Privacy Policy

Last updated: March 1, 2026

Introduction

At Thallus ("Company", "Thallus", "we", or "us"), we respect your privacy and are committed to protecting it through our compliance with this policy.

This privacy policy describes the types of information we may collect from you or that you may provide when you access or use the Thallus platform, products, and services, including our website (the "Website"), related applications, and any hosted software-as-a-service ("SaaS") or self-hosted/private cloud deployments of Thallus (collectively, our "Services"), and our practices for collecting, using, maintaining, protecting, and disclosing that information.

This policy applies to information we collect:

  • Through your use of the Services, including our Website.
  • In email, text, and other electronic messages between you and us in connection with the Services.
  • Through mobile and desktop applications you download or access that are provided by Thallus and that provide dedicated non-browser-based interaction between you and the Services.
  • When you interact with our advertising, integrations, and applications on third-party websites and services, if those applications, integrations, or advertising include links to or reference this policy.

It does not apply to information collected by:

  • Us offline or through any other means, including on any other website or application operated by Thallus or any third party (including our affiliates and subsidiaries), except where this policy is expressly referenced as applicable; or
  • Any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or through third-party services.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Services. By accessing or using any of the Services, you agree to this privacy policy. This policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of the Services after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Children Under the Age of 18

Our Services are not intended for children under 18 years of age. No one under age 18 may provide any personal information to or on the Services. We do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on the Services or through any of their features, register to use the Services, make any purchases through the Services, use any of the interactive or public comment features of the Services, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at privacy@thallus.ai.

Residents of certain states under 13, 16, or 18 years of age may have additional rights regarding the collection and sale of their personal information. Please see Your State Privacy Rights for more information.

Information We Collect About You and How We Collect It

We collect several types of information from and about users of our Services, including information:

  • By which you may be personally identified, such as name, postal address, email address, telephone number, login identifiers, organization or employer, job title or role, or any other personal information category collected ("personal information");
  • That is about you but individually does not identify you; and/or
  • About your internet connection, the equipment you use to access our Services, and usage details.

We collect this information:

  • Directly from you when you provide it to us.
  • Automatically as you navigate through or use the Services. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, logs, and other tracking or telemetry technologies.
  • From third parties, for example, our business partners, integration partners, and, where applicable, your organization or identity provider.

Information You Provide to Us

The information we collect on or through our Services may include:

  • Information that you provide by filling in forms or fields in the Services. This includes information provided at the time of registering to use our Services, subscribing to our Services, configuring workspaces, projects, memories, workflows, or integrations, posting material, or requesting further services. We may also ask you for information when you enter a contest or promotion sponsored by us, and when you report a problem with the Services.
  • Records and copies of your correspondence (including email addresses), if you contact us.
  • Your responses to surveys that we might ask you to complete for research purposes.
  • Details of your interactions with us through our Services, such as account registrations, subscription or trial activations, and support or sales inquiries. If we collect payment information, it will generally be processed by third-party payment providers on our behalf and subject to their privacy practices.
  • Your search queries and other inputs within the Services, including your conversation history with Thallus, questions you ask, prompts you enter, and queries you run across connected documents and data sources.
  • Workflow definitions and configurations (for example, triggers, actions, data transformations, and approval steps) and workflow execution data (for example, run status, inputs, outputs, and error logs) used to automate and monitor processes you configure.
  • Audit logs and telemetry, such as authentication events, configuration changes, document operations, integration usage, query submissions, workflow runs, IP addresses, and user agents, which we maintain for security, operational, and compliance purposes.
  • OAuth tokens and similar credentials that you or your organization authorize us to obtain for third-party integrations (for example, Google, Microsoft, Slack, Jira, CRM, or database integrations). These tokens are encrypted at rest and used only to access the integrated services as configured by you or your organization.
  • Memories and other derived context that the system may extract from your interactions (such as preferences, relevant facts, and recurring entities) to personalize responses and improve automation within your organization’s workspace, subject to your organization’s configuration.
  • Account information, such as name, email address, organization or workspace affiliation, authentication identifiers, and password hash (we store only bcrypt-hashed passwords).
  • Conversation history, including your messages, AI responses, and related metadata (such as timestamps and workspace or channel identifiers), which we use to provide context continuity and improve responses within your workspace.
  • Uploaded documents and files (for example, PDF, DOCX, TXT, CSV, Excel) that you or your organization choose to upload, including derived data such as text extractions, "chunks," embeddings, and document metadata stored in underlying databases (such as a vector database) to enable search and retrieval.

The types of information processed through the Thallus platform may include, depending on your configuration and use of the Services: business contact and account data; conversation content and related context; content of uploaded documents and files; data retrieved from connected third-party systems (such as email, calendar, collaboration tools, CRMs, and databases); workflow definitions and execution data; memories and other derived context; and associated audit logs and telemetry. The specific categories and volume of data processed will depend on how you and your organization choose to use Thallus, the integrations you enable, and the information you or your organization decide to connect to or store within the Services.

Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with our Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and usage patterns, including:

  • Details of your use of our Services, including traffic data, location data, logs, other communication data, feature usage (such as which agents or tools are invoked), and the resources, documents, integrations, and workflows that you access and use within the Services.
  • Information about your computer and internet connection, including your IP address, operating system, and browser type, and, where applicable, device identifiers for applications used to access the Services.

We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking).

The information we collect automatically is mainly statistical data, but we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Services and to deliver a better and more personalized experience, including by enabling us to:

  • Estimate our audience size and usage patterns across the Services.
  • Store information about your preferences, allowing us to customize our Services according to your individual interests and organizational settings.
  • Speed up your searches and queries.
  • Recognize you when you return to our Services.

The technologies we use for this automatic data collection may include:

Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Services. For information about managing your privacy and security settings for cookies, see Choices About How We Use and Disclose Your Information.

Web Beacons. Pages of our Services may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Thallus, for example, to count users who have visited those pages or for other related service statistics (for example, recording the popularity of certain content and verifying system and server integrity).

Depending on applicable law, some of the information we collect automatically (such as IP addresses or device identifiers) may be considered personal information. We may tie non-personal information collected automatically to personal information about you that we collect from other sources or that you provide to us.

Third-Party Use of Cookies and Other Tracking Technologies

Some content or applications on the Services are served or supported by third parties, including analytics providers, infrastructure providers, large language model ("LLM") providers, integration partners, advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Services. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content, to provide, maintain, and improve their services, or to support functionality you choose to enable within the Services.

We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement, integration, or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see the opt-out tools offered by the Network Advertising Initiative ("NAI"), the Digital Advertising Alliance, or your browser or device settings.

How We Use Your Information

We use information that we collect about you or that you provide to us, including any personal information:

  • To present, operate, and maintain our Services and their contents to you.
  • To provide you with information, products, or services that you request from us, including access to the Thallus platform, workspaces, memories, workflows, document intelligence features, and integrations you or your organization configure.
  • To fulfill any other purpose for which you provide it.
  • To provide you with notices about your account, including technical, security, and administrative notices.
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you (or your organization) and us in connection with the Services, including for support, security, incident response, and compliance purposes.
  • To notify you about changes to our Services or any products or services we offer or provide through them.
  • To allow you to participate in interactive features, collaboration features, and other functionality on our Services.
  • In any other way we may describe when you provide the information.
  • For any other purpose with your consent.
  • In particular, in connection with the Services we may use your information (including account information, conversation history, uploaded documents, configured memories, workflow definitions and runs, OAuth tokens, and audit logs): (a) to provide and improve conversational and workflow functionality you initiate, including multi-agent orchestration, document research, and cross-system queries; (b) to maintain audit, logging, and security records and to support your organization’s compliance and governance needs; (c) to administer and secure integrations, single sign-on, and access controls; and (d) to provide support and troubleshoot issues you or your organization report.
  • We may also use de-identified, pseudonymized, or aggregated information derived from your use of the Services to analyze performance, improve the functionality, security, and reliability of Thallus, develop new features, and generate insights about usage patterns. We may share such de-identified, pseudonymized, or aggregated information with our service providers and subprocessors (for example, hosting, analytics, and monitoring providers) for these purposes. When we use or share data in this form, we do not attempt to re-identify individuals.

LLM Providers, Subprocessors, and Service Improvement

Thallus is model-agnostic and supports multiple LLM providers and third-party integrations. Depending on how your organization configures the Services, Customer Data (such as your prompts, conversation history, relevant document excerpts, and workflow context) may be transmitted to third-party LLM providers to generate responses or perform tasks. These include, for example, OpenAI, Anthropic, Google (Gemini), xAI, and other similar services, as well as any additional providers your organization elects to use. Use of these providers is subject to their own terms and privacy policies in addition to this policy and any separate terms we may have with your organization.

For organizations that require increased data control or data residency, Thallus supports local and self-hosted LLM options (for example, using Ollama or other self-hosted models). When your organization uses such local models and configures Thallus accordingly, Customer Data used for inference remains within your organization's controlled environment rather than being sent to third-party, cloud-hosted LLM providers.

If your organization connects third-party services (such as Google Workspace, Microsoft 365, Slack, Jira, CRM systems, databases, or other tools) to Thallus, we will access those services only using the permissions granted (for example, via OAuth tokens or API keys) and only to perform the integrations, workflows, and automations you or your organization have configured. Data retrieved from such services is treated as Customer Data and handled in accordance with this policy and, where applicable, any separate data protection terms agreed with your organization.

