Privacy Policy
Last updated: 24 June 2026
Threadify (“Threadify”, “we”, “us”) is operated by Saints Coaching (“Company”, “our”). This Privacy Policy explains how we collect, use, share, and delete personal information when you use Threadify through our website at www.threadify.appand our mobile applications for iOS and Android (collectively, the “Service”).
Contact
Email: learn@saintscoaching.com.au
Website: www.threadify.app
Country/Region: Australia
1. What we collect
A) Account and sign-in information
When you create an account or sign in to Threadify, we collect the information needed to run your account, such as:
- Your email address (and any basic profile info your sign-in provider shares with us)
B) Threads (Meta) connection information
When you connect Threadify to your Threads account using Threads/Meta authorization (OAuth), we collect and store the information needed to keep the connection working and perform actions you request, such as:
- Your Threads username and Threads user ID
- Authorization data (for example, access tokens and related token metadata like expiry and scopes/permissions)
We don’t receive your Threads password.
We also store your public Threads profile picture and periodic snapshots of your public follower count to power your growth analytics. Threadify may display the profile picture, username/handle, display name, and follower count of its connected accounts — together with any testimonial or feedback you choose to share with us — as social proof, both inside the app (for example a leaderboard of top creators) and in our marketing (for example an avatar row on our pricing page). This uses only information that is already public on Threads or that you provided to us. If you’d prefer not to appear, or want a testimonial removed, contact us and we’ll exclude your account.
C) Content you provide
We process and store the text you enter into Threadify, such as:
- Draft content you write or edit
- Content you choose to schedule
- Content you choose to publish through Threadify
D) Support and communications
If you contact us (for example by email), we collect the information you send us so we can respond.
E) Push notification tokens (mobile apps only)
If you allow push notifications, we collect and store a device push token provided by Apple (APNs) or Google (FCM). This token is used solely to deliver notifications about your account activity (for example, scheduled post status, bug report updates, and subscription reminders). You can disable push notifications at any time through your device settings.
F) Payment information
Subscription payments are processed by Stripe, a PCI-DSS Level 1 certified payment processor. We do not receive, store, or have access to your full credit card number. Stripe may share limited transaction information with us (such as the last four digits of your card, expiry date, and billing country) for receipts and fraud prevention.
G) Product usage analytics
We use the following analytics services to understand how Threadify is used and improve the product:
- PostHog — Product analytics (feature usage, session recordings). PostHog processes data in the US. PostHog Privacy Policy
- Google Analytics — Website traffic analytics. Data is processed by Google. Google Privacy Policy
- Firebase (Google) — Used on mobile apps for authentication and crash diagnostics. Firebase may collect device identifiers and crash reports. Firebase Privacy
You may opt out of analytics by disabling cookies in your browser or adjusting your device privacy settings.
H) Google User Data
When you sign in to Threadify using Google, we collect limited information from your Google account:
- Your email address (for account identification and communication)
- Your display name (for personalization within Threadify)
- Your profile picture URL (for display in the app)
We do not access your Google contacts, calendar, or any other Google services beyond authentication and (optionally) Google Drive for the Knowledge Base.
I) Agent connections (MCP)
You can connect a third-party AI assistant (such as Claude or ChatGPT/Codex) to Threadify via the Model Context Protocol (MCP), either with OAuth or a personal access token. When you authorize a connection:
- We store the connection's metadata and only a one-way hash of its access/refresh tokens — never the token in plain text, and never your Threads (Meta) access token, which stays sealed on our servers.
- The connected assistant can, within the permissions you grant, read and create your Threadify drafts, schedule and publish posts, manage replies, and read/update your personal "Brain" memory and performance data. If you have connected more than one Threads account, the assistant acts on your default account unless you or the assistant specify another of your own connected accounts for a given action.
- Tool responses returned to the assistant contain only what the task needs (e.g. draft, post, and job identifiers, statuses, and generated text). We do not return account passwords, auth secrets, or unrelated personal data.
