell personal data.

4. AI & Automated Processing

Threadline uses third-party AI providers to analyze customer feedback and survey responses and generate insights, including:

OpenAI (GPT-4.1-mini)
Google Gemini (Gemini 3 Pro Preview)
Anthropic Claude (Sonnet)

Only the minimum data required for analysis is transmitted. Customer feedback and survey data are processed solely to produce insights requested by the user.

Threadline does not use customer data to train public AI models and does not make automated decisions that produce legal or similarly significant effects on individuals.

These providers may process data outside your country of residence. Threadline relies on appropriate contractual safeguards to support international data transfers.

5. Third-Party Services

Threadline relies on trusted service providers, including:

Stripe – subscription billing and payments
Neon (PostgreSQL) – managed database hosting
Replit – application hosting and deployment
DALL·E, Google Vertex AI Imagen, RunPod (Stable Diffusion) – image generation
ipapi.co – approximate geolocation (analytics consent required)

Access is limited to what is necessary to deliver the Services.

6. Data Isolation & Multi-Tenancy

Threadline is a multi-tenant platform with strict isolation:

Users can only access data within their organization
Feedback Vault entries are organization-scoped
Rate limits and feature access are enforced per subscription tier
Administrative access is logged and audited

7. Data Retention & Deletion

Session data: retained until logout or expiration
Account data: deleted upon account deletion
Analyses & narrations: anonymized (user reference removed) upon deletion to preserve aggregate benchmarks
Feedback Vault: organization-scoped; soft-deleted only by super admin with audit trail

If an organization has multiple members, ownership must be transferred before deletion.

8. Your Rights

Depending on your location, you may have the right to:

Access your personal data
Export your data (Right to Portability – Art. 20 GDPR)
Delete your account (Right to Erasure – Art. 17 GDPR)
Withdraw analytics consent at any time
Restrict or object to certain processing activities, where permitted by law

Data export and deletion controls are available from your profile page.

California Residents:

Threadline does not sell or share personal information as defined under the California Consumer Privacy Act (CCPA).

9. Security Measures

Threadline implements industry-standard safeguards, including:

JWT-based authentication and secure session management
Password hashing
Role-based access controls
Super-admin allowlisting with dual verification
Audit logging for sensitive operations
Controlled beta access for new features

10. Children's Data

Threadline is not intended for children and does not knowingly collect personal data from individuals under 13. No age-gating is currently implemented.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be reflected by a revised "Last Updated" date.

12. Contact Us

Threadline CX LLC
[email protected]