Skip to content
Trust

Security

Thremark is built with security as a foundation, not an afterthought. Here’s how we protect your data.

Anonymous by default
No email, no name, no Apple ID required to use Thremark. Your device generates a random anonymous ID. We don’t collect your name or email by default. Your data is identified by a random device ID — what you put into Marks is yours to control.
Encryption in transit
All communication between your device and our servers uses TLS 1.3. API endpoints enforce HTTPS. WebSocket connections (voice) are encrypted in transit via WSS/TLS.
Cloudflare infrastructure
Backend runs on Cloudflare Workers (edge compute, 300+ cities). Database: Cloudflare D1 (SQLite at edge). Key-value: Cloudflare KV. Vector search: Cloudflare Vectorize. Purpose-built for isolation and privacy control, not shared hyperscaler infrastructure.
Full user control
See every mark (memory) your AI has. Edit or delete any mark. Export all your data. Delete your entire account — permanently, from all servers — with one tap.
No hidden data
Thremark has no shadow profiles, no behavioral tracking graphs, no data sales. Analytics are privacy-first (Plausible + PostHog, cookieless). Conversations go to AI providers only when you send them — encrypted in transit, never stored by us outside your account.
Crash monitoring
Sentry catches crashes automatically. Crash reports contain no personal data — only stack traces, device model, and OS version. Webhook alerts notify the team within seconds.

Third-party LLM providers

Thremark uses external AI providers to process your messages. Each provider has its own privacy policy.

ProviderUsed for
Google (Gemini)Chat, voice, image generation
OpenAI (GPT)Chat, voice, code
Anthropic (Claude)Chat, deep analysis
TavilyWeb search grounding

Access controls

Admin access to production infrastructure is limited to the founder. All admin API endpoints are protected. Kill switches can disable individual features (voice, image, search, code) in seconds without redeployment.

Database access requires Cloudflare authentication. There is no shared database password — access is scoped per worker binding.

Responsible disclosure

Found a vulnerability? Please report it to [email protected] with details and steps to reproduce. We take every report seriously and will respond within 48 hours.

For full details on data collection, retention, and your rights, see our Privacy Policy. For usage terms, see our Terms of Service.

← Back to Thremark·Privacy →·Terms·FAQ·