Disclosure of Your Information

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose personal information that we collect or you provide as described in this privacy policy:

  • To our subsidiaries and affiliates.
  • To contractors, service providers, subprocessors, and other third parties we use to support our business (such as hosting and infrastructure providers, storage providers, security vendors, analytics providers, customer support tools, integration partners, and LLM providers) and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them and in accordance with applicable law.
  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Thallus's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Thallus about our users is among the assets transferred.
  • To third parties to market their products or services to you if you have affirmatively opted in to these disclosures and such disclosures are permitted by applicable law. We contractually require these third parties to keep personal information confidential and use it only for the purposes for which we disclose it to them. For more information, see Choices About How We Use and Disclose Your Information.
  • To fulfill the purpose for which you provide it.
  • For any other purpose disclosed by us when you provide the information.
  • With your consent.

We may also disclose your personal information:

  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
  • To enforce or apply terms and conditions or other agreements that govern your access to and use of the Services, including for billing, collection, security, and compliance purposes.
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Thallus, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Choices About How We Use and Disclose Your Information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

  • Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.

We do not control third parties' collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website.

Residents of certain states may have additional personal information rights and choices. Please see Your State Privacy Rights for more information.

Accessing, Correcting, and Deleting Your Information

If you access the Services through an organization (such as your employer), certain choices and controls over your information (including retention, access, and workflow or integration configuration) may be managed by that organization’s administrator, and you may need to direct some requests to them.

Depending on your relationship with us and applicable law, you or your organization may be able to access, correct, update, or delete certain personal information directly through the Services (for example, by updating your profile, adjusting workspace settings, or managing uploaded documents, memories, or workflows).

If you are an end user of Thallus under an account provided by your organization, please direct requests to access, correct, or delete your personal information first to your organization. We will cooperate with your organization, as appropriate and consistent with our contractual commitments, to help respond to such requests. You may also contact us using the information in the Contact Information section if you have questions about how we handle your information.

Your State Privacy Rights

State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information.

California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia provide (now or in the future) their state residents with rights to:

  • Confirm whether we process their personal information.
  • Access and delete certain personal information.
  • Correct inaccuracies in their personal information, taking into account the information's nature and processing purpose (excluding Iowa and Utah).
  • Data portability.
  • Opt-out of personal data processing for:
    • targeted advertising (excluding Iowa);
    • sales; or
    • profiling in furtherance of decisions that produce legal or similarly significant effects (excluding Iowa and Utah).
  • Either limit (opt-out of) or require consent to process sensitive personal data.
  • To exercise any of the rights described above (where applicable), you may contact us using the contact information in the Contact Information section below and indicate which state you reside in and the nature of your request. We may need to verify your identity and, where you act on behalf of an organization, your authority to make the request.

Deployment Options and Data Hosting

  • SaaS deployment. When you or your organization use Thallus as a hosted SaaS service managed by us, Thallus hosts and operates the application and related infrastructure in cloud environments we select. In this case, personal information and other content that your organization submits to the Services ("Customer Data") is stored in our managed infrastructure, and we are responsible for applying the technical and organizational security measures described in this policy to that environment.
  • Self-hosted or private cloud deployment. When your organization deploys Thallus on its own infrastructure (for example, on-premises or in its own cloud account), your organization controls the hosting environment and underlying storage for Customer Data. In these deployments, Thallus does not routinely host or access your Customer Data except as necessary and authorized to provide support, maintenance, or other services requested by your organization.

The way your information is hosted and who can access it will depend on which deployment option is selected by you or your organization. If you have questions about how your organization has deployed Thallus or where your data is hosted, please contact your organization's administrator.

Data Security

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. These measures include, among others, encrypting OAuth tokens and other sensitive secrets at rest, hashing passwords using bcrypt, enforcing HTTPS/TLS for data in transit, applying role-based access controls, and maintaining audit logs of significant actions within the Services. Any payment transactions will be encrypted.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

Use of Customer Data for Model Training

Thallus does not use Customer Data (including your conversation content, uploaded documents, memories, workflows, or integration data) to train or improve any general-purpose or third-party foundation models in a way that would allow those models to learn from or generate outputs specific to your organization for the benefit of other customers. To the extent we rely on third-party LLM providers, we configure those services, where options are available, so that Customer Data sent for inference is not used by those providers to train or improve their general models for other customers.

We may, however, use de-identified, pseudonymized, or aggregated information derived from Customer Data to improve and operate the Services, such as to monitor performance, enhance reliability, and develop new features, provided that such information does not identify you or your organization.

Changes to Our Privacy Policy

It is our policy to post any changes we make to our privacy policy on this page. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this privacy policy to check for any changes.

Contact Information

To ask questions or comment about this privacy policy and our privacy practices, contact us at: privacy@thallus.ai