Thread Patrol Logo Thread Patrol

Privacy Policy

Effective Date: 26.07.2025

Contents

Introduction

Welcome to Thread Patrol! This Privacy Policy explains how we collect, use, share, and protect information in relation to our Slack bot, Thread Patrol.

Thread Patrol helps keep your Slack channels organized by monitoring messages and suggesting when a new message might belong in an existing thread. It uses contextual understanding and AI-powered similarity analysis to make these suggestions.

By installing or using Thread Patrol, you agree to the collection, use, disclosure, and procedures this Privacy Policy describes, as well as our Terms of Service. Please read this policy carefully. If you do not agree with this policy, please do not use the Service.

Information We Collect

To provide and improve Thread Patrol, we collect the following types of information:

Information You Provide Directly Through Slack Installation (OAuth Process):

When you install Thread Patrol into your Slack workspace, Slack provides us with the following information:

  • Workspace Information: Slack Team ID (e.g., T12345ABC) and, if applicable, Enterprise ID.
  • Bot Authentication Information: A Bot User OAuth Access Token (xoxb-...) that allows Thread Patrol to act on behalf of the bot user in your workspace, the Bot User ID (e.g., U0X...), and the Bot ID (e.g., B0X...).
  • Installing User Information: The Slack User ID of the individual who performed the installation.

Why we collect this*: This information is essential for Thread Patrol to be installed, to authenticate with the Slack API, to perform its functions within your specific workspace, and to respond to events. This data is stored in our ThreadPatrolInstallations database on Amazon Web Services (AWS).

Information Collected Automatically During Service Operation:

As Thread Patrol operates within your Slack channels, it processes and stores certain metadata related to messages:

  • RECENT_CONTEXT_LIST:
    • To provide context for AI-powered similarity analysis, we store identifiers for recent messages in channels where Thread Patrol is active. This includes: Channel ID, timestamps (ts) of messages, and Slack User ID of the authors of these messages.
    • This information is stored in our ThreadPatrolData database on AWS as a rolling list of approximately the last 20 message identifiers per channel.
  • THREAD_LINK: To manage message relationships and the "move" functionality, we store: Team ID, Channel ID, Message Timestamp (ts), Parent Message Timestamp (parentTs), Root Message Timestamp (rootTs), a flag indicating if a message was moved (isMovedFlag), and the timestamp of the new copy if moved (movedToTs).
  • BOT_MESSAGE_MAP: When Thread Patrol copies a message, we store a record linking the bot's copied message timestamp to the original user message's timestamp and the interaction type.
  • MOVED_NOTICE_MAP: After a message is moved, we store a record that links the original message's timestamp to the timestamp of the public "Moved Here" notice that the bot posts. This is necessary to enable the interactive "Clean Up Notice" feature.
  • The metadata items above are stored in our ThreadPatrolData database on AWS.
  • Message Content (Text of Slack Messages - Processed Ephemerally):
    • When an AI similarity check is performed, the textual content of the new user message and the textual content of recent contextual messages (fetched from Slack channels where Thread Patrol is active) are processed.
    • Important: This message content is processed in memory and sent to the Google Cloud Vertex AI service (Gemini model) solely for similarity analysis.
    • Thread Patrol does NOT store the content of your Slack messages in its own database.
    • Once sent to Google Gemini for analysis, Thread Patrol discards this content from its active processing. In the event of errors during AI processing, snippets (e.g., the first 30 characters of a message being processed for AI analysis) or, if included in error responses from Google Gemini, the full text of messages involved in that specific analysis might be temporarily captured in system error logs for troubleshooting purposes. We strive to minimize such logging of sensitive data.
    • Service Reliability: When AI services are temporarily unavailable due to outages or maintenance, Thread Patrol automatically falls back to the 15-second recency rule only, ensuring continued basic functionality without AI analysis.
  • User IDs: Slack User IDs associated with messages (authors, users mentioned in button payloads generated by the bot) are processed to attribute messages correctly, mention users in suggestions, and provide context to the AI.
  • Temporary In-Memory Message Text (15-Second Rule): For the 15-second recency check feature, the text of recent messages from a user in a channel is held in the application's memory for a maximum of 15 seconds. This data is not persistently stored by the Service for this feature.
  • Usage analytics:
    • To understand service usage, identify popular features, and improve the bot, we collect aggregate usage statistics on a per-workspace basis.
    • This includes data such as your Team ID, a count of moved messages (movedMessagesCount), and a count of cleanup actions (cleanupActionsCount).
    • This analytics data is not associated with individual User IDs and does not include any message content.
  • System Logs:
    • To monitor application health, diagnose errors, and ensure security, we maintain temporary operational logs. These logs record events such as API requests and application errors. They may contain metadata (like Team IDs and Channel IDs) and, in the case of an error, could inadvertently include snippets of message content or other information related to that specific failed event.
    • This data is used exclusively for troubleshooting and is never used for any other purpose.

