Personvernerklæring

1. Information We Collect

We collect information to provide and improve our Services. This includes:

• Account Information: When you register, we collect your name, email address, phone number, job title, and authentication credentials (via our auth providers).
• Customer Content: Data you upload or generate using the Services, including documents, files, text prompts, audio recordings, call transcripts, and images.
• Contact Data: Information about your leads, prospects, or contacts that you upload to the system for outreach or management purposes.
• Usage & Telemetry Data: Technical logs, IP addresses, device information, API usage metrics, and workflow execution logs to monitor system performance and security.
• Integration Credentials: Encrypted tokens and keys for third-party services you choose to connect (e.g., HubSpot, LinkedIn, WordPress).

2. How We Use Your Information

We use your data for the following purposes:

• Service Provision: To operate the platform, process AI workflows, execute voice calls, and manage your workspace.
• Communication: To send you transactional emails, alerts, and updates regarding your account or the Services.
• Improvement & Analysis: To understand how users interact with our platform and to improve performance.
• Security & Compliance: To detect and prevent fraud, abuse, or security incidents.

3. Legal Basis for Processing

Under the GDPR, we process your data based on:

• Contractual Necessity: Processing required to fulfill our Terms of Service and provide the product to you.
• Legitimate Interests: For security, product improvement, and business operations.
• Consent: For specific marketing activities or optional features.

4. Data Sharing and Sub-processors

We utilize trusted third-party service providers to deliver our Services. These partners are contractually bound to protect your data:

• Cloud Infrastructure & Database: AWS (Sweden/Ireland) and Supabase (Sweden) for secure storage and computing.
• AI Model Providers: OpenAI (US), Anthropic (US), Google Cloud (EU), and Replicate (US) for content and image generation.
• Telephony & Voice: Twilio (Global/US) for call facilitation.
• Compute: Runpod/Telenor (EU/Norway) for specialized AI inference.
• Observability: Langfuse (EU) for system tracing and debugging.

5. International Data Transfers

Some of our partners (e.g., OpenAI, Twilio) are located in the United States. Transfers to these entities are protected by EU Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or the EU-US Data Privacy Framework (DPF), ensuring your data receives an adequate level of protection.

6. Data Retention

We retain your personal data only as long as necessary:

• Active Accounts: Data is retained indefinitely while your account is active to provide service history and context.
• Account Termination: Upon cancellation or termination of services, your operational data is deleted or anonymized within 10 business days.
• Backups: Encrypted disaster recovery backups may be retained for up to 30 days before being overwritten.

7. Your Rights

You have the right to:

• Access, correct, or request deletion of your personal data.
• Restrict or object to specific processing activities.
• Request a copy of your data in a structured format (Data Portability).
• Withdraw consent at any time where processing is based on consent.

To exercise these rights, please contact us at hello@threll.ai.

8. Security

We implement robust technical measures including encryption at rest (database and storage), encryption in transit (TLS 1.2+), access controls, and regular security audits to protect your data.

9. Contact Us

If you have questions about this Privacy Policy or our Data Processing Agreement (DPA), please contact: