Privacy Policy - ThreadSync

Effective Date: January 1, 2025 | Last Updated: December 7, 2025

ThreadSync, a division of Cichocki Enterprises LLC ("ThreadSync," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our platform services, or interact with us.

Scope: This Privacy Policy applies to all ThreadSync products and services, including:

The ThreadSync website (www.threadsync.io)
ThreadSync Core integration platform
Wallace observability and monitoring services
API access and developer tools
SMS notification services (additional terms in Section 8)

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly, including:

Account Information: Name, email address, company name, job title, phone number
Billing Information: Payment details, billing address (processed by secure payment providers)
Support Communications: Messages, tickets, and call recordings when you contact support
Integration Configurations: API keys, webhook URLs, and system connection settings
Form Submissions: Information submitted through contact forms, demo requests, or ROI calculator

1.2 Information Collected Automatically

When you use our services, we automatically collect:

Usage Data: Features accessed, actions taken, timestamps, API calls made
Device Information: Browser type, operating system, IP address, device identifiers
Log Data: Server logs, error reports, performance metrics
Cookies and Tracking: See Section 7 for cookie details

1.3 Customer Data (Platform Usage)

When you use ThreadSync to integrate your business systems, you may transmit data through our platform ("Customer Data"). We process Customer Data strictly according to your instructions and our service agreement. We do not access, use, or share Customer Data except as necessary to provide the services or as required by law.

2. How We Use Your Information

Purpose	Legal Basis (GDPR)
Provide and maintain our services	Contract performance
Process transactions and billing	Contract performance
Send service-related communications	Contract performance / Legitimate interest
Provide customer support	Contract performance
Improve and develop new features	Legitimate interest
Send marketing communications (with consent)	Consent
Detect and prevent fraud or abuse	Legitimate interest / Legal obligation
Comply with legal obligations	Legal obligation

3. Information Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

3.1 Service Providers

We share information with vendors who assist in providing our services:

Cloud infrastructure providers (data hosting and processing)
Payment processors (billing and transactions)
Communication providers (email, SMS delivery via Telnyx)
Analytics providers (usage analysis)

All service providers are bound by data protection agreements.

3.2 Third-Party Services

Our Advisory Suite (Board Mode and Monte Carlo) is delivered in partnership with Cichocki Enterprises via the Strategic AI Advisory platform. When using these features, separate terms and privacy policies apply. See our Security page for details.

3.3 Legal Requirements

We may disclose information if required by law, subpoena, court order, or government request.

4. Data Security

We implement comprehensive security measures aligned with SOC 2 controls:

Encryption: AES-256 encryption at rest, TLS 1.3 in transit
Access Controls: Role-based access, multi-factor authentication, SSO support
Monitoring: 24/7 security monitoring and automated threat detection
Auditing: Comprehensive audit logs and regular security assessments

For detailed security information, visit our Security & Compliance page.

5. Data Retention

Account Data: Retained while your account is active, plus 30 days after deletion
Customer Data: Retained according to your service agreement; deleted upon termination
Billing Records: Retained for 7 years as required by law
Log Data: Retained for 90 days for security and troubleshooting

6. Your Rights and Choices

6.1 All Users

Access: Request a copy of your personal information
Correction: Update or correct inaccurate information
Deletion: Request deletion of your personal information
Opt-out: Unsubscribe from marketing communications

6.2 GDPR Rights (EEA/UK Residents)

Additional rights include: object to processing, restrict processing, withdraw consent, lodge complaints with supervisory authority.

6.3 CCPA Rights (California Residents)

Right to know, right to delete, right to opt-out of sale (we do not sell data), right to non-discrimination.

To exercise rights, contact privacy@threadsync.io.

7. Cookies and Tracking

Type	Purpose	Duration
Essential	Site functionality, authentication	Session / 1 year
Analytics	Understand site usage	2 years
Preferences	Remember settings	1 year

Control cookies through your browser settings.

8. SMS Communications

If you opt-in to receive SMS notifications:

Messages about support tickets, service alerts, and updates
Message frequency varies; message and data rates may apply
Opt-out: Reply STOP to any message
Help: Reply HELP for assistance
Consent is not a condition of purchase

9. International Data Transfers

ThreadSync is based in the United States. For transfers from EEA/UK, we use Standard Contractual Clauses (SCCs).

10. Children's Privacy

Our services are for business use, not intended for children under 18.

11. Changes to This Policy

We will notify you of material changes via email, website notice, or in-product notification.

12. Contact Us

ThreadSync Privacy Team

Email: privacy@threadsync.io

Website: www.threadsync.io

SMS Opt-out: Reply STOP to any message