1. Who We Are

Thermis is a global intelligence monitoring service operated by the Thermis team. In this policy, "we", "us", and "our" refer to Thermis. Our website is thermis.io. For privacy matters, contact us at admin@thermis.io.

2. What Data We Collect

When you create an account we collect your email address and a securely hashed password. When you subscribe to Thermis Pro, your payment is processed by Stripe — we do not store your card details. Stripe provides us with a customer identifier and subscription status only. We store your subscription status in our database to determine your access level. We do not collect your name, address, or any other personal information unless you contact us directly.

3. How We Use Your Data

We use your email address to create and manage your account, send you account-related emails such as payment confirmations, and respond to support requests. We use your subscription status solely to control access to Pro features. We do not use your data for advertising, profiling, or marketing without your explicit consent.

4. Legal Basis for Processing

Under UK GDPR, we process your data on the basis of contract performance (to provide the service you signed up for) and legitimate interests (to maintain the security and integrity of the platform). Where we send you marketing communications, we rely on your consent.

5. Data Storage

Your account data is stored securely using Supabase, a cloud database provider, on servers located within the European Economic Area. Payment data is processed and stored by Stripe, Inc. in accordance with their privacy policy and PCI DSS compliance standards.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, your personal data is removed from our systems within 30 days. Anonymised, aggregated usage data may be retained indefinitely.

7. Your Rights

Under UK GDPR you have the right to access the personal data we hold about you, request correction of inaccurate data, request deletion of your data, object to processing, and request data portability. To exercise any of these rights, contact us at admin@thermis.io. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies and Local Storage

Thermis uses browser localStorage to cache intelligence scores and analysis on your device to improve performance. This data does not contain personal information and is not transmitted to our servers. We do not currently use advertising or tracking cookies.

9. Third-Party Services

We use the following third-party services: Stripe for payment processing, Supabase for database hosting, Vercel for website hosting, and Anthropic for AI analysis generation. Each operates under their own privacy policy.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be notified by email or a prominent notice on the site. Continued use of the service after changes constitutes acceptance.