Why we collect/process this: This metadata and ephemeral content processing are crucial for Thread Patrol to understand conversation flow, identify potential threads, build context for AI analysis, execute message move operations, and avoid redundant suggestions. Thread Patrol does not process or store files attached to messages, nor does it fetch or store user profile information (like display names, real names, or email addresses) beyond Slack User IDs.

How We Use Your Information

We use the information we collect for the following purposes:

  • To Provide and Operate the Service: We use your OAuth Installation Information to authenticate, Message Identifiers & Metadata to manage conversation flow, Ephemeral Message Content for AI analysis, User IDs for attribution, and Temporarily Cached Message Text for the 15-second recency check.
  • To Improve and Maintain the Service: We may use aggregated and anonymized information to improve features. Error logs are used for diagnosing and fixing issues.
  • To Communicate with You: We may use the installing user's ID to provide support or important notices about the Service.

Data Sharing and Third-Party Services

We do not sell your personal information. We share information only in the following circumstances:

  • With Slack: Thread Patrol is a Slack bot, and its core functionality involves interacting with the Slack platform. Data such as messages posted by the bot, requests to read message history, or to get message permalinks are inherently processed via Slack's APIs as directed by the bot's operation.
  • With Google Cloud Platform (Vertex AI / Gemini):
    • Using Vertex AI in a Google Cloud project implies operating under the standard Google Cloud Terms of Service and the Vertex AI Service Specific Terms, which include the data privacy and non-training guarantees that allow us to ensure your data is not being used for LLM training purposes.
    • To provide AI-powered similarity analysis, when a new message is eligible for an AI check, its text content and the text of recent contextual messages are sent to Google's Vertex AI service for processing by the Gemini language model. We only send the necessary text for this analysis. Per our configuration with Google Cloud, this data is used solely to provide the analysis for your request and is not used to train Google's models.
    • Google's use of this data is governed by their terms and privacy policies. We recommend you review Google Cloud's Privacy Policy and their terms regarding Vertex AI data usage. You can typically find this information at: https://cloud.google.com/vertex-ai/generative-ai/docs/data-governance
    • Specifically, in the 'Training restriction' section: "Google won't use your data to train or fine-tune any AI/ML models without your prior permission or instruction. This applies to all managed models on Vertex AI"
  • With Amazon Web Services (AWS):
    • All persistently stored data by Thread Patrol, including your OAuth Installation Information and Message Identifiers & Metadata (from ThreadPatrolInstallations and ThreadPatrolData tables respectively), is stored on secure servers provided by Amazon Web Services (AWS) located in the eu-west-1 region.
    • AWS's use of data is governed by their privacy policies. You can find more information at https://aws.amazon.com/privacy/
    • Thread Patrol uses Amazon CloudFront as a content delivery network to serve its API endpoints securely. CloudFront may process request metadata but does not have access to message content.
  • For Legal Reasons: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent fraud, act in urgent circumstances to protect the personal safety of users of the Service, or protect against legal liability.
  • Business Transfers: If Thread Patrol is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be transferred as part of that transaction as permitted by law and/or contract.

Data Storage, Security, and Retention

Data Storage & Location:

The information collected by Thread Patrol is stored on secure servers hosted by Amazon Web Services (AWS) in the eu-west-1 region.

Data Security:

We take the security of your information seriously and implement appropriate measures, including:

  • Encryption: Data is encrypted in transit and at rest.
  • Access Controls: We utilize IAM roles and policies to restrict data access.
  • Credential Security: Sensitive credentials are not hardcoded and are stored encrypted in AWS Systems Manager (SSM) Parameter Store.
  • Regular Reviews: We periodically review our practices.

While we strive to protect your information, no method of transmission over the Internet is 100% secure.

Data Retention:

We retain different types of information for different periods:

  • OAuth Installation Information (stored in the ThreadPatrolInstallations table):
    • This information, including your bot access token, is retained as long as Thread Patrol is installed in your Slack workspace.
    • Upon uninstallation of the app from your workspace, this installation information is deleted from our active database.
  • Message Identifiers & Metadata (stored in the ThreadPatrolData table):
    • RECENT_CONTEXT_LIST: We maintain a rolling list of identifiers for approximately the last 20 standalone messages per channel. These items are also set to automatically expire and be deleted from our database 90 days after their last update, due to a Time-To-Live (TTL) policy configured with an expiresAt attribute.
    • THREAD_LINK, BOT_MESSAGE_MAP, and MOVED_NOTICE_MAP: This metadata is set to automatically expire and be deleted from our database 90 days after its last update, due to a Time-To-Live (TTL) policy configured with an expiresAt attribute.
    • Deletion upon Uninstallation: Furthermore, upon uninstallation of Thread Patrol from your workspace, all RECENT_CONTEXT_LIST, THREAD_LINK, and BOT_MESSAGE_MAP items associated with your workspace (identified by your Team ID) are actively queried and deleted from our ThreadPatrolData database.
  • Message Content (Text of Slack Messages): As stated earlier, the textual content of your Slack messages processed for AI similarity analysis is handled ephemerally. It is not stored by Thread Patrol in its database. It is sent to the Google Gemini AI service for analysis and then discarded from our active processing. As detailed previously, in the event of errors during AI processing, limited message content might be temporarily captured in system logs for troubleshooting. These system logs are automatically and permanently deleted on a rolling basis after 30 days.
  • Temporary In-Memory Message Text (15-Second Rule): For the 15-second recency check feature, the text of recent messages is held in the application's memory for a maximum of 15 seconds and is not persistently stored for this purpose.

