Privacy Policy

1. Introduction

This Privacy Policy explains how Thinkify ("Thinkify," "we," "us," or "our") collects, uses, and discloses information in connection with Dopple, our AI-powered fan engagement and social media management platform. Dopple connects to Instagram, Facebook, TikTok, X/Twitter, and other approved channels to assist with message drafting, analytics, persona customization, and workflow tools. This Policy applies to Customer Content, fan data, and usage information processed through the Service. It does not apply to third-party services you access or to fan data collected independently from those services.

You are responsible for ensuring you have the legal right to share personal information with us and for honoring any privacy obligations you owe to your audience. If you do not agree with this Policy, do not access or use the Service.

2. Information We Collect

2.1 Account and Billing Information

• Contact details such as name, email address, company, and role
• Authentication data, including hashed passwords and multi-factor authentication artifacts
• Billing and subscription details provided via our payment processor (we do not store full payment card numbers)

2.2 Connected Platform Data

• Profile information, page metadata, follower counts, and account identifiers from connected social networks
• Messages, comments, mentions, reactions, and conversation history imported through official APIs
• Media assets (images, audio, video) and captions you upload or authorize us to access
• Fan usernames and interaction context obtained through your authorized access

2.3 Generated and Derived Data

• Prompts, instructions, persona settings, and preferences you configure
• AI-generated draft responses, summary data, analytics dashboards, and engagement metrics
• Embeddings, model scores, and other machine learning artifacts created to deliver the Service

2.4 Technical and Usage Information

• Log files, device identifiers, browser type, IP address, and time-stamped activity
• Feature usage telemetry, workflow configuration, and response approval actions
• Cookie identifiers and similar tracking technologies to maintain sessions and improve the product

2.5 Information from Third Parties

We may receive information about you from service providers, integration partners, data processors supporting our analytics, security, or support functions, and publicly available sources where permitted by law.

3. How We Use Information

We process information for the following purposes and legal bases (where applicable under GDPR/UK GDPR):

• Provide and maintain the Service (contract performance): authenticate users, connect social accounts, draft responses, manage conversation history, and deliver dashboards.
• Personalize experiences (legitimate interests/consent): tailor persona settings, approval workflows, and AI outputs to match your communication style.
• Maintain security and integrity (legitimate interests/legal obligations): detect abuse, monitor performance, troubleshoot incidents, and enforce policies.
• Improve and develop the Service (legitimate interests): analyze aggregated usage trends, train and evaluate models, test features, and conduct product research.
• Communicate with you (contract performance/consent): send transactional messages, onboarding guides, product updates, and respond to support requests.
• Comply with legal obligations: satisfy recordkeeping, platform policy, tax, audit, and regulatory requirements.

We may create aggregated, de-identified, or anonymized data from personal information and use it for analytics, benchmarking, and product improvement. Aggregated data does not identify you or your audience.

4. How We Share Information

We disclose information only as described below, subject to appropriate confidentiality and data protection obligations:

• Service providers. Hosting, infrastructure, customer support, analytics, email, logging, security monitoring, and payment processors such as Supabase, OpenAI, and other vetted vendors.
• Platform integrations. Social networks (e.g., Meta, TikTok, X/Twitter) receive data when required to deliver authorized functionality under their platform policies.
• Business partners and subprocessors. Trusted partners assisting with model operations, quality review, or co-marketed functionality under written agreements.
• Professional advisors. Attorneys, auditors, and consultants under confidentiality obligations.
• Legal compliance. Government authorities, law enforcement, or other parties when required by law, subpoena, or to protect the rights, property, or safety of Thinkify, our customers, or others.
• Business transfers. In connection with a merger, financing, acquisition, or dissolution, provided that the receiving party honors this Policy.

We do not sell personal information or use Customer Content for third-party advertising. We may share aggregated metrics and insights that do not identify individuals.

5. Cookies and Tracking Technologies

We use first- and third-party cookies, web beacons, local storage, and similar technologies to operate the Service, authenticate sessions, remember preferences, measure effectiveness, and detect fraud. You can manage cookie preferences through your browser settings, but disabling cookies may limit functionality.

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements. Unless you configure a different retention period:

• Conversation content and analytics are retained for up to 18 months after collection
• Account records are retained while your subscription is active and for at least 12 months thereafter
• Backup copies may persist for an additional 30–60 days before automatic deletion

You may request earlier deletion through in-product controls or by contacting us. We may retain certain information if necessary to comply with law, prevent fraud, or establish, exercise, or defend legal claims.

7. Data Security

We employ administrative, technical, and physical safeguards designed to protect information, including encryption in transit and at rest, access controls, logging, and vendor due diligence. Despite these efforts, no security measures are perfect, and we cannot guarantee absolute security. Please use strong passwords, enable multi-factor authentication, and control user access to mitigate risk.

8. International Data Transfers

Thinkify is headquartered in the United States, and we may transfer information to the U.S. and other countries where we or our service providers operate. When we transfer personal data from the European Economic Area, United Kingdom, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms. By using the Service, you consent to these transfers.

9. Your Responsibilities

You are responsible for (a) obtaining all necessary consents and providing required notices to your audience and collaborators; (b) configuring retention, approval, and access controls appropriate for your obligations; (c) keeping credentials and access tokens secure; and (d) honoring requests from individuals exercising privacy rights that you receive directly. You should not upload sensitive personal data unless expressly permitted by law and necessary for the Service.

10. Your Rights and Choices

Depending on your jurisdiction, you may have rights to access, correct, update, delete, restrict, or object to our processing of your personal information, as well as to data portability and to withdraw consent. To exercise these rights, submit a request to privacy@thinkify.biz with sufficient detail for us to verify your identity.

• Account administrators can access and export conversation history and configuration data from within the product
• You can disconnect social accounts and adjust automated workflows at any time
• We will respond to verified rights requests within the timeframes required by applicable law

Residents of California and certain other U.S. states have the right to opt out of "sale" or "sharing" of personal information for cross-context behavioral advertising. Thinkify does not sell personal information or use Customer Content for targeted advertising. You may still submit an opt-out request, and we will honor it consistent with applicable law.

11. Children's Privacy

The Service is intended for businesses and creators and is not directed to individuals under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child without appropriate consent, we will delete it. Please notify us at privacy@thinkify.biz if you believe a child's information has been provided to us.

12. Meta and Other Platform Compliance

Our integrations comply with platform policies, including Meta's Platform Terms and Developer Policies. We use data obtained through those integrations only to provide services to the account owner, support analytics, enforce security, and improve the product in accordance with this Policy. We do not use Meta platform data for unrelated advertising or for profiling end users outside of the Service.

13. Changes to This Policy

We may update this Privacy Policy to reflect operational, legal, or regulatory changes. When we do, we will post the updated version with a revised "Last updated" date and, for material changes, provide additional notice via email or in-product messaging. Your continued use of the Service after the effective date constitutes acceptance.

14. Contact Information

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, contact us: