Legal

Privacy Policy

Last Updated: February 25, 2026

Thriveful, Inc. ("Thriveful," "we," "our," or "us") provides brand-building software tools, including the Brand Archetype Discovery™, Brand Core System™, and Brand Clarity Engine™ (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our websites, applications, dashboard, and related services.

1. Scope

This Privacy Policy applies to personal information we collect when you visit our websites or landing pages, create an account or use our dashboard, submit inputs, content, or other materials for analysis, purchase or manage a subscription, or contact us (including support).

This Privacy Policy does not apply to third-party services, websites, or platforms that we do not control.

2. Information We Collect

We collect personal information from (A) you, (B) your device/browser automatically, and (C) third parties and service providers.

A. Information You Provide

  • Account information: name, email address, login credentials (if applicable)
  • Workspace and brand information: business/brand details, preferences, profile information
  • Assessment responses and Brand Core inputs: including free-text responses and structured entries you submit
  • Content you submit for audits or analysis: drafts, messaging, positioning, creative briefs, and similar materials
  • Support communications: messages, emails, and related metadata
  • Billing and subscription information: billing contact information and transaction details. Payment card data is processed by Stripe; we do not store full card numbers.

B. Information Collected Automatically

  • Identifiers and device data: IP address, device, browser, and OS information, and approximate location derived from IP
  • Usage and interaction data: pages viewed, clicks, navigation paths, session activity, and feature usage events
  • Attribution data: referrers and marketing attribution data, including UTM parameters
  • Security and diagnostics: authentication and login activity, error logs, security logs, and related diagnostics

C. Third-Party and Service Provider Data

We may receive information from vendors and partners that support authentication and account management, billing and subscription processing, email delivery and customer communications, analytics and product measurement, advertising attribution and campaign measurement, and AI feature processing.

D. AI Feature Processing (Inputs and Outputs)

When you use AI-enabled features such as the Brand Core System™ and Brand Clarity Engine™, we process the inputs, prompts, and related content you submit to provide outputs, operate the Services, and maintain safety, reliability, and quality.

No training of third-party models from your customer data (by us): We do not use customer content to train third-party models except as permitted by the applicable provider terms and our configured service settings.

Service improvement: We may use de-identified and/or aggregated data to improve product performance and reporting.

3. Cookies and Tracking

We use cookies, pixels, local storage, SDKs, and similar technologies to operate the Services, remember preferences, measure traffic and usage, support security and fraud prevention, and enable marketing attribution and (where enabled) retargeting.

Categories of technologies:

  • Strictly necessary: security, authentication, and core functionality
  • Functional: preferences and settings
  • Analytics: traffic and product usage measurement
  • Advertising: campaign measurement and retargeting

We use Ketch to manage cookie and tracking preferences on public-facing pages. Where required by law, we request consent before enabling non-essential tracking technologies. You can update your preferences at any time through our cookie preferences controls.

Tools we may use include Ketch, Google Tag Manager, Google Analytics, Meta Pixel, Mixpanel, Clerk, Stripe, Resend, OpenAI, and Anthropic.

Global Privacy Control (GPC) and opt-out preference signals: Where required by law, we process opt-out preference signals (such as Global Privacy Control) as a request to opt out of certain tracking that may be considered "sharing" for cross-context behavioral advertising.

4. How We Use Information

  • Provide, maintain, and improve the Services
  • Create and manage accounts and authenticate users
  • Process billing, subscriptions, and related transactions
  • Generate requested analyses, insights, and outputs
  • Personalize onboarding and product experiences
  • Measure service performance, product usage, and feature adoption
  • Send transactional, onboarding, and support communications
  • Send marketing communications where permitted
  • Prevent fraud, abuse, and security incidents
  • Comply with legal obligations and enforce our terms

6. How We Disclose Information

We do not sell personal information for money.

We may disclose personal information to:

  • Service providers/processors that help us operate the Services (for example, hosting, analytics, authentication, customer support, email, billing, and AI processing)
  • Professional advisors (for example, legal and accounting), as needed
  • Regulators and law enforcement where required by law or to protect rights and safety
  • Parties to a business transaction (for example, merger, acquisition, financing, or asset sale)
  • Advertising and analytics partners where enabled by your settings or permitted by law

"Sale" and "Sharing" notice (certain jurisdictions): Depending on your jurisdiction, disclosure of information via advertising cookies or pixels for targeted advertising may be considered a "sale" or "sharing" of personal information. You can control these disclosures through our cookie preferences and opt-out mechanisms.

7. Data Retention

We retain personal information for as long as reasonably necessary to provide the Services, maintain business records, comply with legal obligations, resolve disputes, and protect against fraud and abuse. Retention periods vary based on the type of data and the purpose of processing.

We may retain de-identified and/or aggregated data longer where permitted.

8. Data Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information, including measures such as encryption in transit, access controls, logging, and monitoring. No system is completely secure, and we cannot guarantee absolute security.

9. International Data Transfers

We may process and store personal information in the United States and other countries where we or our service providers operate. Where required, we use appropriate safeguards for international transfers.

10. Your Rights and Choices

Depending on your location, you may have rights to:

  • Access, correct, or delete personal information
  • Receive a copy (portability) of certain personal information
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent
  • Opt out of targeted advertising and certain analytics technologies
  • Appeal a privacy request decision where applicable

How to Exercise Your Choices

  • Email marketing: unsubscribe using the link in the email
  • Cookies and targeted advertising: use our cookie preference controls where available
  • Privacy requests: email legal@thriveful.com with enough detail for us to verify and process your request

Verification and Authorized Agents

We may need to verify your identity before completing certain requests. In some jurisdictions, you may designate an authorized agent to submit requests on your behalf, subject to verification and proof of authorization.

11. Children's Privacy

The Services are not directed to children under 16, and we do not knowingly collect personal information from children under 16.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version on this page and update the Last Updated date above. If required by law, we will provide additional notice.

13. Contact Us

Thriveful, Inc.

Email: legal@thriveful.com

To submit a privacy request, contact legal@thriveful.com and include enough detail for us to verify and process your request.

© 2026 Thriveful. All rights reserved.