Legal

Privacy Policy

Effective · April 20, 2026Operated by Indo Berkah Solution~6 min read

01About ThreadLens

ThreadLens (“we”, “us”, “the service”) is an analytics application for personal Threads accounts. We pull public data and insights from Threads accounts that you voluntarily connect via Meta's official OAuth flow, and present them in a dashboard alongside AI-generated analysis.

02Data we collect

When you register and connect a Threads account, we store:

  • ThreadLens account: email address and password (hashed with bcrypt — we never store passwords in plain text).
  • Threads profile: Threads user ID, username, display name, and profile picture URL.
  • Threads access token: encrypted with AES-256-GCM before storage. The token is used solely to call the Threads API on your behalf.
  • Post content: text, media URL, permalink, timestamp, and media type from posts on your Threads account.
  • Insights: per-post counts of views, likes, replies, reposts, quotes, shares, plus account-level metrics such as follower count.
  • AI analysis output: the text generated by the LLM whenever you run a performance or pattern analysis.

03How we use the data

  • To render your Threads analytics dashboard.
  • To send post metadata as prompts to an LLM gateway (powered by Anthropic Claude) so it can produce analysis and draft post suggestions.
  • To publish a post to your Threads account — only when you write or approve the content and explicitly press Publish.
  • To store analysis history so you can review it later.
  • To maintain the connection (refresh access tokens) for as long as your Threads account is linked.
We do not sell your data.

We do not use your data for advertising, and we do not share it with any third parties beyond the technical processors listed below.

04Third-party processors

  • Supabase — database where all data is stored.
  • Vercel — application hosting.
  • Meta / Threads Graph API — source of Threads data (you authorize access through OAuth).
  • LLM gateway (powered by Anthropic Claude) — processes analysis prompts and draft suggestions. Post content (text and metrics) is sent to the gateway when you trigger an analysis or request a draft.

05Storage and security

  • Threads access tokens are encrypted before being stored.
  • Admin passwords are hashed with bcrypt at cost 12.
  • Database access is server-side only, using a service role.
  • Login sessions use httpOnly cookies signed as JWTs.
  • All traffic is served over TLS 1.3.

06Your rights & data deletion

You can remove your data at any time:

  • Disconnect a Threads account from the Settings page — all posts, insights, and analysis history for that account will be permanently deleted.
  • Delete your ThreadLens account — email us (address below) with the subject “Delete account”. Data will be removed within 7 days.
  • Requests from Meta: if you revoke the app's permission from your Threads settings, Meta sends a signed request to our Data Deletion Callback endpoint, and we automatically delete the corresponding data.

Read the full data deletion instructions →

07Cookies

We use only essential cookies:

  • threadlens_session — login session (httpOnly, signed JWT).
  • threadlens_active_account — currently selected Threads account in the switcher.
  • threads_oauth_state — short-lived, used to verify the OAuth state parameter.

No tracking cookies, no third-party advertising cookies. See our full cookie policy →

08Children

The service is intended for users aged 13 and over, in line with Threads / Meta's terms of service.

09Changes to this policy

This policy may change from time to time. The “effective date” above will be updated whenever it does. Material changes will be communicated by email to the address on file.

10Contact

For questions, data access or deletion requests, or privacy concerns:

bhskindatabase@gmail.com
Indo Berkah Solution · Jakarta, Indonesia