1. Who We Are
Threadly is operated by Red Wagon Agency LLC. Our social media scheduling platform is available at threadlyhq.com. If you have any questions about this policy, contact us at privacy@threadlyhq.com.
2. Information We Collect
We collect information you provide directly and information generated through your use of the service:
- Account information: name, email address, password (hashed), and billing details when you subscribe.
- Connected social accounts: OAuth access tokens, profile information (username, avatar, follower count), and posts you create through Threadly.
- Content you create: post drafts, scheduled content, media uploads, captions, and campaign data.
- Usage data: pages visited, features used, scheduling patterns, and AI assistance interactions.
- Device & technical data: IP address, browser type, operating system, and referral source for security and analytics.
- Payment information: processed by Stripe; we do not store card numbers.
3. How We Use Your Information
- Provide, operate, and improve the Threadly platform
- Authenticate your identity and connect your social accounts via OAuth
- Schedule and publish posts on your behalf to connected platforms
- Generate AI-powered content suggestions and analytics insights
- Process payments and manage subscriptions
- Send transactional emails (post confirmations, billing notices, security alerts)
- Send product updates and newsletters if you have opted in
- Investigate abuse, enforce our Terms of Service, and meet legal obligations
4. Third-Party Services
We share data with trusted third parties only as necessary to operate the service:
- Social platforms (X/Twitter, LinkedIn, Facebook, Instagram, TikTok, YouTube, Threads, Google): to authenticate you and publish content on your behalf under their respective platform policies.
- Stripe: payment processing. Subject to Stripe's Privacy Policy.
- Neon / PostgreSQL: encrypted database hosting for your account and content data.
- Anthropic (Claude AI): AI content generation features. Prompts may be processed by Anthropic's API under their usage policies.
- Vercel / hosting infrastructure: application hosting and deployment.
We do not sell your personal data to advertisers or data brokers.
5. Social Account Data
When you connect a social account, we store OAuth tokens to publish on your behalf. We request only the scopes necessary for the features you use. You can disconnect any social account at any time from Settings → Connected Accounts, which immediately revokes our access and deletes your stored tokens.
6. Data Retention
We retain your data as long as your account is active. If you delete your account:
- Your personal data and content are deleted within 30 days.
- Billing records are retained for 7 years as required by law.
- Anonymized aggregate analytics may be retained indefinitely.
7. Your Rights
Depending on your location, you may have the following rights:
- Access: request a copy of the data we hold about you.
- Correction: update inaccurate or incomplete information.
- Deletion: request that we delete your account and associated data.
- Portability: export your content and account data.
- Opt-out: unsubscribe from marketing emails at any time. Transactional emails cannot be disabled.
- GDPR (EU/UK): right to restrict processing, object to processing, and lodge a complaint with a supervisory authority.
- CCPA (California): right to know, delete, and opt out of sale (we do not sell data).
To exercise any of these rights, email privacy@threadlyhq.com. We respond within 30 days.
8. Cookies
We use cookies for authentication (session tokens), security (CSRF protection), and optional analytics. See our Cookie Policy for full details and how to manage preferences.
9. Security
We protect your data with TLS encryption in transit, AES-256 encryption at rest for sensitive fields, hashed passwords (bcrypt), and access controls limiting employee access to production data. We perform regular security reviews and promptly address vulnerabilities. In the event of a data breach, we will notify affected users within 72 hours as required by law.
10. Children
Threadly is not directed at children under 13 (or 16 in the EU). We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us immediately at privacy@threadlyhq.com.
11. Changes to This Policy
We may update this policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. Continued use of Threadly after the effective date constitutes acceptance of the updated policy.