Privacy Policy

Effective Date: March 29, 2026  ·  Last Updated: March 29, 2026

ThinkStream, Inc. (“ThinkStream,” “we,” “us,” or “our”) operates the ThinkStream web application and mobile application (collectively, the “Service”). This Privacy Policy explains how we collect, use, share, and protect information about you when you use our Service.

Please read this policy carefully. By using ThinkStream, you agree to the collection and use of information as described here. If you do not agree, please do not use the Service.

1. Who We Are

ThinkStream, Inc. is the data controller responsible for your personal information. You can contact us at:

Email: privacy@thinkstream.ai

Account Deletion: https://thinkstream.ai/delete-account

2. What Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Your name and email address
  • Password (stored in encrypted, hashed form — we never store your plaintext password)
  • Profile information you choose to provide
  • Billing information if you subscribe to a paid plan (processed by our payment provider; we do not store your full card details)

2.2 Connected Data — Calendar, Email, and Messaging

ThinkStream's core functionality requires connecting to your productivity tools. When you grant ThinkStream access to these services, we ingest and process:

  • Calendar data: event titles, times, attendees, descriptions, and meeting links
  • Email data: message content, subject lines, sender/recipient information, timestamps, and attachments you choose to share
  • Messaging data: content from connected messaging platforms you authorize (e.g., Slack, Teams)

This data is used solely to deliver the ThinkStream Service to you — to surface insights, help you prepare for meetings, manage your workload, and generate AI-powered summaries and recommendations. We do not use this data for advertising.

2.3 Usage and Analytics Data

We collect information about how you interact with the Service, including:

  • Features you use and actions you take within the app
  • Session duration and frequency of use
  • Device type, operating system, and app version
  • IP address and approximate location (city/country level)
  • Crash logs and error reports

2.4 Communications

If you contact us for support or feedback, we collect the content of those communications and any information you choose to share.

2.5 Information We Do Not Collect

ThinkStream does not collect:

  • Precise GPS location
  • Biometric data
  • Information from children under 18 (our Service is not directed at minors)
  • Sensitive personal information such as health records, financial account numbers, or government IDs

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the ThinkStream Service
  • Process your connected calendar, email, and messaging data to generate AI-powered insights and recommendations
  • Authenticate your account and keep it secure
  • Send you transactional emails (account confirmations, security alerts, billing receipts)
  • Send you product updates and announcements (you can opt out at any time)
  • Analyze usage patterns to improve features and fix bugs
  • Comply with legal obligations

We do not use your personal data — and especially not your calendar, email, or messaging content — for advertising, marketing profiling, or sale to third parties.

4. AI Processing and Third-Party AI APIs

ThinkStream uses artificial intelligence to generate summaries, recommendations, and insights from your connected data. To do this, we send relevant portions of your data to the following AI providers:

Important notes about AI processing:

  • We only send the minimum data necessary to fulfill a specific AI request
  • We use API-tier agreements with these providers, which generally prohibit them from training their models on your data — however, you should review each provider's current API data usage policies
  • AI-generated outputs may be stored in your ThinkStream account so you can access them later
  • You can review and delete AI-generated content from within the app

5. How We Share Your Information

We do not sell your personal data. We share your information only in the following circumstances:

5.1 Service Providers

We share data with trusted third-party vendors who help us operate the Service, including:

  • Cloud infrastructure providers (e.g., hosting, databases, storage)
  • AI API providers (Google, Anthropic, OpenAI) — described in Section 4
  • Analytics tools (to understand how features are used — aggregate/anonymized where possible)
  • Payment processors (for billing — they handle card data; we do not)
  • Customer support tools

All service providers are contractually required to handle your data in accordance with this policy and applicable law.

5.2 Legal Requirements

We may disclose your information if required to do so by law, subpoena, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of ThinkStream, our users, or others.

5.3 Business Transfers

If ThinkStream is acquired, merged with another company, or its assets are transferred, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice in the Service before your data is transferred and becomes subject to a different privacy policy.

