Privacy Policy

Last updated: May 4, 2026

This Privacy Policy describes how Threadbarn (“we”, “us”, “our”) collects, uses, and protects your information when you use our website at threadbarn.app and our writing-assistant service (the “Service”).

By using Threadbarn, you agree to the practices described in this policy. If you do not agree, please do not use the Service.

1. Who we are

Threadbarn is operated by Md. Tanbir Ahmed Suvo, an individual sole proprietor based in Dhaka, Bangladesh.

Contact: hello@threadbarn.app

For data protection inquiries, EU/UK users may contact us at the same address. As a small-scale operator, we do not currently appoint a designated EU representative under GDPR Article 27. If we determine one becomes required as we grow, we will update this policy. EU users may also contact their local data protection authority directly (see Section 8).

2. Information we collect

We collect only the information necessary to provide the Service.

2.1 Account information

When you sign up, we collect your email address and any profile information you provide (such as first name and last name). Authentication is handled by our third-party provider Clerk (see Section 5).

2.2 Voice profile and writing samples

To generate content in your voice, we collect:

  • Topics you write about (provided during onboarding)
  • Writing samples you paste or upload (text excerpts you’ve previously written)
  • Your tone and style preferences
  • Optional answers to onboarding questions about your writing personality

This information is used solely to build a personalized voice profile that improves AI generation quality. You can review, edit, or delete your voice profile at any time from within the app.

2.3 Content you generate

Every prompt you submit and every variation we generate is stored in our database. This includes:

  • Your topic input or pasted content
  • Format selection (single tweet, thread, list, longform)
  • Slider preferences (casual/professional, short/detailed, etc.)
  • All generated variations
  • Whether you copied, edited, or discarded each variation
  • Any edits you make to generated content

We retain this data to power the history feature, enforce plan limits, and improve future generations.

2.4 Usage data

We log generation counts, angle refresh counts, and similar usage metrics for plan enforcement (e.g., 5 generations per month on the Free plan).

2.5 Payment information

We do not collect or store payment details directly. All payments are processed by Paddle.com Market Limited (“Paddle”), our Merchant of Record. Paddle collects the information necessary to complete your purchase, including billing address, card details, and tax information. See Paddle’s privacy policy at https://www.paddle.com/legal/privacy for details on their data handling.

2.6 Cookies and similar technologies

We use a small number of essential cookies and similar technologies:

  • Authentication cookies set by Clerk to keep you signed in
  • Theme preference stored in your browser’s local storage (light/dark mode)
  • Sidebar collapsed state stored in your browser’s local storage

We do not use advertising cookies, tracking pixels, or analytics that share data with third-party advertisers.

2.7 Information we do NOT collect

  • We do not access your X (Twitter) account directly
  • We do not post on your behalf
  • We do not collect your contacts, precise location, or device identifiers
  • We do not sell or rent your personal information to anyone
  • We do not use your data to train AI models for any third party

3. How we use your information

We use the information we collect to:

  1. Provide the Service — generate content, manage your account, enforce plan limits
  2. Improve generation quality — your voice profile and feedback help us tune the AI
  3. Process payments — through Paddle, including handling subscriptions, refunds, and tax compliance
  4. Communicate with you — service updates, billing notifications, and replies to support requests
  5. Comply with legal obligations — including tax reporting, fraud prevention, and responding to lawful requests

4. Legal bases for processing (EU/UK users)

If you are in the EU, UK, or another jurisdiction with similar laws, we rely on the following legal bases under the GDPR / UK GDPR:

  • Contract performance — to provide the Service you signed up for
  • Legitimate interests — to maintain security, prevent fraud, and improve the Service
  • Consent — for any optional processing (you can withdraw consent at any time)
  • Legal obligation — for tax records and lawful requests

5. Third-party processors

We use the following processors to operate the Service. Each is bound by a data processing agreement and processes your data only on our instructions:

ProcessorPurposeData sharedLocation
Paddle.com Market LimitedPayment processing, Merchant of Record, tax complianceEmail, name, billing address, payment details, transaction historyUK / EU
Clerk, Inc.Authentication and user account managementEmail, name, profile photo (if uploaded), session tokensUnited States
Supabase Inc.Database hosting, file storageAll app data (voice profile, generations, variations, writing samples)United States
Anthropic, PBCAI content generation (Claude)Your prompts, voice profile, generated outputsUnited States
Exa Labs, Inc.Web search for trending content anglesYour topic keywordsUnited States
Vercel Inc.Application hosting and content deliveryIP address, request metadata, application logsUnited States

We do not sell your personal information to any third party. We share data with these processors only to the extent necessary to deliver the Service.

