Welcome to Thrad. Your privacy is important to us. This Privacy Policy explains how we collect, use, and protect data when you use our website and services.

1. Information We Collect

Advertiser Data

When advertisers create and manage accounts on the Thrad platform, we collect limited personal information necessary to operate the service. This includes contact details, company information, and campaign-related data. This information is used solely for account management, billing, and platform operation.

End-User Data

Thrad processes limited, pseudoanonymised data from partner chatbot platforms for the purpose of ad selection and performance measurement. This includes:

Aggregated performance metrics (impressions, clicks, conversions)

Conversation excerpts, pseudoanonymised to remove direct identifiers, used to evaluate ad relevance

No sensitive data categories are collected, including health data, biometric data, financial account information, or political and religious affiliation.

2. Legal Basis for Data Processing

We process advertiser data on the basis of contract performance and legitimate interest. We process end-user data under legitimate interest (Article 6(1)(f) GDPR), strictly limited to improving ad relevance and effectiveness.

As a B2B service provider, our publisher partners act as data controllers and are responsible for informing their own users. Thrad acts as a data processor on their behalf.

For U.S. users, Thrad acts as a Service Provider as defined under the CCPA/CPRA.

3. Cookies & Tracking

We do not use cookies, device fingerprinting, or tracking pixels. Tracking is limited to voluntary UTM parameters passed by publishers.

4. How We Use Collected Data

Advertiser data is used exclusively for authentication, account management, billing, and reporting.

End-user data is used to:

Evaluate the effectiveness and quality of ads displayed

Provide aggregated performance metrics and reporting to publishers

Conversation snippets are not used for profiling or ad targeting by default. Profiling may occur only where explicitly agreed with the publisher in advance and in writing, limited to pseudoanonymised behavioural segments with no legal or similarly significant effects on individuals.

5. Data Security & Retention

We implement industry-standard security controls across our infrastructure, including encryption of data in transit and at rest, access controls based on least-privilege principles, and continuous monitoring.

Data is hosted with reputable, security-certified cloud providers located in the United States.

Retention: Advertiser and campaign data is retained for up to 12 months following account inactivity or contract termination. Anonymised conversation data is retained for a limited period as needed for reporting and platform operation, then deleted. Retention periods may be extended where required by law.

Deletion requests can be submitted to contact@thrad.ai.

6. Subprocessors

We work with a limited set of third-party subprocessors to operate the platform, including cloud hosting, payments, and infrastructure services. All subprocessors are reviewed for security and compliance standards. A current subprocessor list is available on request.

Thrad's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

7. International Data Transfers

Our infrastructure is based in the United States. Data transfers involving EU users are governed by Standard Contractual Clauses (SCCs) in compliance with GDPR. We rely on our subprocessors' GDPR-compliant frameworks to ensure appropriate safeguards.

8. Your Rights

Users and advertisers may have the following rights depending on their jurisdiction:

Right to Access: Request information about data held

Right to Object: Request that data not be processed for specific purposes

Right to Erasure: Request deletion of your data

To exercise any of these rights, contact us at contact@thrad.ai. We will respond within the timeframes required by applicable law.

9. Data Breach Notification

In the event of a data breach, we will follow our incident response procedures to contain and remediate the issue. Where required by GDPR or applicable U.S. regulations, we will notify relevant authorities and affected parties within legally mandated timeframes.

10. Changes to This Policy

We may update this Privacy Policy periodically. Any changes will be posted on this page with an updated effective date. Continued use of our services constitutes acceptance of the revised policy.

11. Contact

For any privacy-related questions or concerns, contact us at: contact@thrad.ai