Privacy · Throughline · Throughline

Throughline never sells, shares, or trains models on your data. Your insights are computed inside your project alone. The rest of this page explains the mechanics.

On this page

1. Who we are
2. What we collect
3. Where it lives
4. How we protect it
5. How we use it
6. Sub-processors
7. Retention & deletion
8. Your rights
9. Analytics & session replay
10. Cookies
11. Changes
12. Contact

1. Who we are

Throughline is a marketing-to-revenue dashboard at trythroughline.ai, operated by Throughline (India). When this page says we or us, it means the operating team behind Throughline.

2. What we collect

We collect only what we need to run the product for you.

Account & profile

Your Google identity (name, email, avatar) when you sign in via Google OAuth.
Your company snapshot — name, website, ACV band, team size, goals you set during onboarding.

Content you upload

Knowledge-base documents (PDF, DOCX, TXT, MD, PPTX). Up to 10 MB total.

Source credentials

Personal access tokens, OAuth tokens, API keys for the third-party sources you choose to connect (Calendly, Mailchimp, Amplitude, Instagram, Google Search Console, YouTube, AI-citation provider keys, etc.).

Data we ingest on your behalf

Events, contacts, campaigns, metrics from the sources you authorise — only the fields each ingestor needs.
Derived metrics, journey-stage counts, and insight artifacts computed from that data.

Audit + operations

A log of every credential write, read, and revoke (actor + timestamp).
Standard request logs from our hosting (Vercel) and database (Supabase).

3. Where it lives

All persistent data lives in our Supabase project in the ap-southeast-1 region (Singapore). That includes Postgres tables, the kb Storage bucket for your KB documents, and Supabase Vault for credentials.

Some processing transits to LLM APIs (Anthropic, OpenAI) for insight generation and embeddings — see sub-processors below. Those calls are made from our worker; your raw credentials never leave Supabase.

4. How we protect it

Encryption in transit. TLS 1.2+ everywhere, including all worker → upstream calls.
Encryption at rest. Supabase encrypts Postgres + Storage at rest by default.
Credentials in Vault. Source tokens are stored in Supabase Vault (pgsodium / libsodium, AES-256-GCM, per-record nonces). The web app holds only the anonymous publishable key — it literally cannot decrypt your tokens. After you save a credential, the UI shows ••••a3b9 and aVAULT pill; the cleartext is gone from the wire.
Tenant isolation. Every table is gated by Row-Level Security policies keyed on tenant membership. A user can only ever see rows for tenants they belong to.
Read-only upstream scopes. Every OAuth flow asks for the minimum read scope its ingestor needs. We never request write or admin scopes.
Auditable access. The worker reads decrypted credentials only at ingest time; every read writes a row to the credential_audit_log table that you can review from the source drawer.

5. How we use it

We use your data only to deliver Throughline to you. That means:

Pulling data from the sources you authorise and joining it across tools.
Computing dashboard sections, journey stages, cohort tables, and insights for your tenant — never across tenants, never to build aggregate products.
Sending model calls to Anthropic / OpenAI to generate insight text and embeddings, with explicit no-train and no-retain flags where the provider supports them.

What we never do:

We do not sell your data.
We do not share your data with third parties outside the sub-processors below.
We do not use your data to train models. Not ours, not anyone else's.
We do not aggregate across tenants to produce derived products or benchmarks.

6. Sub-processors

We use a small, deliberately short list of vendors:

Supabase (auth, Postgres, Storage, Vault). Project region: ap-southeast-1. Holds essentially all of your data.
Anthropic (Claude API, US). For insight generation. Sent: KB context + computed metrics relevant to the insight. Not sent: raw source credentials.
OpenAI (US). For text embeddings (KB chunks) and supplementary completions. Not sent: raw source credentials.
Vercel (US). Web app hosting. Stateless — no user data is persisted at Vercel.
Amplitude (US). Product analytics and session replay. Receives anonymised interaction events and a session recording. Does not receive your waitlist form contents; those fields are masked before recording (see §9).

If we change this list materially, we will update this page and notify active accounts by email before the change takes effect.

7. Retention & deletion

Account & tenant config: retained while your account is active.
Knowledge-base documents: retained until you remove them from the Intelligence section.
Source credentials: retained until you click Disconnect (which deletes both the vault entry and the sources row, and logs a revoke entry).
Ingested data & insights: retained while your account is active. You can request a full export at any time.
Audit log: retained for at least 12 months, then truncated.
Account deletion: email hello@trythroughline.ai. We will delete all tenant data within 30 days and confirm in writing.

8. Your rights

Regardless of where you live, you have these rights with us:

Access & export. Request a full export of your tenant data (JSON + CSV bundle).
Correction. Edit your company snapshot, goals, and KB at any time from the Intelligence section.
Deletion. Delete a source, a KB doc, your goals, or the whole account.
Withdraw consent. Revoke an upstream OAuth grant from both sides — Throughline and the upstream tool — at any time.
Audit record. Request a copy of all credential-access entries for your tenant.

If you're in the EU or UK and want to exercise rights under GDPR, or if you're in India and want to exercise rights under the Digital Personal Data Protection Act 2023, write to hello@trythroughline.ai. We'll respond within 30 days.

9. Analytics & session replay

We use Amplitude for product analytics and a session replay (a recording of on-page interaction) to understand which parts of the product work: pageviews, clicks, and scroll depth, sampled at 100% of sessions. This is so we can fix what confuses people, not to profile them.

What it does not capture:

Your waitlist form is masked. The name, email, and goal fields carry a DOM-level mask, so what you type there is never recorded in the replay and never sent to Amplitude as an event property. Your actual waitlist submission goes only to our own database and a notification email to us (covered in §2 and §5), never to Amplitude.

Amplitude (US) acts as a processor for this; it is listed in §6. To opt out, email hello@trythroughline.ai and we will exclude your sessions, or use a browser or extension that blocks analytics. We are evaluating Global Privacy Control / Do-Not-Track signalling and will honour it here once implemented; until then the email opt-out is authoritative.

10. Cookies

We set only the cookies required to keep you signed in (managed by Supabase Auth, SameSite=Lax, HTTPS-only). We do not run third-party advertising or cross-site tracking. Amplitude (see §9) sets first-party storage and a cookie to count a session for analytics and replay; it is not used for advertising.

11. Changes

If we change this policy in a way that affects how we handle your data, we'll bump the version, change the effective date, and notify active accounts by email at least 14 days before the change takes effect. Minor edits (typos, clarifications, formatting) won't trigger a notification.

12. Contact

Privacy questions, deletion requests, data exports, security disclosures: hello@trythroughline.ai. For security-specific issues, see also our security page.

Plain Englishprivacy