Privacy Policy

Your Privacy Matters

Last updated: January 2025

Our Commitment to Privacy

At Thalamus AI Systems, transparency isn't just a value — it's our foundation. This privacy policy explains how we collect, use, protect, and share your information when you use our services.

We believe you have a right to know exactly what happens to your data. No legalese, no hiding behind vague terms. This is our promise to you.

What We Collect

Account Information

  • • Name, email address, company name
  • • Billing information (processed by Stripe, we never see your card numbers)
  • • Account preferences and settings

Usage Data

  • • Features you use and how you use them
  • • Performance metrics and error logs
  • • API calls and integrations you configure

Business Data (Your Content)

  • • Data you explicitly provide to SOPHIA for processing
  • • Workflows, policies, and configurations you create
  • • Integration data from connected services (with your permission)

Important: Your business data is YOUR data. We process it, we don't own it, sell it, or use it to train AI models (unless you explicitly opt in).

How We Use Your Data

To Provide Services

We use your data to operate Thalamus AI Systems, process your requests, and provide support.

To Improve Products

Anonymized usage patterns help us identify bugs, optimize performance, and build better features. We NEVER share your specific business data for this purpose.

To Communicate

Service updates, security alerts, and billing notifications. You can opt out of marketing emails anytime.

For Security

Detecting fraud, preventing abuse, and protecting our platform and your data.

How We Protect Your Data

Encryption

All data encrypted at rest (AES-256) and in transit (TLS 1.3)

Access Control

Role-based permissions, multi-factor authentication, principle of least privilege

Monitoring

24/7 security monitoring, intrusion detection, automated threat response

Compliance

SOC 2 Type II certified, GDPR compliant, regular security audits

Data Isolation

Your data is logically separated from other customers at the database level

Backups

Automated daily backups with 30-day retention, geo-redundant storage

Your Rights

  • Access: Request a copy of all data we have about you
  • Correction: Update inaccurate information anytime
  • Deletion: Delete your account and all associated data (we'll confirm within 30 days)
  • Export: Download your data in machine-readable format
  • Opt-Out: Unsubscribe from marketing communications
  • Object: Object to certain data processing activities

To exercise these rights: Email privacy@getthalamus.ai or use the self-service tools in your account settings.

When We Share Data

We do NOT sell your data. Ever. Here's when we might share it:

Service Providers

Cloud infrastructure (GCP), payment processing (Stripe), email delivery (SendGrid). They're bound by strict contracts and can only use data to provide services to us.

Legal Requirements

If required by law, court order, or government request. We'll notify you unless prohibited by law.

Business Transfers

If Thalamus AI Systems is acquired or merged, your data would transfer to the new entity (we'd notify you first).

With Your Consent

When you explicitly authorize us to share data with third-party integrations you enable.

Questions About Privacy?

We're here to help. Reach out anytime.

Contact Privacy Team