Privacy Policy

Last updated: 19 February 2026

This Privacy Policy explains how ThreadCub (“we”, “us”, “our”) collects, uses, and protects your information when you use the ThreadCub Chrome extension and web application. We are based in London, United Kingdom and are committed to handling your data in accordance with the UK GDPR and the Data Protection Act 2018.

1. What Data We Collect

ThreadCub is designed to save, organise, and help you continue your AI conversations. Depending on how you use the product, we collect the following:

Account users (signed in)

  • Email address — used for authentication via Supabase Auth
  • Conversation content — messages you save via the extension, stored encrypted in our database
  • Conversation metadata — title, platform (e.g. ChatGPT, Claude), message count, timestamps
  • Tags and notes — organisational data you add to conversations
  • A per-user encryption key — used to encrypt your conversation data before it leaves your browser

Guest users (not signed in)

  • Conversation content — saved against an anonymous session ID, not linked to your identity
  • Session ID — a randomly generated identifier stored locally in your browser

2. How We Use Your Data

We use your data only to provide ThreadCub's core functionality:

  • Saving and retrieving your AI conversations
  • Enabling you to continue conversations across sessions
  • Organising conversations with tags, notes, and projects
  • Providing AI-powered analysis and insights on your saved conversations
  • Allowing you to export or delete your data at any time

Our lawful basis for processing under UK GDPR is contract performance — processing is necessary to provide the service you have signed up for — and legitimate interestsfor anonymous usage analytics.

3. Encryption and Data Security

We take the security of your conversation data seriously:

  • Encryption at rest: Conversation content is encrypted with AES before being sent to our servers. Only your personal encryption key can decrypt it.
  • Per-user keys: Each account has a unique encryption key stored securely and never shared.
  • Transport security: All data is transmitted over HTTPS.
  • Row-level security: Our database enforces access controls so users can only access their own data.
  • Guest data: Conversations saved without an account are not encrypted and are linked only to a temporary session ID.

No online service can guarantee 100% security. We recommend creating an account for full encryption protection and regularly exporting backups of important conversations.

4. Analytics and Usage Data

The ThreadCub Chrome extension collects anonymous usage statistics to help us improve the product. This data is collected via Google Analytics 4.

What we collect:

  • Feature usage (saves, exports, tags, conversation continuations)
  • Which AI platforms ThreadCub is used with
  • Extension version and update events
  • Anonymous session data

What we do not collect:

  • Conversation content or messages
  • Personal or identifiable information
  • Browsing history outside of ThreadCub usage
  • Any data used for advertising purposes

5. Your Rights Under UK GDPR

If you have a ThreadCub account, you have the following rights regarding your personal data:

  • Right of access — you can request a copy of the data we hold about you
  • Right to erasure — you can delete individual conversations directly from your dashboard, or request full account deletion by contacting us
  • Right to portability — you can export your conversations at any time (JSON format available in the dashboard)
  • Right to rectification — you can update or correct your data
  • Right to object — you can object to processing based on legitimate interests

To exercise any of these rights, please contact us at privacy@threadcub.com. We will respond within 30 days in accordance with UK GDPR requirements.

6. Data Retention

  • Account conversations — retained until you delete them or close your account
  • Guest conversations — may be removed periodically as part of database maintenance
  • Analytics data — retained for 14 months per Google Analytics 4 default policy
  • Account data — retained until account deletion is requested

7. Data Sharing

We do not sell, trade, or share your data with advertisers or third parties for commercial purposes. Data is shared only with the following trusted service providers, strictly to operate ThreadCub:

  • Supabase — database and authentication (EU data centres)
  • Vercel — web application hosting
  • Google Analytics 4 — anonymous usage analytics
  • Anthropic — AI analysis features (conversation content may be sent to the Claude API for analysis only when you explicitly request it)

8. Third-Party AI Platforms

ThreadCub works alongside third-party AI platforms (such as ChatGPT, Claude, Gemini, and others). We do not control the data practices of these platforms. We recommend reviewing their privacy policies separately. ThreadCub only accesses conversation content that you explicitly choose to save.

9. Cookies

The ThreadCub web application uses cookies solely for authentication purposes (to keep you signed in). We do not use advertising or tracking cookies. The Chrome extension does not use cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page reflects when it was last revised. For significant changes we will notify users via the website or extension update notes.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: privacy@threadcub.com

Location: London, United Kingdom

You also have the right to lodge a complaint with the UK's data protection authority, the Information Commissioner's Office (ICO), at ico.org.uk.

← Back to ThreadCub