Founding 100: first 100 SaaS founders get Solo at $19/mo, lifetime. Public price after that: $29/mo.
Claim a spot
Thread Otter"Thread Otter"

Privacy Policy

Thread Otter helps founders draft replies to social media threads grounded in their product context. To do that, we handle a few specific kinds of data. This page tells you what, why, and what your rights are. Plain English, no legalese.

Last updated: May 26, 2026

What we collect

Account information

  • Your email address and a hashed password (handled by our auth provider, Supabase).
  • Your name and optional avatar, when you provide them.
  • An API token used by the Chrome extension to talk to our backend.

Social media data (only when you interact)

When you click the Draft button on a social media post or use the extension, it reads:

  • The post or comment you're replying to and relevant context in that thread.
  • Your social media handle on that platform (so we can identify your replies vs. other participants in the thread).
  • Public engagement metrics visible on the page (reply count, likes, etc.).

We only collect data from threads you interact with.We do not scrape your feed, read your DMs, access your social media passwords, or collect data from pages you don't engage with through the extension. We do not auto-post or auto-submit anything on your behalf.

Product context you provide

Website crawls, documents, and text you add to the product context pipeline are stored and used as retrieval context when generating drafts. This is your data — we only use it to power your drafts.

Generated drafts and conversation history

Drafts the AI produces, what you actually posted (if the extension detects it), and the edit distance between the two. We use this to show your activity log, train your voice profile, and improve future drafts for you specifically.

Voice profiles and examples

Voice configurations and reply examples you create or that are auto-captured from your posted replies are stored in our database and used as few-shot context when generating drafts in your voice.

Extension diagnostics

If the extension encounters an error on a social media page, it may send a sanitized error report — structural information only, no personal content. This lets us push fixes quickly when platforms change their layouts.

What we don't collect

  • Your social media passwords. Authentication stays inside each platform.
  • Your DMs, private messages, or non-public content.
  • Payment card numbers. Stripe handles billing and we never see them.
  • Data from pages outside the social media platforms you use with the extension.
  • Your browsing history or activity outside of explicit extension interactions.

How we use it

  • To generate grounded replies in your voice using a large language model.
  • To track your conversation history and rep activity across platforms.
  • To improve your voice profile based on how you edit AI drafts.
  • To poll public thread updates (new replies to your posts) via platform APIs and RSS feeds.
  • To bill the right amount via Stripe.
  • To send essential transactional emails (password resets, weekly digests you opted into).
  • To diagnose extension breakage and ship fixes faster.

We do not sell your data. We do not run advertising. We do not use your conversations or product context to train shared models — the AI provider we use does not retain prompts for training under our agreement.

Aggregated insights

Thread Otter may generate anonymized, aggregated insights from usage patterns across users — for example, which channels convert best for a given product category, or typical response rates by platform. These insights help all users make better decisions about where to focus their outreach.

What may be aggregated

  • Public thread metadata (channel, topic, engagement metrics) — this is already public information on the platforms.
  • Aggregate conversion and response rates by segment (e.g. "founders in developer tools see 12% response rates on Reddit").
  • Channel effectiveness patterns across cohorts.

What is never aggregated or shared

  • Your specific conversations, drafts, or posted replies.
  • Your product context, documents, or voice profile.
  • Your individual outcomes or conversion data.
  • Any personally identifiable information.

Aggregated insights are always shown as cohort-level statistics (e.g. percentiles from 20+ founders in your segment), never individual data points. We display the cohort size alongside every aggregate surface so you know how many data points inform the insight.

You can opt out.A "hide my project from aggregates" toggle is available in your project settings. When enabled, your data is excluded from all aggregate calculations. Your private scoreboard and drafts continue to work normally.

Who we share it with

We use vetted third-party providers to run the service. We share the minimum data each one needs to do its job. By category:

  • Database + authentication provider — stores your account, voice profile, conversations, and drafts.
  • Large language model provider — generates the draft text. Prompts are processed under a zero-data-retention agreement and are not used to train shared models.
  • Application hosting + edge networking — serves the web app and extension API.
  • Payment processor — handles subscription billing. We never see your card number.
  • Transactional email provider — delivers auth emails, weekly digests, and product notices.
  • Discovery feed integrations — keyword monitoring on public social media posts. Only public post data is processed.
  • Product analytics provider — anonymized page views, click events, and feature usage. No conversation content, drafts, or product context is sent.
  • Error monitoring provider — when something breaks, we send the error, stack trace, and request URL so we can fix it. We may attach your user ID so we can investigate user-specific bugs; we avoid sending personal content.

We'll name specific providers on request — email hi@threadotter.com. Each provider has their own privacy practices and we've reviewed them for compatibility with this policy.

We share the minimum data each provider needs to do their job. Each one has their own privacy practices, linked from their websites.

How long we keep it

  • Account data: as long as you have an account.
  • Conversations and drafts: as long as your account is active. Deleted within 30 days of account deletion.
  • Voice examples: as long as your account is active.
  • Extension diagnostic reports: 30 days, then automatically purged.

Your rights

You can, at any time:

  • Access and export your data — email us and we'll send a copy within 30 days.
  • Delete your account, which removes your data from our database within 30 days (some backups roll off over 60 days).
  • Correct any inaccurate data via the dashboard.
  • Object to how we use your data — email us and we'll work it out.

Email hi@threadotter.com for any of the above.

Cookies + storage

We use a session cookie to keep you signed in. The Chrome extension stores your API token and a few preferences in chrome.storage.local. We do not use third-party tracking cookies.

Children

Thread Otter is not directed at people under 16 and we don't knowingly collect data from them. If you believe a child has signed up, email us and we'll delete the account.

International users

Our infrastructure is hosted in the United States. By using Thread Otter, you consent to your data being processed there. If you're in the EU/UK, you have additional rights under GDPR — same email address handles those requests.

Changes

If we change this policy in a meaningful way, we'll email account holders at least 14 days before the change takes effect. The "last updated" date at the top of this page reflects the current version.

Contact

Email hi@threadotter.com for anything privacy-related — data requests, complaints, questions, all of it.