Privacy Policy | Think With Me

This Privacy Policy describes how ThinkWithMe ("we", "us", or "our") collects, uses, and protects your information when you use the Think With Me desktop application and website at thinkwithme.io (collectively, the "Service").

By using the Service, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address and display name. This information is required to authenticate you, manage your subscription, and provide customer support.

1.2 Billing Information

Payment transactions are processed by our merchant of record, Paddle. We do not collect, store, or have access to your full credit card number, CVV, or other sensitive payment details. Paddle provides us with a transaction ID, subscription status, and billing email for order management. Please refer to Paddle's Privacy Policy for details on how they handle payment data.

1.3 Usage Data

We collect usage metrics to operate the Service and manage billing, including:

Session count and session duration (for metering purposes).
Subscription plan and quota usage (minutes/hours consumed).
Application version and operating system version.
Feature usage flags (e.g., which AI provider is selected).

2. Voice and AI Data Processing

2.1 Voice Transcription

Think With Me uses OpenAI Whisper for speech-to-text transcription. All audio recording and transcription processing happens locally on your device. No audio data is transmitted to our servers.

2.2 AI Conversations

When you interact with AI providers (OpenAI, Anthropic Claude, or Google Gemini), your prompts are routed through our cloud API to the selected provider, and AI responses are relayed back to your device. All data in transit is encrypted using TLS 1.2 or higher. Your use of AI features is also subject to the respective provider's privacy policy:

2.3 Session History

To provide features such as conversation history and cross-device synchronization, your chat session data (including messages and session metadata) is stored on our servers. You can view, manage, and delete your sessions at any time through the application or your account dashboard. When you delete a session, all associated messages are permanently removed.

2.4 Screenshots

When you use the screenshot or window capture feature, the captured image is sent as part of your AI prompt for visual analysis. We do not independently store, index, or use captured images beyond processing the immediate AI request.

3. Third-Party API Keys

If you choose the Flex plan (bring your own API keys), your third-party API keys are securely stored and used solely to authenticate requests to the AI provider you select. We do not share your API keys with any party other than the respective AI provider for the purpose of fulfilling your requests. You can update or delete your stored keys at any time through the application settings.

4. Information We Do Not Collect

We want to be explicit about what we never collect:

Audio recordings — all voice capture and transcription happen entirely on your local device.
Files on your device — we do not scan, index, or access your local files.
Keystrokes or input — the hotkey system only detects the specific key combinations you configure; no keylogging occurs.

5. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the Service.
Process transactions and manage your subscription.
Provide features such as session history and conversation continuity.
Communicate with you, including support requests and service announcements.
Monitor usage for billing and to prevent abuse.
Improve the Service based on aggregated, anonymized usage patterns.
Comply with legal obligations.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6. Data Sharing and Disclosure

We may share your information only in the following limited circumstances:

Payment Processor: Paddle receives your billing information to process payments.
AI Providers: Your prompts and attached images are forwarded to the AI provider you select (OpenAI, Anthropic, or Google) in order to generate responses.
Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data becomes subject to a different privacy policy.
With Your Consent: We may share information for any other purpose with your explicit consent.

7. Cookies and Tracking

Our website uses essential cookies to maintain your authentication session. We do not use third-party advertising trackers. We may use minimal analytics (e.g., page views) to understand how visitors interact with our website. No personal data is shared with advertising networks.

8. Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures, including:

Encryption of all data in transit (TLS 1.2+).
Access controls and authentication for our backend systems.
Regular security reviews of our infrastructure.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Data Retention

We retain your account information and session data for as long as your account is active or as needed to provide the Service. Usage metrics for billing are retained for the duration required by applicable tax and accounting regulations (typically up to 7 years for financial records). If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your personal data.
Portability: Request a machine-readable copy of your data.
Objection: Object to the processing of your data in certain circumstances.
Withdrawal of Consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

11. Data Deletion

11.1 Session Deletion

You can delete individual sessions and their associated messages at any time through the application or your account dashboard. Deleted sessions are permanently removed from our servers.

11.2 Account Deletion

You may request complete deletion of your account and all associated data (including sessions, messages, usage history, and stored settings) by emailing [email protected]. Upon request, we will delete your data within 30 days, except where retention is required by law.

11.3 Local Data

Local application settings and cached data on your device can be removed by uninstalling the Think With Me application and deleting its data folder.

12. International Data Transfers

Our servers and infrastructure may be located in the United States or other countries. By using the Service, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws. We take steps to ensure that your data receives an adequate level of protection wherever it is processed.

13. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information promptly. If you believe we may have collected data from a child, please contact us at [email protected].

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

The right to know what personal information we collect, use, and disclose.
The right to request deletion of your personal information.
The right to opt out of the sale of personal information — we do not sell your personal information.
The right to non-discrimination for exercising your privacy rights.

To submit a request, contact [email protected].

15. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR). Our legal bases for processing your personal data include:

Contract Performance: Processing necessary to provide the Service you requested.
Legitimate Interests: Processing for our legitimate business interests (e.g., fraud prevention, service improvement) where not overridden by your rights.
Consent: Where you have given explicit consent for specific processing activities.
Legal Obligation: Processing required to comply with applicable law.

You may exercise your GDPR rights by contacting [email protected]. If you believe your rights have been violated, you have the right to lodge a complaint with your local data protection authority.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page with a revised "Last updated" date. For significant changes, we may also notify you via email or through the Application. We encourage you to review this Privacy Policy periodically.

17. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Privacy inquiries: [email protected]
General support: [email protected]
Website: thinkwithme.io