ThreadPilotThreadPilotBeta

Privacy Policy

Last updated: March 20, 2026

1. Introduction

ThreadPilot ("we", "us", "our") respects your privacy. This Privacy Policy explains what information we collect when you use the ThreadPilot browser extension and the threadpilot.io website (collectively, the "Service"), how we use it, and the choices you have. By using the Service you consent to the practices described here.

2. Information We Collect

Account information — name, email address, and profile picture provided by Google when you sign in with Google OAuth. We do not receive your Google password and we do not access your Gmail, Google Drive, or contacts. Subscription information — your Free or Pro status, billing identifiers from Stripe or Razorpay (we never store full card numbers). Writing-style data — short writing samples derived from posts and replies on your X profile, used to generate your auto persona. We store the resulting style summary; raw samples are pruned after processing. Usage data — generation counts, persona configurations, tone preferences, and a short rolling history of generated replies. Technical data — IP address, browser type, extension version, and timestamps for security and troubleshooting.

3. What We Do Not Collect

We do not collect the full text of every tweet you read on X. We do not call the X API. We do not access your X password, your X direct messages, or any X data outside what is visible on pages you open in your browser. We do not sell your data to advertisers or data brokers.

4. How We Use Your Information

We use your information to: provide the Service and authenticate you; build and refine your auto persona so replies sound like you; enforce Free and Pro plan limits; generate aggregate usage analytics; communicate transactional messages such as receipts, security alerts and product updates; comply with legal obligations; and detect and prevent abuse.

5. Third-Party Processors

We share the minimum data required with the following processors: OpenAI and Anthropic to generate AI replies (no account identifiers are sent — only the tweet context, persona summary and tone); Google for OAuth sign-in; Stripe and Razorpay for billing; cloud hosting and email providers for infrastructure. Each processor is contractually required to protect your data and use it only to provide their service to us.

6. Data Retention

Account information and style summaries are retained for as long as your account is active. Raw writing samples are pruned after each style assessment, typically within seven days. Generation history is retained for 90 days. Server logs are retained for 30 days for security and debugging. When you delete your account, we erase your personal data within 30 days, except where we are required to retain records by law (e.g., tax invoices for billing).

7. Your Rights

You have the right to access, correct, export, restrict, and delete your personal data. EU and UK residents have additional rights under the GDPR; California residents have rights under the CCPA. You can exercise most rights directly from the extension settings; for the rest, email [email protected] and we will respond within 30 days.

8. Cookies and Local Storage

We use a small number of strictly necessary cookies to keep you signed in to your account. The browser extension stores your authentication token and your tone preferences in browser local storage. We do not use third-party advertising cookies.

9. Children

ThreadPilot is not directed to children under 18. We do not knowingly collect personal data from children. If you believe a child has used the Service, contact us and we will delete the account.

10. International Transfers

Your data may be processed in India, the United States, and the European Union depending on which processor handles a given task. Where required, we rely on Standard Contractual Clauses or equivalent legal mechanisms to protect international transfers.

11. Security

We use industry-standard security measures including encryption in transit (TLS), encryption at rest, role-based access controls, and regular audits. No system is perfectly secure; you should choose a strong unique password for your Google account and enable two-factor authentication on Google.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced on threadpilot.io and via email when reasonably possible.

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at [email protected].