Your Rights and Choices Regarding Your Information

We respect your rights concerning your information. Depending on your location and applicable data protection laws, you may have the following rights regarding the information we process:

  • Right to Access: You may have the right to request access to the information we hold about your workspace's use of Thread Patrol. Due to the nature of the data (primarily OAuth tokens and operational metadata linked to Slack identifiers), direct access is typically managed through your Slack workspace. For specific inquiries about data associated with your workspace, you can contact us at threadpatrol.help@gmail.com.
  • Right to Rectification (Correction): If you believe that any information we hold about your workspace is inaccurate or incomplete, you may request its correction. Please contact us at threadpatrol.help@gmail.com with details of the information and the correction needed. We will take reasonable steps to verify your identity and the accuracy of the information before making corrections.
  • Right to Erasure (Deletion):
    • The primary way to ensure the deletion of all information associated with your workspace (including OAuth tokens and all related metadata stored in our ThreadPatrolInstallations and ThreadPatrolData tables) is by uninstalling the Thread Patrol application from your Slack workspace. Upon uninstallation, we initiate a process to delete this data from our active databases as described in the Data Retention section.
    • Individual pieces of metadata are subject to the retention policies outlined in Data Retention section, including automatic expiration via our Time-To-Live (TTL) configuration (90 days from last update).
  • Right to Restrict Processing: You can effectively restrict our processing of your workspace's information by uninstalling the Thread Patrol application. If you have concerns about specific processing activities while the app is installed, please contact us.
  • Right to Object to Processing: You have the right to object to certain types of processing. The primary way to object to all processing by Thread Patrol is to uninstall the application from your Slack workspace.
  • Right to Data Portability: The data Thread Patrol stores is operational metadata specific to its functioning within the Slack environment. While we will endeavor to respond to access requests, providing this data in a commonly portable format may be limited by its nature and context. Please contact us if you have specific requests.

How to Exercise Your Rights:

To exercise any rights, please contact us at threadpatrol.help@gmail.com. We will respond within a reasonable timeframe and may need to verify your identity.

Users in Certain Regions (e.g., European Economic Area, California):

If you are located in certain regions, you may have additional statutory rights under laws like GDPR or CCPA, including the right to lodge a complaint with a supervisory authority.

Cookies and Similar Technologies

Thread Patrol itself does not directly use cookies to track you or store your personal information across Browse sessions on external websites.

However, please be aware of the following:

  • Slack Platform: The Slack platform, which Thread Patrol integrates with, uses cookies and similar technologies for its own purposes. We recommend you review Slack's Cookie Policy and Privacy Policy for more information on their practices.
  • OAuth 2.0 Authentication: When you install Thread Patrol, you interact with Slack's OAuth 2.0 authentication process. This process may use cookies (e.g., to manage the security state of the authentication flow). These cookies are typically handled by Slack and our application's use of the Slack Bolt SDK's ExpressReceiver for facilitating this secure connection. The ExpressReceiver uses a stateSecret for signing and verifying state cookies essential for the OAuth flow's security. These are generally session-based or short-lived and are for security and flow completion, not for broader user tracking by Thread Patrol.

You can usually control cookies through your browser settings. Please refer to your browser's help documentation for more information on managing cookies.

Children's Privacy

Thread Patrol is not directed to individuals under the age of 16 (or a higher age threshold if stipulated by applicable local laws, such as 13 in the United States under COPPA). We do not knowingly collect personal information from children under this age.

If we become aware that we have inadvertently collected personal information from a child under the specified age without verifiable parental consent, we will take steps to delete such information from our systems as soon as possible.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us at threadpatrol.help@gmail.com, and we will take steps to remove that information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service's functionality, or applicable laws. We will post any changes to this policy on this webpage and will update the "Effective Date" at the top of this Privacy Policy.

For material changes, we may provide more prominent notice, such as through the Thread Patrol app interface within Slack or by sending a notification to the installing user or a designated workspace contact if such contact information is available to us.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting the information we collect. Your continued use of the Service after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.

Contact Information

If you have any questions, comments, or concerns about this Privacy Policy, our data handling practices, or your rights, please contact us at:

Thread Patrol
Email: threadpatrol.help@gmail.com