Privacy Notice

Last updated: December 30, 2025

1. Introduction

THRDDR ("we," "our," or "the Service") is committed to protecting your privacy. This Privacy Notice explains how we collect, use, and safeguard your information when you use our multi-source discussion analysis service.

2. Information We Collect

Account Information

  • Email address: Used for authentication and account-related communications
  • Authentication data: Managed securely through our authentication provider (Supabase Auth)

Usage Data

  • Analysis requests and history
  • Credit usage and transaction records
  • Feature usage patterns (for service improvement)
  • Saved insights and watchlist configurations

API Keys (BYOK)

  • If you provide your own API keys, they are encrypted using AES-256-GCM encryption before storage
  • API keys are never logged, exposed in plain text, or transmitted insecurely
  • Keys are only decrypted at the moment of use for API calls

3. How We Use Your Information

  • To provide and improve the Service
  • To process your analysis requests
  • To manage your account and credits
  • To send important service notifications
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

4. Platform Data

The Service only accesses publicly available content from platforms including Reddit, X (Twitter), Hacker News, Product Hunt, and others. We do not:

  • Access private messages or non-public content on any platform
  • Access your personal accounts (unless you authenticate for API access)
  • Store platform usernames in association with your THRDDR account

5. Cached Analyses and Idea Database

To improve service quality and provide value to our community:

  • Analysis results may be cached to improve performance and reduce redundant processing
  • Generated product ideas and insights may be anonymized and displayed publicly in our idea database
  • Anonymized content has no association with your personal account or identity
  • Cached content helps all users discover validated opportunities

6. Data Sharing

We do NOT sell your personal data.

We may share data only in the following limited circumstances:

  • Service Providers: With trusted third parties who assist in operating the Service (e.g., Supabase for database hosting, Stripe for payment processing)
  • Legal Requirements: When required by law, court order, or to protect our rights and safety
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to affected users)

7. International Data Transfers

Your data is processed and stored on servers located in the United States (via Supabase). If you are located outside the United States, your information will be transferred to, stored, and processed in the United States.

We implement appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission, for transfers of personal data outside the European Economic Area (EEA), United Kingdom, or Switzerland.

8. Data Security

We implement robust security measures to protect your data:

  • AES-256-GCM encryption for sensitive data (including API keys)
  • Secure HTTPS/TLS connections for all data transmission
  • Row-level security (RLS) policies in our database
  • Regular security audits and monitoring
  • Access controls and multi-factor authentication support

9. Data Breach Notification

In the unlikely event of a data breach that may affect your personal data, we will:

  • Notify affected users without undue delay (within 72 hours where feasible)
  • Report to relevant supervisory authorities as required by applicable law (including GDPR)
  • Provide information about the nature of the breach and steps being taken to address it
  • Offer guidance on protective measures you can take

10. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your account and associated data ("right to be forgotten")
  • Export: Request an export of your data in a portable, machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Opt-out: Opt out of non-essential communications at any time

To exercise these rights, please contact us at privacy@thrddr.com. We will respond to your request within 30 days.

11. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service:

  • Account data: Retained until you request deletion
  • Analysis history: Retained while your account is active
  • Usage logs and analytics: Retained for up to 12 months for security, debugging, and service improvement
  • Payment records: Retained as required by law (typically 7 years for tax purposes)

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes.

12. Cookies and Tracking

We use only essential cookies required for:

  • Authentication and session management
  • Security features (CSRF protection, etc.)
  • Core functionality and user preferences

Analytics: We use Google Analytics for anonymous usage statistics when you accept cookies via our cookie banner. You can decline analytics cookies at any time, and we will not track your usage. Google Analytics data is anonymized (IP anonymization enabled) and used solely to improve the Service.

We do not use advertising or third-party tracking cookies. We do not participate in cross-site tracking or behavioral advertising programs.

13. Children's Privacy

The Service is not intended for users under 13 years of age (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under the applicable age, we will take steps to delete that information promptly.

14. Changes to This Notice

We may update this Privacy Notice from time to time. We will notify you of material changes by posting the updated notice on this page with a new "Last Updated" date. For significant changes, we may also send you an email notification. Your continued use of the Service after changes constitutes acceptance of the updated Privacy Notice.

15. Contact Us

If you have questions about this Privacy Notice, our data practices, or wish to exercise your privacy rights, please contact us at:

Email: privacy@thrddr.com

Response Time: We aim to respond to all privacy inquiries within 30 days.

THRDDR is a service operated by Sjenkie B.V., registered in the Netherlands under Chamber of Commerce (KvK) number 60310030.

For legal inquiries: legal@thrddr.com