5.4 With Your Consent

We may share your information for other purposes with your explicit consent.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: retained for the life of your account, plus up to 90 days after deletion to allow for recovery if you change your mind
  • Calendar, email, and messaging content: retained while your account is active; deleted within 30 days of account deletion
  • AI-generated content: retained in your account until you delete it, or until account deletion
  • Usage/analytics data: retained in anonymized or aggregated form for up to 24 months
  • Legal hold: we may retain specific records longer if required by law or for legitimate legal purposes

7. Your Privacy Rights

7.1 Rights for All Users

Regardless of where you are located, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your account and associated data (see Section 8)
  • Withdraw consent for data processing where consent is the legal basis
  • Opt out of non-essential marketing emails at any time using the unsubscribe link

7.2 EU/EEA Users — GDPR Rights

If you are located in the European Union, European Economic Area, or UK, you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR:

  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to restrict processing: ask us to limit how we use your data
  • Right to object: object to processing based on legitimate interests
  • Right to lodge a complaint: with your local data protection authority (DPA)

Our legal bases for processing your data under GDPR are:

  • Contract performance: Processing your connected data (calendar, email, messaging) to deliver the Service you signed up for
  • Legitimate interests: Analytics to improve the Service, security monitoring, fraud prevention
  • Consent: Marketing communications (you can withdraw at any time)
  • Legal obligation: Complying with applicable laws

7.3 California Users — CCPA/CPRA Rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know: request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell
  • Right to delete: request deletion of your personal information (subject to certain exceptions)
  • Right to correct: request correction of inaccurate personal information
  • Right to opt out of sale or sharing: we do not sell or share personal information for cross-context behavioral advertising
  • Right to limit use of sensitive personal information: we do not use sensitive personal information beyond what is necessary to provide the Service
  • Right to non-discrimination: we will not discriminate against you for exercising your privacy rights

To exercise your California rights, contact us at privacy@thinkstream.ai. We will respond within 45 days.

7.4 Other Jurisdictions

We are committed to complying with applicable privacy laws in all jurisdictions where our users reside, including Australia (Privacy Act), Canada (PIPEDA/CPPA), Brazil (LGPD), and others. Contact us if you have questions about your rights in your specific jurisdiction.

8. Account Deletion

You can delete your ThinkStream account at any time using either of these methods:

When you request deletion:

  • Your account will be immediately deactivated
  • Your personal data, including connected calendar, email, and messaging content, will be permanently deleted within 30 days
  • Some anonymized, non-identifiable usage data may be retained for product analytics purposes
  • If required by law (e.g., financial records), certain data may be retained for the legally mandated period

You will receive a confirmation email when your deletion request is submitted and again when deletion is complete.

9. Data Security

We implement industry-standard security measures to protect your information:

  • All data is encrypted in transit using TLS 1.2 or higher
  • Data at rest is encrypted using AES-256
  • Access to user data is restricted to ThinkStream employees and contractors who need it to operate the Service, under confidentiality obligations
  • We maintain security monitoring and conduct regular security reviews
  • In the event of a data breach that affects your rights, we will notify you as required by applicable law

No system is completely secure. If you discover a security vulnerability, please report it to security@thinkstream.ai.

10. International Data Transfers

ThinkStream is based in the United States. If you use the Service from outside the US, your data will be transferred to and processed in the United States and potentially other countries where our service providers operate.

For transfers of personal data from the EU/EEA/UK to the United States, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, incorporated into our agreements with sub-processors
  • The UK International Data Transfer Agreement (IDTA) for UK-to-US transfers

You can request a copy of the applicable transfer mechanisms by contacting us at privacy@thinkstream.ai.

11. Children's Privacy

ThinkStream is intended exclusively for users who are 18 years of age or older. Our Service is designed for business and professional use.

We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have inadvertently collected data from a minor, we will delete that information promptly. If you believe we may have information about a minor, please contact us at privacy@thinkstream.ai.

ThinkStream complies with the Children's Online Privacy Protection Act (COPPA). Because we do not direct our Service to children and have no actual knowledge of collecting data from children under 13, COPPA's verifiable parental consent requirements do not apply to our Service. Nevertheless, if any such data is brought to our attention, we will delete it immediately.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our web application:

  • Essential cookies: Required for the Service to function (authentication, session management). These cannot be disabled.
  • Analytics cookies: Help us understand how users interact with the Service (e.g., which features are used most). You can opt out in your account settings.
  • Preference cookies: Remember your settings and preferences.

Our mobile app does not use browser cookies but may use device identifiers (e.g., a resettable advertising ID or an app-specific identifier) for analytics purposes.

We do not use third-party advertising cookies or tracking pixels for behavioral advertising.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Post the updated policy at thinkstream.ai/privacy with a new effective date
  • Send you an email notification to the address associated with your account
  • Display a notice within the app

Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes. If you do not agree to the updated policy, you must stop using the Service and delete your account.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

ThinkStream, Inc.

Email: privacy@thinkstream.ai

Account Deletion: https://thinkstream.ai/delete-account

For EU/EEA users, you also have the right to lodge a complaint with your local data protection authority. A list of EU DPAs is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

ThinkStream, Inc. — privacy@thinkstream.ai thinkstream.ai/privacy-policy