If you are an individual, the term “Customer” means you individually.
If you are using Threadit as an employee or representative of an entity, the term “Customer” means your employer or that entity, as well as their End Users.
1.2 For all Customers other than individuals, your use of Threadit is subject to all of the privacy policies set forth in this document (excluding Section 1.1).
2. Policies for Business and Enterprise Customers
2.1 Information We Collect
Threadit processes Customer Data in order to provide its Services. Customer Data is the personal information Threadit collects or generates during the provision and administration of its Services.
Customer Data includes:
Payments and transactions. We keep reasonable business records of charges, payments, and billing details and issues.
Settings and configurations. We record your configuration and settings, including resource identifiers and attributes. This includes service and security settings for data and other resources.
Technical and operational details of your usage of Threadit Services. We collect information about usage, operational status, software errors and crash reports, authentication credentials, quality and performance metrics, and other technical details necessary for us to operate and maintain Threadit Services and related software. This information may include device identifiers, identifiers from cookies or tokens, and IP addresses.
Your direct communications. We keep records of your communications and interactions with us and our partners, for example, when you provide feedback or contact information, ask questions or seek technical support.
Customer Data does not include:
Video or audio of children under the age of consent. Users of the Threadit app may not allow children under the age of consent in their jurisdiction to be included in user data (video and audio). Age of consent info can be found here: https://support.google.com/accounts/answer/1350409
2.2 Why We Process Data
Threadit processes Customer Data for the following purposes:
Provide Services you request. Customer Data is primarily used to deliver the Services that you and our customers request. This includes a number of processing activities that are necessary to provide the Services, including processing to bill for services usage, to ensure services are working as intended, to detect and avoid outages or other problems you might experience, and to secure your data and the services you use.
Make recommendations to optimize use of Threadit Services. We may process Customer Data to provide you and our customers with recommendations and tips. These suggestions may include ways to better secure your account or data, options to reduce service charges or improve performance, and information about new or related products and features. We may also evaluate your response to our recommendations.
Maintain and improve Threadit Services. We evaluate Customer Data to help us improve the performance and functionality of Threadit Services. As we optimize Threadit Services for you, this may improve them for our customers and vice versa.
Provide and improve other services you request. We may use Customer Data to deliver and improve other services that you and our customers request, including Threadit or third-party services that are enabled via the Threadit Services.
Assist you. We use Customer Data when needed to provide technical support and professional services as requested by you and our customers, and to assess whether we have met your needs. We also use Customer Data to improve our online support, and to communicate with you and our customers. This includes notifications about updates to Threadit Services, and responding to support requests.
Protect you, our users, the public, and Threadit. We use Customer Data to improve the safety and reliability of our services. This includes detecting, preventing, and responding to fraud, abuse, security risks, and technical issues that could harm our users, our customers, the public, or Threadit. These activities are an important part of our commitment to secure our services.
Comply with legal obligations. We may need to process Customer Data to comply with our legal obligations, for example, where we’re responding to legal process or an enforceable governmental request, or to meet our financial record-keeping obligations.
Other purposes with your consent. We may ask for your consent to process information for other purposes not covered in this Privacy Notice. You have the right to withdraw your consent at any time.To achieve these purposes, we may use algorithms to recognize patterns in Customer Data. Manual collection and review of Customer Data may also occur, such as when you interact directly with our billing or support teams. We may aggregate and anonymize Customer Data to eliminate personal details, including for internal reporting and analysis of product and business operations described above.
2.3 Storage of Data
We operate in connection with data centers around the world, and provide Threadit Services from these locations. Customer Data may be processed on servers located outside of the country where our users and customers are located because Customer Data is typically processed by centralized or regionalized operations like billing, support, and security.
Regardless of where Customer Data is processed, we apply the same protections described in this Privacy Notice. When transferring Customer Data outside of the European Economic Area, we comply with certain legal frameworks. Threadit provides data protection in general compliance with the terms set forth with respect to Google Cloud and the GDPR.
Specific terms of storage:
Threadit will store user email addresses in protected Threadit infrastructure.
Threadit will store user data (video and audio, including information extracted from either), collected from user devices, in Threadit Cloud Storage.
All user data is stored under an Access Control List that limits access only to that user, those with whom the data has been shared, and the Threadit core team. No user can view another user's data without consent of the user who created the data.
Threadit will store raw metrics data for three (3) months. This raw data will include user ID, email domain, and some demographic data (country, work or personal use, job function). The raw data will be aggregated and pseudo-anonymized using a thresholding algorithm (e.g. if less than 20 users fall into a slice, it is dropped into a "default" slice). This aggregated pseudo-anonymous data will be stored for one (1) year.
The Threadit core team (including a small number of Threadit employees and contractors working with Threadit) will have access to all stored user data and may review any data created by users. Such review will be used for (a) maintenance and debugging, (b) understanding how the product is being used, and (c) as part of the product development process.
2.4 Securing of Data
We build Threadit Services with strong security features to protect information. The insights we gain from providing our services help us detect and automatically block security threats from ever reaching you.
We work hard to protect you and Threadit from unauthorized access, alteration, disclosure, or destruction of information we hold, including:
We encrypt Customer Data at rest and while in transit between our facilities.
We regularly review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems.
We restrict access to personal information to Threadit employees, contractors, and agents who need that information in order to process it for us. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
2.5 Sharing of Data
We do not share Customer Data with companies, organizations, or individuals outside of Threadit except in the following cases:
With your consent
We’ll share Customer Data outside of Threadit when we have your consent. For example, when you or our customer chooses to use a third-party application that requests access to your information, we’ll seek permission to share information with that third party.
For external processing
We provide information to our affiliates, partners and other trusted businesses or persons to process it for us, based on our instructions and in compliance with this Privacy Notice and other appropriate confidentiality and security measures.
For legal reasons
We may share Customer Data outside of Threadit if we have a good-faith belief that access to, or use, preservation, or disclosure of the information is reasonably necessary to:
Comply with applicable law, regulation, legal process, or enforceable governmental request.
Enforce applicable agreements, including investigation of potential violations.
Detect, prevent, or otherwise address fraud, security, or technical issues.
Protect against harm to the rights, property or safety of Threadit, our customers, users, and the public as required or permitted by law.
2.6 Access to Data
Your organization may allow you to access and export your data in order to back it up or transfer it to a service outside of Threadit.
You can access several categories of Customer Data directly from Threadit, including your billing contact information, payment and transaction information, as well as product and communication settings and configurations.
If you’re otherwise unable to access your data, you can always request it at firstname.lastname@example.org.
2.7 Deletion and Retention of Data
We retain Customer Data for different periods of time depending on what it is, how we use it, and how you configure your settings.
Customer Data is deleted or anonymized once it is no longer needed. For each type of data and operation, we set retention timeframes based on the purpose for its collection, and ensure it is kept for no longer than necessary.
Sometimes we need to retain certain information for an extended period of time for legitimate business or legal purposes. For example, when Threadit processes a payment for you, or when you make a payment to Threadit, we’ll retain data about those transactions as required for tax or accounting purposes. Other legitimate business or legal purposes that may require us to retain data include security, fraud and abuse prevention, ensuring continuity of our services, and complying with legal or regulatory requirements.
When we delete data, we follow detailed steps to make sure that the data is securely and completely removed from our active systems or retained only in anonymized form. We take measures to ensure that our services protect information from accidental or malicious deletion through the use of backup systems.
2.8 Using Threadit Accounts and Products
If you interact with Threadit Services using a Threadit Account managed by an organization, then your personal information may be subject to your organization’s privacy policies and processes, and you should direct privacy inquiries to your organization.
Legal Frameworks for Data Transfers
The European Commission has determined that certain countries outside of the European Economic Area (EEA) adequately protect personal data. You can review current European Commission adequacy decisions here. To transfer data from the EEA to other countries, such as the United States, we comply with legal frameworks that establish an equivalent level of protection with EU law.
The European Commission has approved the use of model contract clauses as a means of ensuring adequate protection when transferring data outside of the EEA. By incorporating model contract clauses into a contract established between the parties transferring data, personal data is considered protected when transferred outside the EEA or the UK to countries which are not covered by an adequacy decision.
Where appropriate, we rely on these model contract clauses for data transfers.
The California Consumer Privacy Act (CCPA) requires specific disclosures for California residents.
This Privacy Notice is designed to help you understand how Threadit handles your information:
We explain the categories of information Threadit collects and the sources of that information in Information We Collect.
We explain how Threadit uses information in Why We Process Data.
We explain when Threadit may share information in Sharing of Data. Threadit does not sell your personal information.
The CCPA also provides the right to request information about how Threadit collects, uses, and discloses your personal information. And it gives you the right to access your information and request that Threadit delete that information. Finally, the CCPA provides the right to not be discriminated against for exercising your privacy rights.
We provide the information and tools described in this Notice so you can exercise these rights. When you use them, we’ll validate your request by verifying your identity (for example, by confirming that you’re signed in to your Threadit Account). If you have questions or requests related to your rights under the CCPA, you (or your authorized agent) can also contact Threadit.
The CCPA requires a description of data practices using specific categories. This table uses these categories to organize the information in this Privacy Notice.
Policies for Business and Enterprise Customers
Updates to this Notice
We may update this Privacy Notice from time to time. We will not make any significant changes without notifying you in advance by posting a prominent notice on this page describing the changes or by sending you a direct communication. We encourage you to regularly review this Privacy Notice, and we will always indicate the date the last changes were published.