←
Back
Privacy Policy
Your privacy is fundamental to everything we build at ThoughtStream®.
ThoughtStream is 100% ad-free and we never sell your data. No tracking pixels, no
third-party advertisers — just a space for real thoughts.
1. Information We Collect
- Account Information: Email address, username, first name, last name, and password
(securely hashed). Google or Apple sign-up shares your name and email from those providers.
- Profile Information: Optional bio, gender, date of birth, and profile photo. Gender
and
date of birth, once set, cannot be changed.
- Content You Create: Entries, thoughts, comments, likes, messages, polls, goals, and
any
other content you post.
- Usage Data: Screen time data and app usage analytics (visible to you in your
dashboard). Device tokens for push notifications.
- Technical Data: IP address, browser type, device information, and basic request
logs
for security and performance.
2. How We Use Your Information
- Provide the Service: Display your profile, feed, messages, and enable social
features
like following, likes, and comments.
- Communication: Send email verification codes, password reset emails, and important
account notifications via Resend.
- Push Notifications: Deliver real-time notifications for messages, likes, comments,
follows, calls, and stream invitations via FCM and APNs.
- AI Features: When you use AI-powered features, your relevant data is processed by
our
AI provider (Groq). We do not use your data to train AI models.
- Security: Detect and prevent fraud, abuse, and violations of our terms.
- Performance: Monitor and improve app performance using Sentry for error tracking
(errors only, not personal data).
3. Information Sharing
We do not sell, rent, or trade your personal information to third parties. We share data
only with:
- Service Providers: Cloud infrastructure (Railway, Neon, Netlify), image hosting
(Cloudinary), email delivery (Resend), error tracking (Sentry), and AI processing (Groq). These
providers process data solely on our behalf.
- Other Users: Your public profile and entries (unless in Incognito Mode) are visible
to
others. Direct messages are only visible to participants.
- Legal Requirements: We may disclose information if required by law, court order, or
to
protect the safety of our users.
4. Data Storage and Security
- Passwords are hashed using bcrypt (never stored in plain text)
- OAuth tokens encrypted using AES-256-GCM
- All data transmitted over HTTPS/TLS encryption
- Database hosted on Neon (PostgreSQL) with encryption at rest
- JWT tokens with configurable expiration for authentication
- Rate limiting and CAPTCHA protection prevent automated attacks
5. Your Rights and Controls
- Access: View all your data through your profile and settings
- Edit: Update your profile, bio, and personal information at any time
- Incognito Mode: Hide all your entries from public view with a single toggle
- Delete: Permanently delete your account and all associated data from Settings —
this is
irreversible
- Notifications: Control push notification preferences on your device
6. Real-Time Features
ThoughtStream includes live streaming, circles, and voice/video calls:
- WebRTC: Peer-to-peer audio/video connections. Media streams are not stored on our
servers.
- TURN Server: Relay server for when direct connections aren't possible. Relayed data
is
not stored.
- Socket.IO: Real-time messaging and presence. Online status is shared only with
mutual
followers.
7. Cookies and Local Storage
We use browser localStorage to store your authentication token and user preferences (such as particle
opacity
settings). We do not use third-party tracking cookies or advertising pixels.
8. Children's Privacy
ThoughtStream is not intended for children under the age of 13. We do not knowingly collect personal
information from children under 13. If we become aware that a child under 13 has provided us with
personal
information, we will delete that information.
9. International Data Transfers
Your data may be processed in the United States and other countries where our service providers operate.
By
using ThoughtStream, you consent to the transfer of your data to these jurisdictions.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting
the
updated policy and updating the "Last updated" date. Continued use constitutes acceptance.