Privacy First
Privacy-First by Design
ThreadPatrol never requires invasive read/write scopes. We believe in least-privilege access and zero data retention.
Our Trust Pillars
Security, privacy, and compliance built into every aspect of ThreadPatrol.
Least Privilege
ThreadPatrol only requests the minimum permissions needed to function. No invasive read/write scopes.
No Data Retention
Message content is processed ephemerally and never stored. We keep only minimal operational metadata with automatic expiry.
Compliance Ready
GDPR & CCPA compliant with EU SCCs and DPIA templates for your legal team.
Data Governance & Reliability
Factual information on how we handle your data, based on our public policies.
Data Security
- Data is encrypted in transit (TLS) and at rest (KMS).
- Access is restricted via strict IAM roles and policies.
- Sensitive credentials are stored encrypted in AWS SSM.
Data Retention
- OAuth tokens are deleted upon uninstallation.
- Operational metadata expires automatically via TTL (90 days).
- Message content is NOT stored; it is processed ephemerally.
User Rights & Control
- You have the right to access, rectify, or erase your data.
- The primary way to delete all data is by uninstalling the app.
- You can object to processing by uninstalling the app.
Service Reliability
- In case of AI service outages, the bot degrades gracefully.
- It falls back to using only the 15-second recency rule for suggestions.
- Full AI functionality resumes automatically once services are restored.
Questions About Security?
Our security team is here to help with any questions about our privacy practices or compliance.