- To operate the connection and let you review what the assistant did, we keep a log of its activity tied to your account: the tool calls it makes (their request details and results), the artifacts it generates, and any feedback you record about a draft (which can include the draft text). Credentials and secrets are redacted from these logs. This activity is retained while the connection exists and is deleted when you delete the connection or your Threadify account.
- You can review and revoke any connection at any time in Settings → Agent Connections; revoking immediately invalidates that connection's tokens.
J) Outbound link tracking & conversion attribution
When you publish or schedule a post through Threadify, we may rewrite the outbound links in it into short tracked links on a Threadify domain (e.g. /go/<id>) that redirect to your original destination. This lets us show you click and conversion analytics for your posts. It is on by default and you can turn it off per account in Analytics → Tracking; when off, no new links are rewritten and we stop recording clicks (links already published keep working).
Click data.When someone clicks a tracked link, we record: the post/link identifier, click time, a coarse location (country/region/city derived from the request — never precise GPS coordinates), a coarse device/browser/OS class, the referring site's domain (we strip the path and query string), and whether the click looks like a bot. We do not store the raw IP address or full user-agent; an account-salted one-way hash of the IP/visitor is used only to estimate unique clicks.
Click identifier (tfclid). We attach a random, non-guessable click id to the destination and store it in a cookie for up to 90 days, solely to attribute a later conversion back to the originating click. Attribution matching is limited to a 90-day window, so a click id is not used to link you beyond that. It is scoped to the creator's account and is never used as a cross-site advertising or identity-graph key.
Conversion attribution (optional). If you connect a downstream provider (e.g. Stripe, Shopify, Gumroad, Kit), its webhooks tell us when a tracked click led to an event such as a signup or purchase. We record the event type, provider, timestamp, the click id, and (if present) the value and currency. We do notstore raw webhook bodies — only a redacted, allow-listed summary. Customer identity (a one-way hash of an email and/or the provider's customer id) is stored only if you explicitly enable identity capture — per integration, or, if you post conversions to us directly via our API, only when you explicitly opt in on the request. It is off by default everywhere.
Purposes: creator analytics and attribution, abuse/fraud prevention, and debugging. Retention: raw click signals (hashed IP, hashed visitor id, referrer) are anonymized after about 90 days; the click id stops being usable for attribution after the 90-day window; stored webhook summaries are cleared after about 30 days; and any hashed conversion identity after about 13 months — coarse, non-identifying aggregates (totals, revenue, country, device) are kept. This data is included in your data export and is removed or anonymized when you delete your account. You are responsible for not placing sensitive personal data, secrets, or access tokens in the links or parameters you ask Threadify to track (see our Terms).
Google User Data Policy Compliance
This section specifically addresses how Threadify handles data obtained through Google APIs, in compliance with the Google API Services User Data Policy and Google APIs Terms of Service.
1. Data Accessed
Google Sign-In: When you sign in with Google, Threadify accesses the following data from your Google account:
- Email address — Used to create and identify your Threadify account
- Display name — Used for personalization within the app
- Profile picture URL — Displayed in the app interface
Google Drive (Optional Knowledge Base feature): If you choose to connect Google Drive, we access:
- File names and metadata — Only for files you explicitly select
- File content — Of selected documents, to extract knowledge for AI-powered content generation
Google Drive access requires separate consent through Google's OAuth flow. You can disconnect Google Drive at any time from the Knowledge page.
