Privacy Policy

1. What Data We Collect

When you use Thread & Tally, we collect the following types of information:

• Account information: Name, email address, and password
• Business data: Business name, product listings, inventory records, pricing, sales records, expense entries, and event details
• Product photos: Images you upload of your products
• Receipt images: Photos of receipts you upload for OCR processing
• Order screenshots: Images of online orders you upload for processing
• Payment information: Credit card details are collected and processed by Stripe; we do not store your card number
• Usage data: Pages visited, features used, and general interaction patterns to help us improve the product

2. How We Use Your Data

We use the data we collect to:

• Provide and operate the Service, including inventory tracking, event management, and reporting
• Generate AI-powered business insights and product recommendations
• Process receipt images and extract expense data via OCR
• Process payments and manage your subscription
• Send you service-related communications (account confirmations, billing notices)
• Improve the Service and develop new features

3. AI Processing

Thread & Tally uses artificial intelligence to power features such as receipt OCR, order screenshot reading, and business insights. When you use these features, relevant data (including uploaded images) is sent to Anthropic's API for processing. Anthropic processes this data in accordance with their privacy policy and does not use your data to train their models. We only send the minimum data necessary to provide the feature you are using.

4. Data Storage

Your data is stored in a PostgreSQL database hosted by Supabase. The application is hosted on Vercel. Product photos and receipt images are stored in Supabase Storage. All data is stored in secure, industry-standard cloud infrastructure.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data and business data within 30 days, except where we are required by law to retain certain information. Anonymized, aggregated data that cannot identify you may be retained for analytics purposes.

6. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We share data only with the following service providers, solely to operate the Service:

• Stripe: Payment processing
• Supabase: Database and file storage
• Vercel: Application hosting
• Anthropic: AI processing (OCR and insights)

7. Cookies

Thread & Tally uses only essential cookies required to keep you signed in (Supabase authentication cookies). We do not use advertising cookies, tracking cookies, or any third-party analytics cookies.

8. Children's Privacy

Thread & Tally is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

9. Data Security

We take reasonable measures to protect your data, including:

• Encryption in transit (HTTPS/TLS) for all data transmitted between your device and our servers
• Row-level security (RLS) in our database to ensure each user can only access their own data
• Secure authentication powered by Supabase Auth
• Regular security updates to our application dependencies

No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security. If you become aware of a security vulnerability, please contact us immediately.

10. Your Rights

You have the right to:

• Access: Request a copy of the data we hold about you
• Export: Download your data (available through the tax package and reports features)
• Delete: Request deletion of your account and all associated data
• Correct: Update or correct your personal information through your account settings

To exercise any of these rights, contact us at communications@threadtally.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice within the Service. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Contact

If you have any questions about this Privacy Policy, please contact us at communications@threadtally.com.