Legal

Privacy Policy

Effective Date: July 1, 2026 · Last Updated: July 1, 2026

1. Introduction

Threadesk ("Threadesk", "we", "our", or "us") provides a privacy-first browser extension and web application designed to help merchants organize customer orders, payments, and business operations originating from WhatsApp conversations. Threadesk is operated by Threadesk.

This Privacy Policy explains how we collect, use, disclose, protect, and retain information when merchants use our services, including:

  • The Threadesk browser extension.
  • The Threadesk web dashboard.
  • Associated websites and support services.
  • Email and billing services.

By using Threadesk, you agree to the practices described in this Privacy Policy.

2. Data Roles and Responsibilities

Merchant as Data Controller

Threadesk serves merchants who communicate with their customers through WhatsApp and other supported channels. The merchant determines which conversations are reviewed, which information is approved for saving, which customers are stored, and which orders, receipts, and customer records are maintained. Accordingly, the merchant acts as the Data Controller with respect to customer information.

Threadesk as Data Processor

Threadesk acts as a Data Processor and processes information only to provide the services requested by the merchant. Threadesk does not independently determine the purpose of customer data processing.

3. Our Privacy-First Commitment

Threadesk was architected around data minimization. Threadesk does not:

  • Scrape WhatsApp conversations in the background.
  • Monitor messages continuously.
  • Store raw WhatsApp message histories.
  • Store complete chat transcripts.
  • Store voice recordings.
  • Store voice note transcripts.
  • Send messages automatically.
  • Send bulk messages.
  • Operate as a chatbot.

AI processing occurs only after the merchant manually initiates a scan. Conversation data used during AI analysis is processed ephemerally for the purpose of generating structured business information. Only merchant-approved results may be saved.

Examples include:

  • Customer profiles.
  • Order details.
  • Payment information.
  • Delivery information.
  • Receipt information.

4. Information We Collect

Merchant Account Information

We may collect:

  • Name.
  • Email address.
  • Phone number.
  • Business name.
  • Preferred currency.
  • Country.
  • Language preferences.
  • Time zone.
  • Authentication information.
  • Subscription status.

Authentication Data

We process authentication information including login credentials, Google Sign-In identity tokens, session identifiers, and device identifiers. Refresh tokens stored by the browser extension are encrypted at rest using AES-GCM encryption within browser storage. Access tokens are stored temporarily in memory and expire automatically.

Billing Information

Subscription payments are processed by third-party payment providers. Depending on your region, payment information may include billing name, transaction identifiers, subscription identifiers, and payment provider customer IDs. Threadesk does not store complete payment card information.

Customer Metadata

When approved by the merchant, Threadesk may store:

  • Customer display names.
  • Phone numbers.
  • Customer notes.
  • Order information.
  • Payment status.
  • Receipt information.
  • Delivery information.
  • Tags and reminders.
  • Customer interaction timestamps.

Only information intentionally approved by the merchant is stored.

Usage Information

We may collect browser information, extension version, operating system, device identifiers, error logs, service usage statistics, and feature usage metrics. These records help us improve reliability and diagnose technical issues.

5. How We Use Information

We use information to:

  • Provide the Threadesk extension.
  • Authenticate users.
  • Maintain account security.
  • Generate receipts.
  • Maintain customer records.
  • Manage subscriptions.
  • Enforce capability limits.
  • Deliver AI-assisted extraction.
  • Send operational notifications.
  • Deliver daily summaries.
  • Provide customer support.
  • Improve service reliability.
  • Prevent fraud and abuse.

6. AI Processing

AI-assisted analysis occurs only after a merchant initiates a scan. AI systems may temporarily process selected message content, attachments approved for scanning, and contextual business information. Threadesk minimizes transmitted information wherever possible. AI providers do not receive unrestricted access to merchant accounts. AI-generated information must be reviewed by the merchant before any information is saved.

7. Third-Party Service Providers

Threadesk uses carefully selected service providers.

Payment Processing

Payments may be processed through Paystack and Flutterwave. Payment providers operate under their own privacy policies.

Communication Infrastructure

Email delivery and operational notifications may be provided through Brevo.

Cloud Infrastructure

We use secure cloud hosting providers to deliver our services and maintain application availability. These providers process data solely to provide infrastructure services.

8. Data Sharing

Threadesk does not:

  • Sell personal information.
  • Rent customer information.
  • Share customer information for advertising.
  • Build advertising profiles.

Information may only be shared:

  • With service providers necessary to operate the platform.
  • To comply with legal obligations.
  • To protect users and platform security.
  • During corporate restructuring or acquisition.

9. Data Retention

We retain information only as long as necessary. Merchant information remains available while accounts remain active. Customer records remain under merchant control. Merchants may delete records at any time.

When account deletion is requested:

  1. The account enters a deletion grace period.
  2. Access may be restricted.
  3. Data is permanently removed after the applicable retention period, except where legal obligations require longer retention.

Certain financial or compliance records may be retained as required by law.

10. Security Measures

Threadesk employs technical and organizational safeguards including:

  • Encryption in transit.
  • Encryption at rest.
  • AES-GCM token protection.
  • Access controls.
  • Authentication protections.
  • Session expiration.
  • Audit logging.
  • Secure infrastructure practices.

No system can guarantee absolute security, but Threadesk continuously works to protect merchant information.

11. International Data Transfers

Threadesk serves merchants globally. Information may be processed outside the merchant's country of residence. Where required, appropriate safeguards are implemented to support lawful international data transfers.

12. Your Rights

Depending on your jurisdiction, you may have rights including:

  • Access.
  • Correction.
  • Deletion.
  • Restriction.
  • Portability.
  • Objection.
  • Withdrawal of consent.

Requests may be submitted through our support channels.

13. GDPR

For users within the European Economic Area, processing may rely upon:

  • Contractual necessity.
  • Legitimate interests.
  • Legal obligations.
  • Consent where applicable.

14. Nigeria Data Protection Act

For users located in Nigeria, Threadesk processes personal information in accordance with the Nigeria Data Protection Act (NDPA).

15. Children's Privacy

Threadesk is intended for merchants and business users. The service is not directed toward children under 18.

16. Changes to This Policy

We may update this Privacy Policy periodically. Material changes may be communicated through the application or by email. Continued use of the service constitutes acceptance of the updated policy.

17. Contact

Privacy requests and questions may be directed to: