Privacy Policy

1. Information We Collect

Account Information. When you create an account, we collect your name, email address, company name, and password. If you sign up using a third-party provider (such as Google or GitHub), we receive your name and email from that provider.

Billing Information. When you subscribe to a paid plan, our payment processor (Stripe) collects your payment card details, billing address, and related financial information. Thermocline does not directly store your full payment card number.

Usage Data. We automatically collect information about your use of the Services, including: queries executed (metadata only, not query contents or results), storage consumed per cluster, read/write operation counts, API call volumes and endpoints accessed, cluster configuration changes, console page views and feature interactions, and login timestamps and session durations.

Technical Data. We collect technical information when you access our Services, including IP address, browser type and version, operating system, device type, time zone, referring URL, and pages visited on our marketing site.

Support Data. When you contact our support team, we collect the information you provide in your request, including any diagnostic data or database metadata you choose to share for troubleshooting purposes.

Your Database Contents. The documents, vectors, embeddings, and other data you store in your Thermocline clusters ("Your Data") are stored and processed solely to provide the Services. We do not access, read, analyze, or use Your Data for any purpose other than operating the Services, except as required by law or with your explicit consent.

2. How We Use Your Information

Service Delivery. We use your information to create and manage your account, provision and operate database clusters, process billing and payments, provide customer support, send service-related notifications (maintenance windows, security alerts, billing receipts), and enforce our Terms of Service.

Service Improvement. We use aggregated and anonymized usage data to analyze performance trends, identify and resolve bugs and infrastructure issues, plan capacity, develop new features and optimize existing ones, and improve the reliability and security of the Services.

Communications. We may send you emails about service updates, security notifications, and billing matters. These are transactional communications necessary for the operation of the Services and cannot be opted out of while your account is active. We may also send product announcements and educational content, which you can unsubscribe from at any time.

We do not sell, rent, or trade your personal information to third parties. We do not use Your Database Contents for advertising, marketing, profiling, or any purpose other than providing the Services.

3. Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases: (a) Performance of contract - to provide the Services you have subscribed to; (b) Legitimate interests - to improve and secure our Services, prevent fraud, and send service-related communications; (c) Legal obligation - to comply with applicable laws, regulations, and legal processes; and (d) Consent - where you have given us explicit consent, such as for optional marketing communications. You may withdraw consent at any time.

4. Information Sharing and Disclosure

Service Providers. We share information with third-party service providers who assist us in operating the Services, including: Stripe (payment processing), cloud infrastructure providers (compute, storage, and networking), email delivery services, and analytics tools that process only aggregated, anonymized data. All service providers are contractually obligated to protect your information and may only use it to provide services to Thermocline.

Legal Requirements. We may disclose your information if required to do so by law, legal process, or government request. Where legally permitted, we will notify you of such requests before disclosure. We will challenge requests that we believe are overbroad or unlawful.

Business Transfers. In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will notify you of any such transfer and any changes to this Privacy Policy.

With Your Consent. We may share your information with third parties when you have given us explicit consent to do so.

5. Data Security

We implement and maintain comprehensive security measures designed to protect your information, including: encryption at rest using AES-256 for all storage tiers (hot and cold), encryption in transit using TLS 1.3 for all connections, network isolation between customer clusters, role-based access controls for internal systems, automated threat detection and intrusion prevention, regular vulnerability scanning and penetration testing, and employee security training and background checks.

Access to Your Data by Thermocline personnel is restricted on a need-to-know basis and is logged and audited. Only a limited number of authorized engineers may access production systems for the purpose of maintaining and troubleshooting the Services.

While we strive to protect your information using commercially reasonable measures, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

6. Data Retention

Account Information. We retain your account information for as long as your account is active. If you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law or for legitimate business purposes such as resolving disputes or enforcing our Terms.

Your Database Contents. Your Data is retained in your clusters for as long as your account is active. Upon account deletion, you have 30 days to export Your Data. After the export window, all Your Data and associated backups are permanently and irreversibly deleted within 90 days.

Usage and Billing Records. Aggregated usage data and billing records are retained for up to 7 years for tax, accounting, and legal compliance purposes.

Support Records. Customer support tickets and associated communications are retained for 3 years after resolution, after which they are deleted or anonymized.

Backups. Database backups are retained according to your plan's backup policy. All backup data is encrypted and subject to the same deletion timeline as primary data upon account termination.

7. International Data Transfers

Thermocline is based in the United States, and Your Data is processed and stored in data centers located in the United States unless you have selected a specific deployment region. If you are accessing the Services from outside the United States, your information will be transferred to and processed in the United States.

For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. Customers requiring a Data Processing Agreement with SCCs may request one at legal@thermoclinecloud.com.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information: (a) Access - request a copy of the personal information we hold about you; (b) Correction - request correction of inaccurate or incomplete personal information; (c) Deletion - request deletion of your personal information, subject to legal retention requirements; (d) Portability - request a copy of your personal information in a structured, machine-readable format; (e) Restriction - request that we restrict processing of your personal information in certain circumstances; (f) Objection - object to processing of your personal information based on legitimate interests; and (g) Withdraw Consent - withdraw previously given consent at any time.

To exercise any of these rights, contact us at legal@thermoclinecloud.com. We will respond to your request within 30 days (or sooner if required by applicable law). We may need to verify your identity before processing your request.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). We do not sell personal information. We do not share personal information for cross-context behavioral advertising. In the preceding 12 months, we have collected the categories of personal information described in Section 1.

You have the right to: request disclosure of the personal information we have collected about you and the purposes for which it is used; request deletion of your personal information; opt out of the sale or sharing of personal information (though we do not engage in such practices); and not be discriminated against for exercising your privacy rights. To exercise these rights, contact us at legal@thermoclinecloud.com.

10. Cookies and Tracking

Our marketing website uses only essential cookies necessary for site functionality (such as session management and security). We do not use third-party advertising cookies or cross-site tracking technologies on our marketing site.

The Thermocline Cloud console uses session cookies to maintain your authenticated session and preferences. These are strictly necessary for the operation of the Services.

11. Children's Privacy

The Services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 16, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at legal@thermoclinecloud.com.

12. Data Breach Notification

In the event of a security breach that affects Your Data or personal information, Thermocline will notify affected customers without undue delay and no later than 72 hours after becoming aware of the breach, where feasible. Notification will include a description of the nature of the breach, the categories and approximate number of records affected, the likely consequences, and the measures taken or proposed to address the breach.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes at least 30 days before they take effect by posting a notice on our website and sending an email to the address associated with your account. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us at legal@thermoclinecloud.com.

For EU/UK residents, if you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.