Privacy Policy

ADVISOR by Threatwise™ is built using data minimization principles. By default, chat content is not intentionally retained by Threatwise beyond the active session except as described below.

Conversation transcripts are not stored unless you explicitly enable optional memory features or voluntarily submit content through consultation channels.

We do not use user chat content or inputs to train proprietary AI models owned by Threatwise.

We collect only the information reasonably necessary to operate accounts, process payments, provide the Service, maintain system integrity, and comply with legal obligations.

Account Information: name, email address, organization if provided, subscription tier, and authentication credentials managed securely via providers such as Auth0.

Payment Information: payments are processed by Stripe. We do not store full credit card numbers or sensitive payment credentials.

Usage and Technical Data: limited technical information such as IP address, browser and device information, session timestamps, error logs, and API usage metrics.

Chat Content and Inputs: processed in real time to generate responses and not intentionally retained unless optional memory is enabled, materials are voluntarily submitted through support channels, or retention is required for abuse investigation, security monitoring, legal compliance, or dispute resolution.

We do not sell personal information, do not share personal information for cross-context behavioral advertising, and do not use user chat content to train proprietary AI models. Service improvements are based, where feasible, on aggregated or anonymized data.

• Provide, operate, and maintain the Service
• Authenticate users and manage accounts
• Process payments and subscriptions
• Detect, prevent, and investigate abuse or security incidents
• Improve system performance and reliability
• Comply with legal obligations

We rely on trusted third-party providers to operate the Service, including Stripe, Auth0, Pinecone, n8n, AI infrastructure providers, and hosting or cloud providers such as Vercel or equivalent.

These providers are subject to data protection obligations and agreements with us designed to safeguard information. They may process data only as necessary to provide their services. We may update subprocessors in the ordinary course of business.

We retain account information while the account is active plus a reasonable period thereafter, payment records as required by tax and financial regulations, technical logs typically for 30 to 90 days, and optional memory data until deleted by you or account termination.

Upon account deletion, we will delete or anonymize personal data consistent with legal, regulatory, security, or dispute-resolution obligations.

We implement reasonable administrative, technical, and organizational safeguards designed to protect personal information, including encryption in transit and, where appropriate, at rest.

No system can guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials. In the event of a confirmed data breach affecting personal information, we will provide notice as required by applicable law.

The Service is operated from the United States. Your data may be processed in the United States or other countries where our subprocessors operate. For users in the EEA, UK, or similar jurisdictions, we implement appropriate safeguards such as Standard Contractual Clauses where required by law.

Depending on your jurisdiction, you may have rights to access personal information, correct inaccurate data, request deletion, restrict or object to certain processing, request data portability where applicable, and withdraw consent where processing is based on consent.

To exercise these rights, contact legal@threatwiseglobal.com. We may require identity verification before processing your request.

California residents may request disclosure of categories of personal information collected, deletion of personal information, confirmation that we do not sell or share personal information, limitation of use of sensitive personal information, and non-discrimination for exercising privacy rights.

EEA and UK users have the rights listed above, including the right not to be subject to solely automated decisions producing legal or similarly significant effects. The Service does not make solely automated decisions with legal or significant effects without human involvement.

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected such data, we will take appropriate steps to delete it.

We use essential cookies and similar technologies for authentication, security, and core functionality. We do not use tracking cookies for cross-site behavioral advertising. You may manage cookie preferences through your browser settings.

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the Last Updated date and, where appropriate, providing notice through the Service or by email. Continued use of the Service after changes constitutes acceptance of the updated Policy.

If you have questions about this Privacy Policy or our data practices, contact legal@threatwiseglobal.com.