Skip to content
Legal

Política de privacitat

Última actualització: 10 d’abril de 2026

1. What Thremark collects

  • Marks (saved facts) — stored on your device and synced to our server using an anonymous device ID (not your Apple ID or personal account). Server-side storage powers AI memory features like semantic search, contradiction detection, and cross-fact connections. No personally identifiable information is tied to your marks on the server. You can delete all server data at any time from Settings.
  • Chat messages — stored on your device and synced to our server (by anonymous device ID) to enable multi-device access and chat history. Messages are forwarded to AI providers (OpenAI, Google Gemini, Anthropic) to generate responses. Server-stored messages are subject to automatic rotation when per-user storage limits are reached.
  • Anonymous session — a device-generated UUID to manage your API session. No name, email, or Apple ID is sent to our server. All server-side data is linked only to this anonymous device ID.
  • Apple ID (optional) — if you choose Sign in with Apple, your name and email are stored only on your device for display purposes. Your Apple ID is used for subscription management through Apple but is not stored on our server.
  • Files — AI-generated files (documents, summaries, plans) are stored on your device and synced to our server (by anonymous device ID) to enable features like cross-device access and server-side search. You can delete all server data at any time from Settings.
  • Notifications & Reminders — if you ask Thremark to remind you about something, push notifications may be scheduled on our server and delivered via Apple Push Notification service (APNs). Your device token (anonymous) and reminder details are stored on the server until delivered, then automatically deleted. No personal information is tied to notifications.
  • Thinking & reasoning models — when you select a thinking or reasoning model, your message is sent to OpenAI or Anthropic reasoning API. The model may generate internal reasoning tokens that are not stored. Only the final response is returned to you.
  • Photos, Camera & Image Generation — if you attach images to a chat, they are compressed on-device and sent to the AI provider for analysis. If you request AI-generated images, your prompt is sent to Google Gemini for image creation. Uploaded and generated images are not permanently stored on our servers.
  • Microphone & Voice AI — if you use voice input or Voice AI conversations, audio is streamed to Google Gemini Live API or OpenAI Realtime API for real-time processing, or to OpenAI Whisper for speech-to-text transcription. Audio is not stored on our servers after processing is complete. Voice session metadata (duration, provider used, number of extracted marks) may be stored for service improvement. Voice conversations can auto-extract marks (facts) and create files, just like text chats.

2. How data is stored

  • On your device — marks, chats, messages, and files are stored locally using SwiftData (Apple's on-device database). This data never leaves your device unless you use features that require server sync.
  • On our server — marks, chats, messages, and files are synced to our server (Cloudflare D1 database) using your anonymous device ID. This enables AI memory features, cross-device access, and intelligent search. No personally identifiable information is stored — only the anonymous device UUID generated on first launch.
  • Semantic search index — marks are embedded as numerical vectors (Cloudflare Vectorize) for semantic search. Each user's vectors are isolated by device ID namespace.
  • Retention — messages on our server are subject to automatic rotation: older messages are removed when per-user storage limits are reached (typically after 90 days of accumulation). Marks and files remain until you delete them. Deleting data in Settings removes it from both your device and our server.

3. Third-party services

  • OpenAI API — processes chat messages to generate responses, including reasoning models. Subject to OpenAI Privacy Policy.
  • Google Gemini API — alternative AI provider. Subject to Google Privacy Policy.
  • Anthropic API — alternative AI provider for chat and reasoning models. Subject to Anthropic Privacy Policy.
  • Google Gemini Image Generation — if you request AI-generated images, your text prompt is sent to Google Gemini for image creation. Subject to Google Privacy Policy.
  • Tavily Search API — when you use Web Search, your query is sent to Tavily to retrieve real-time results. Subject to Tavily Privacy Policy.
  • Google Gemini Live API — default provider for Voice AI conversations. Audio is streamed to Google for real-time processing. Subject to Google Privacy Policy.
  • OpenAI Realtime API — alternative Voice AI provider (available for Plus and Pro). Audio is streamed to OpenAI for real-time processing. Subject to OpenAI Privacy Policy.
  • Cloudflare — our server infrastructure. Data is stored in Cloudflare D1 (database) and Cloudflare Vectorize (semantic search). Subject to Cloudflare Privacy Policy.
  • GitHub (optional) — if you connect GitHub Sync (Plus/Pro), your marks, files, and chat history are pushed to a private GitHub repository you own. Your GitHub OAuth token is stored on our server. You can disconnect at any time from Settings. Subject to GitHub Privacy Statement.
  • Sentry — crash reporting and performance monitoring for the iOS app and backend infrastructure. No personal data, message content, or marks are included. A pseudonymous device identifier may be attached to error reports for debugging purposes. Subject to Sentry Privacy Policy.

4. Data we do NOT collect

  • We do not sell, share, or monetize your personal data.
  • We do not track your location.
  • We do not use advertising SDKs or trackers.
  • We do not collect your name, email, or Apple ID on our server.
  • We do not use cross-app tracking (IDFA is not used).

5. Your rights

  • Delete all data — available in Settings at any time. Removes all marks, chats, messages, files, and associated metadata from your device AND from our server (D1 database and Vectorize index). Certain aggregated analytics data that cannot be linked back to you may be retained. This action is irreversible.
  • Delete account — if you signed in with Apple, you can delete your account from Settings. This signs you out, removes all local data, deletes all server-side data linked to your device ID, and resets the app to its initial state.
  • Export — you can export your marks via the share sheet.
  • No account required — Thremark works without signing in. Sign in with Apple is optional.
  • GDPR & CCPA — if you are in the EU or California, you have the right to access, correct, or delete your data. Contact us at [email protected].

6. Analytics

Thremark uses privacy-friendly analytics to improve the product:

  • Website: Plausible Analytics (plausible.io) — cookie-free, no personal data collected, compliant with GDPR/CCPA. Tracks page views and referral sources only. PostHog (posthog.com) — anonymous product analytics for website improvement. No personal data or cross-site tracking.
  • iOS app: PostHog (posthog.com) — pseudonymous usage metrics identified by device UUID (screen views, feature usage, session length). No personal information, message content, or marks are included. No cross-app tracking (IDFA is not used). No ATT prompt required. Sentry — crash reports only. No user content included.
  • Backend: PostHog — pseudonymous API usage metrics identified by device UUID. Sentry — error tracking and performance monitoring for server infrastructure. A shortened device identifier may be attached to error reports for debugging.

All analytics data is aggregated and anonymous. You cannot be personally identified through analytics.

7. Children

Thremark is not intended for children under 13. We do not knowingly collect data from children.

8. Cookies

The Thremark website uses a single cookie to store your language preference. No tracking cookies, advertising cookies, or third-party cookies are used. The iOS app does not use cookies.

9. International data transfers

Thremark uses Cloudflare’s global edge network. Your data may be processed in data centers outside your country of residence, including in the United States. Cloudflare provides Standard Contractual Clauses (SCCs) and complies with applicable data transfer frameworks. All transfers are encrypted in transit via TLS.

10. Legal basis for processing (GDPR)

  • Contract performance — processing necessary to provide the Thremark service you requested (chat, marks, files, voice).
  • Legitimate interest — anonymous analytics, crash reporting, and service improvement, where your privacy rights are not overridden.
  • Consent — optional features like push notifications, Sign in with Apple, and GitHub Sync are activated only by your explicit action.

11. Changes

We may update this policy as features ship. Material changes will be noted here with an updated date.

12. Contact

Questions about your data or this policy? Email us at <a href="mailto:[email protected]" class="underline">[email protected]</a>.

← Torna a Thremark·Condicions →·Seguretat·FAQ