Privacy Policy
Last updated: April 24, 2026
ThreadPocket ("we", "us", or "our") is operated by Boiling Brains OÜ. This Privacy Policy explains how we collect, use, and protect your information when you use ThreadPocket ("the Service") at threadpocket.com and app.threadpocket.com.
1. Information We Collect
Account information When you sign up, we collect your name and email address via Google OAuth or email authentication.
Figma data When you connect a Figma file, we access and store:
- Figma OAuth tokens to authenticate API requests on your behalf
- Comments and threads from Figma files you explicitly connect
- Node and frame metadata for connected files
- Your Figma display name and avatar URL
We only access Figma files you explicitly connect to ThreadPocket. We do not scan, index, or bulk-export your Figma account.
Usage data We collect basic usage data such as pages visited and features used to improve the Service.
2. How We Use Your Information
We use your information to:
- Provide and operate the Service
- Sync Figma comments and threads at your request
- Generate AI-powered design plans using your project context
- Send transactional emails (account verification, notifications)
- Improve and debug the Service
We do not sell your personal data to third parties.
3. Data Storage
Your data is stored in Supabase (PostgreSQL) hosted in West Europe (London, eu-west-2). Figma OAuth tokens are stored securely and used only to make API requests on your behalf.
4. Third-Party Services
ThreadPocket integrates with:
- Figma — to sync comments and threads (Figma Privacy Policy)
- Supabase — for database and authentication (Supabase Privacy Policy)
- Anthropic — for AI plan generation (Anthropic Privacy Policy)
- Google — for OAuth sign-in (Google Privacy Policy)
ThreadPocket, not Figma, is responsible for the privacy, security, and integrity of any data collected through our Figma integration.
5. Data Retention
We retain your data for as long as your account is active. You can request deletion of your account and associated data at any time by contacting us at support@threadpocket.com.
6. Security
We implement industry-standard security measures including encrypted connections (HTTPS), secure token storage, and row-level security on our database. However, no method of transmission over the internet is 100% secure.
7. Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Request correction or deletion of your data
- Object to or restrict processing of your data
- Export your data in a portable format
To exercise these rights, contact us at support@threadpocket.com.
8. Cookies
We use essential cookies for authentication and session management. We do not use tracking or advertising cookies.
9. Children's Privacy
The Service is not directed to children under 16. We do not knowingly collect personal data from children.
10. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes by email or by posting a notice on the Service. Continued use of the Service after changes constitutes acceptance.
11. Contact
If you have any questions about this Privacy Policy, please contact us: team@threadpocket.com