Privacy Policy
Last updated: 4/6/2026
1. Overview
Thread-ly ("we," "our," or "the Service") is committed to protecting your privacy. This policy describes what data we collect, how we use it, and your rights regarding that data.
2. Data We Collect
Account and Authentication
When you sign in with GitHub, we receive your GitHub user ID, login, name, email (if public), avatar URL, and an access token. We use this to authenticate you and display your profile in the Service.
Repository Data
When you connect a repository, we access public repository metadata (owner, name, pull requests, file contents from merged PRs). We process this data to generate product narratives (Sprint Translation Reports) and continuity narratives. We do not access private repositories unless you explicitly connect them and grant permission.
Context Documents
If you upload context documents (PRDs, sprint goals, etc.), we store and process them to improve report quality. You can delete these at any time.
Usage and Logs
We may collect usage data such as API requests, error logs, and performance metrics to operate and improve the Service. This may include IP addresses and timestamps.
3. How We Use Your Data
- To provide and operate the Service
- To generate reports and narratives from your repositories
- To authenticate you and manage your account
- To improve the Service and fix issues
- To communicate with you about the Service (e.g., important updates)
4. Data Sharing
We do not sell your data. We may share data with:
- Service providers — Hosting, analytics, and infrastructure providers that help us operate the Service
- AI/model providers — To generate reports, we send code excerpts and context to third-party APIs. See Section 5 for how we handle your code.
- Legal requirements — When required by law or to protect our rights
5. How We Handle Your Code
Your code is used only to generate the reports and insights you request. We do not use customer code to train our own models, and we use third-party LLM APIs under terms that state API customer data is not used to train their foundation models without explicit opt-in or instruction.
Operational controls
- API use only — We use provider APIs (OpenAI, Google Gemini), not consumer chat products
- Access control — Access to customer repositories and analysis outputs is restricted to what is needed to provide the service
- Limited purpose — We use a small number of subprocessors, including model providers, solely to provide the service. We do not sell customer code, publish it, or reuse it outside the customer's requested analysis workflow
- Retention — We retain data only as needed to provide the service, per our retention policy
Higher-assurance option
For customers with stricter security or compliance requirements, we can support Azure OpenAI or similar enterprise deployment paths, which provide Microsoft enterprise controls and state that prompts and completions are not used to train foundation models.
6. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. You may request deletion of your data by contacting us. Some data may be retained for backup, legal, or compliance purposes.
7. Security
We use industry-standard measures to protect your data, including encryption in transit and at rest, secure storage of credentials, and access controls. API keys are hashed and never stored in plain text.
8. Your Rights
Depending on your location, you may have the right to:
- Access the data we hold about you
- Correct inaccurate data
- Request deletion of your data
- Object to or restrict certain processing
- Data portability
To exercise these rights, contact us through the channels provided on this site.
9. Cookies and Similar Technologies
We may use cookies and similar technologies for session management, authentication, and basic analytics. You can control cookies through your browser settings.
10. Children
The Service is not intended for users under 18. We do not knowingly collect data from children.
11. Changes
We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact
For privacy-related questions or requests, please contact us through the channels provided on this site.