2. Data Usage
We use your Google user data exclusively for the following purposes:
- Account creation and authentication: To create, secure, and manage your Threadify account
- Profile display: To show your name and picture within the Threadify app
- Account communications: To send important security alerts and account-related notifications to your email
- Knowledge Base (if connected): To read selected Google Drive documents and build your personal Knowledge Base for AI-powered content generation
We do NOT use Google user data for:
- Advertising or marketing to third parties
- User profiling or behavioral tracking
- Selling or monetizing your data in any way
- Any purpose unrelated to providing Threadify's core functionality
3. Data Sharing
Your Google user data is NOT sold, rented, or shared with third parties, except in the following limited circumstances:
- Service providers: Trusted infrastructure providers who process data on our behalf under strict confidentiality agreements:
- Supabase — Database hosting and authentication
- Railway — Application hosting
- Google Cloud (Gemini API)— AI content generation (your document content may be sent to Google's AI models for processing)
- Legal requirements: When required by law, court order, or to protect our legal rights
We do NOT share your Google user data with advertisers, data brokers, or any other third parties for their own purposes.
4. Data Storage & Protection
Your Google user data is protected using industry-standard security measures:
- Encryption in transit: All data transmitted between your browser and our servers uses TLS/HTTPS encryption
- Encryption at rest: Sensitive data like access tokens are encrypted using AES-256-GCM before storage in our database
- Secure infrastructure: Our database (Supabase) and hosting (Railway) providers maintain SOC 2 compliance and follow industry-standard security practices
- Access controls: Only authorized personnel have access to user data, with role-based permissions and audit logging
- Regular security reviews: We regularly review and update our security practices
5. Data Retention & Deletion
Retention period: Your Google user data is retained only for as long as your Threadify account is active. We do not retain Google user data after account deletion except as required by law.
How to request deletion: You can request deletion of your Google user data at any time using either of these methods:
- Self-service: Visit our Data Deletion page and follow the instructions
- Email request: Email us at learn@saintscoaching.com.au with the subject line: "Data Deletion Request"
Deletion timeline: Upon receiving a valid deletion request, we will delete your Google user data within 30 days, unless retention is required for legal compliance or fraud prevention.
What gets deleted: Upon deletion, we remove your email address, display name, profile picture, and any Google Drive document content from our systems. You will also be logged out of Threadify.
2. How we use your information
We use your information to:
- Create and manage your Threadify account
- Connect your Threads account and keep that connection working
- Save drafts, scheduling details, and your settings
- Publish content to Threads when you instruct us to
- Provide customer support and troubleshoot issues
- Improve and maintain Threadify
- Comply with legal obligations and enforce our terms where needed
3. How we share your information
We don’t sell or rent your personal information.
We may share information in these situations:
- Service providers: We use trusted third-party providers to run Threadify (for example hosting, database, monitoring/logging, and customer support). They can only process information on our behalf and under confidentiality obligations.
- Threads/Meta: When you use Threads-connected features, information is sent to and from Threads/Meta to perform the actions you request (for example, publishing).
- Legal: We may disclose information if we’re required to do so by law, or to protect our rights, users, or the public.
4. Public authority requests
If we receive a request from a public authority for user information, we aim to follow these controls:
- We review requests for legal validity and scope
- We may challenge or seek to narrow requests we believe are unlawful or overbroad
- We disclose only the minimum information required
- We document the request and our response, including the decision process and who approved it
5. Data retention
We keep personal information only for as long as needed to provide Threadify, support users, and meet legitimate operational and legal needs.
If you request deletion, we delete personal information linked to your account unless we must keep certain information for legal, security, or fraud-prevention reasons.
6. Your choices and rights
A) Revoke Threads access
You can revoke Threadify’s access to your Threads/Meta account through Threads/Meta settings (where available). After revoking, you can also request deletion of data we hold (see below).
B) Request deletion
You can request deletion of your data in either of these ways:
- Follow our Data Deletion Instructions: www.threadify.app/data-deletion
- Email us at learn@saintscoaching.com.au with the subject line: “Threadify Data Deletion Request”
Please include:
- Your Threads username, and
- The email address you used for Threadify (if different)
7. International access
Threadify is operated from Australia, but some service providers we use may process or store data in other countries. When that happens, we take reasonable steps to ensure appropriate safeguards are in place.
8. Changes to this policy
If we change this Privacy Policy, we’ll update the “Last updated” date above and publish the updated version at www.threadify.app/privacy.