Privacy Policy

1. Who We Are

ThinqWith is a context-injection tool — not a chatbot or AI conversation host. We help creators turn their writing into shareable cards. Readers tap a prompt direction and are launched into their own AI assistant (such as Claude, ChatGPT, or Gemini) with a pre-built prompt. ThinqWith never hosts AI conversations, stores chat transcripts, or acts as an intermediary during a reader's AI session.

For purposes of applicable data protection law, ThinqWith is the data controller for personal information collected through the Service. You can reach us at legal@scad.ventures.

2. Information We Collect

2.1 Creators (registered accounts)

• —Account data: Email address and hashed password (managed by Firebase Authentication), or OAuth credentials if you sign in with Google.
• —Profile data: Display name, public handle, bio, expertise line, primary content URL, social media links, card appearance preferences, profile visibility setting, and availability configuration you choose to provide.
• —Profile photo: We generate a one-way cryptographic hash of your email address and send it to Gravatar (Automattic, Inc.) to retrieve an avatar image, if one exists. Your email address itself is not transmitted to Gravatar.
• —Card content: The text you submit for card creation, the resulting card title and summary, optional source URL, and the prompt directions selected for your card. Submitted text is processed by our AI provider to generate card output — see Section 4.
• —Billing data: If you subscribe to ThinqWith Pro, we store a payment processor customer identifier linked to your account. We do not store credit card numbers, bank account details, or any raw payment instrument data — those are held exclusively by our payment processor, Stripe.
• —Social graph: Records of which accounts you follow and which accounts follow you (account IDs and timestamps).

2.2 Readers / Explorers

• —No account required: You can view cards and launch prompts without creating an account. We do not require, collect, or infer your identity for anonymous reads.
• —Engagement events (anonymous): When you tap a prompt direction and launch, we log which card, which direction, and which platform you selected. We do not log a reader identifier — engagement events are anonymous and used only to provide creators with aggregate engagement data.
• —If you create an account: All creator data fields above apply. Additionally, we store cards you bookmark (card identifiers, timestamps, optional notes you write), AI-generated topic tags on those bookmarks, and observations you choose to post.
• —Platform preference: Your preferred AI platform is stored in your browser's local storage. This preference is never transmitted to our servers.

2.3 Automatically collected data

• —Standard server logs (IP addresses, request paths, timestamps, user-agent strings) are generated by our cloud hosting provider, Google Cloud. These are used for security, performance monitoring, and abuse prevention and are subject to Google Cloud's data retention policies.

3. How We Use Your Information

• —Provide the Service: Authenticate accounts, create and display cards, process AI-assisted content generation, handle payments, and deliver all core features.
• —Creator engagement data: Aggregate, anonymous engagement events are surfaced to card creators so they can see how their content is being explored. Individual readers are never identified in this data.
• —AI reading insights (opt-in): Registered readers who have saved three or more cards may request AI-generated thematic insights from their saved collection. This uses only short content summaries — never the full original creator text. Results are cached on the user's account and refreshed at the user's request, subject to a cooldown period.
• —Security and integrity: Detect and prevent fraud, abuse, spam, and policy violations.
• —Legal compliance: Comply with applicable law, respond to valid legal process, and enforce our agreements.
• —Transactional communications: Account and billing confirmations. We do not send marketing emails without your explicit opt-in.

4. AI Processing — What Gets Sent and Where

ThinqWith uses Google Cloud AI services for server-side content operations. These services process requests on our behalf as part of our Google Cloud infrastructure, under Google's Data Processing Agreement. Google Cloud's API terms do not permit the use of API-submitted content to train models without consent.

What we send for AI processing

• —Card generation: When a creator submits text for card creation, that text is transmitted to Google Cloud AI services to generate a card title, summary, and suggested prompt directions. Creators should not submit content that contains personal data of third parties.
• —Bookmark tagging: When a reader saves a card, a short content summary (not the creator's full original text) is sent to generate a concise topic tag for that bookmark.
• —Reading insights: When a reader requests insights on their saved collection, short content summaries from their bookmarks are sent to generate thematic patterns. No full card text, personal identifiers, or account details are included in this request.

When a reader launches into a third-party AI platform

When a reader selects a prompt direction and launches into Claude, ChatGPT, Gemini, or Google, ThinqWith delivers a prompt to that platform via direct browser handoff. Once the prompt reaches that platform, ThinqWith has no visibility into, control over, or responsibility for the session that follows. That interaction is governed entirely by the reader's own relationship with the third-party platform and that platform's privacy policy. ThinqWith does not transmit any reader account data, session identifiers, or personal information to those platforms.

5. How We Share Your Information

We do not sell personal information. We share information only as follows:

6. Cookies and Browser Storage

• —Authentication cookies: Firebase sets session cookies required to keep you signed in. These are strictly necessary and cannot be disabled without breaking sign-in functionality.
• —Local browser storage: Your preferred AI platform is stored locally in your browser. It is never transmitted to our servers.
• —No advertising or tracking cookies: We do not use advertising networks, cross-site trackers, or behavioral profiling cookies.

7. Data Retention

• —Account data: Retained for the life of your account. Deleting your account will result in deletion of your profile, cards, bookmarks, and social graph within 30 days, subject to legal hold obligations.
• —Engagement analytics: Anonymous engagement events are retained to provide creators with long-term engagement history. Because no personal identifier is attached, these cannot be deleted by individual request.
• —Billing records: Retained as required by applicable financial and tax law (typically 7 years), even after account deletion.
• —Infrastructure logs: Governed by Google Cloud's standard retention policies.

8. Your Rights and Choices

Depending on your location, you may have the following rights with respect to your personal information:

• —Access: Request a copy of personal information we hold about you.
• —Correction: Update or correct inaccurate information via your account settings, or by contacting us.
• —Deletion: Request deletion of your account and associated personal data, subject to the retention obligations described in Section 7.
• —Portability: Request your personal data in a structured, machine-readable format.
• —Objection / restriction: Object to or request restriction of certain processing activities where permitted by law.
• —No sale of data (CCPA): We do not sell or share personal information for cross-context behavioral advertising. No opt-out mechanism is required, but you may contact us at any time to confirm.
• —Withdraw consent: Where processing is based on your consent, you may withdraw at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email legal@scad.ventures with the subject line "Privacy Request." We will respond within 30 days. We may verify your identity before processing your request. If you are in the EEA, UK, or Switzerland and believe we have not adequately addressed your concern, you have the right to lodge a complaint with your local supervisory data protection authority.

9. Children

The Service is not directed to, and we do not knowingly collect personal information from, children under 13 years of age (or the applicable minimum age in your jurisdiction). If you are under 13, do not use the Service or provide any personal information. If we learn we have collected personal information from a child under 13 without verified parental consent, we will delete it promptly. Contact us at legal@scad.ventures if you believe we may have such information.

10. Data Security

We implement technical and organizational measures appropriate to the risk of our processing activities, including encryption in transit (TLS), database-level access controls, server-side token verification, input validation, and rate limiting. No system is perfectly secure, however, and we cannot guarantee absolute security of your information.

11. International Transfers

ThinqWith is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using the Service, you acknowledge this transfer. Where required by law, we rely on appropriate transfer mechanisms such as standard contractual clauses.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the effective date at the top of this page and, where appropriate, by in-app notice or email to registered creators. Your continued use of the Service after any update constitutes acceptance of the revised Policy.

13. Contact

Questions or requests regarding this Privacy Policy: