Your data never trains our models.
Thalium
Sign in Get started

LEGAL

Privacy Policy

Last updated: May 2026

Overview

Thalium ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use the Thalium platform and services. We are a data controller under UK GDPR and the Data Protection Act 2018.

Data we collect

We collect: (a) Account data — name, email address, organisation name, and payment information when you register; (b) Usage data — API calls, invocation counts, Brain Instance activity, and audit log entries; (c) Content data — inputs you send to Brain Instances and the artifacts produced in response; (d) Technical data — IP addresses, browser type, and access logs for security and performance monitoring.

How we use data

We use your data to: provide and operate the Services; process payments and manage your subscription; send transactional emails (account confirmation, usage alerts, billing notifications); monitor and improve platform performance and security; comply with legal obligations. We do not use your Brain Instance data to train general-purpose AI models. We do not sell your data to third parties.

Data sharing

We share data with: Supabase (database infrastructure, EU region); Fly.io (application hosting, EU region); Stripe (payment processing); Brevo (transactional email). All processors are bound by data processing agreements. We do not share data with advertisers or data brokers. We will disclose data if required by law or to protect the rights and safety of Thalium and its users.

Data retention

We retain account data for the duration of your subscription plus 30 days following termination. Brain Instance memory data (institutional ring entries) is deleted 30 days after account termination. Audit logs are retained for 7 years for compliance purposes. Billing records are retained as required by UK tax law.

Your rights

Under UK GDPR, you have the right to: access your personal data; correct inaccurate data; request deletion of your data; object to or restrict processing; data portability; withdraw consent where processing is based on consent. To exercise any of these rights, contact privacy@thalium.io. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Cookies

Thalium uses essential cookies for session management and authentication. We do not use advertising or tracking cookies. We use Plausible Analytics for privacy-preserving usage analytics — no cookies are set and no personal data is collected. You can disable cookies in your browser settings, but this will prevent you from using the authenticated platform.

Contact

For privacy enquiries, contact privacy@thalium.io. Our data protection contact is available at the same address. Thalium is operated by Curavest Ltd, registered in England and Wales.