5.1 International data transfers

Threadbarn is operated from Bangladesh; our processors are located in the US, UK, and EU. For users outside these regions, your data may be transferred to and processed in countries that may not have the same data protection laws as your home country.

For transfers from the EU/EEA, UK, or Switzerland to the US, we rely on the EU Standard Contractual Clauses (SCCs) and equivalent UK / Swiss provisions, which our processors have agreed to in their data processing agreements with us. Where additional safeguards are needed, our processors maintain certifications such as the EU-US Data Privacy Framework (where applicable).

You can request more information about specific transfer mechanisms by emailing hello@threadbarn.app.

6. AI processing notice

Threadbarn uses Anthropic’s Claude AI to generate content. When you submit a prompt:

  • Your topic, voice profile, and any pasted content are sent to Anthropic’s API
  • Anthropic processes the request and returns generated content
  • The generated content is stored in our database and shown to you

Per Anthropic’s commercial API terms, your inputs and outputs are not used to train Anthropic’s general-purpose models. Anthropic may, however, perform limited automated processing on content for trust and safety purposes (e.g., to detect abuse). See Anthropic’s commercial terms at https://www.anthropic.com/legal/commercial-terms and their privacy policy at https://www.anthropic.com/legal/privacy for full details.

We do not use your content to train any other AI models.

7. Data retention

We retain your data as follows:

  • Account data: for as long as your account is active, plus up to 30 days after deletion to handle billing reconciliation
  • Voice profile: until you delete it or close your account
  • Generated content history: Free plan retains 30 days; Pro plan retains indefinitely until you delete or close your account. If you upgrade from Free to Pro, prior generations within the previous 30 days are retained on the Pro indefinite-retention basis.
  • Writing samples: until you delete them or close your account
  • Payment records: retained by Paddle for legal and tax purposes (typically 7 years) per their policy
  • Server logs: typically 30–90 days for security and debugging purposes (logs include IP addresses, timestamps, and request metadata)

When you close your account, we delete or anonymize your personal data within 30 days, except where retention is required by law (e.g., tax records held by Paddle).

8. Your rights

Depending on your jurisdiction, you may have the following rights:

  • Access — request a copy of the data we hold about you
  • Correction — request that we fix inaccurate data
  • Deletion — request that we delete your data (“right to be forgotten”)
  • Portability — receive your data in a machine-readable format
  • Restriction — limit how we process your data
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent

To exercise any of these rights, email hello@threadbarn.app. We will respond within 30 days. We may need to verify your identity before fulfilling your request.

You also have the right to lodge a complaint with your local data protection authority. EU users can find their authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en. UK users can contact the ICO at https://ico.org.uk.

9. Security

We use industry-standard security practices:

  • Encrypted connections (HTTPS) for all traffic
  • Encrypted storage at rest via our database provider
  • Authentication tokens managed by Clerk
  • Limited access to production systems

No system is perfectly secure. If we become aware of a data breach affecting your personal information, we will notify you and the relevant authorities as required by applicable law.

10. Children

Threadbarn is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact us at hello@threadbarn.app and we will delete it.

11. International users

Threadbarn is operated from Bangladesh. Our processors are located in the United States, the United Kingdom, and the European Union. By using the Service, you consent to your information being transferred to and processed in these locations, subject to the safeguards described in Section 5.1.

12. California residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act, including:

  • Right to know what personal information we collect and how it’s used
  • Right to delete your personal information
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information (we do not sell personal information or share for cross-context behavioral advertising)
  • Right to limit use and disclosure of sensitive personal information
  • Right to non-discrimination for exercising your rights

To exercise these rights, email hello@threadbarn.app. You may also designate an authorized agent to make a request on your behalf.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will:

  • Update the “Last updated” date at the top
  • Notify you by email if the changes are material (e.g., new categories of data collection, new processors)
  • Post the updated policy on this page

Your continued use of the Service after a policy change means you accept the updated policy.

14. Contact us

For any privacy-related questions or requests:

Email: hello@threadbarn.app
Website: https://threadbarn.app
Response time: within 7 business days for general inquiries; within 30 days for formal data rights requests