top of page
Privacy Policy

Last Updated: Dec 3, 2025

Effective Date: Dec 3, 2025

Thunderhead AI LLC ("Company," "we," "us," or "our") operates the Thunderhead AI platform (the "Service"), an AI-powered lead response platform for trade businesses. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service.

By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Service.

1. Information We Collect

1.1 Information You Provide Directly

We collect information you provide when you:

  • Create an Account: Name, email address, phone number, business name, business address, and industry type.

  • Subscribe to Our Service: Billing information (processed securely through Stripe—we do not store full payment card details), subscription plan selection, and billing address.

  • Configure Your Account: Business hours, service areas, services offered, AI response preferences, and custom business rules.

  • Communicate with Us: Support inquiries, feedback, and correspondence.

  • Message Content: including any information submitted through SMS or contact forms.

1.2 Information Collected Automatically

When you use our Service, we automatically collect:

  • Usage Data: Features accessed, actions taken, timestamps, and session duration.

  • Device Information: IP address, browser type and version, operating system, device identifiers, and general location (city/region level).

  • Log Data: Server logs, error reports, and performance metrics.

  • Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies. See Section 6 for details.

1.3 Information from Third-Party Integrations

Our Service integrates with third-party platforms. When you connect these integrations, we may receive:

  • Communication Platforms (Twilio): Phone numbers, SMS messages, and call metadata for leads contacting your business.

  • Email Services (Mailgun): Email addresses, email content, and delivery metadata for lead communications.

  • Payment Processing (Stripe): Transaction confirmations, subscription status, and billing events. Stripe handles all payment card data directly.

  • Analytics (Google Analytics): Anonymized usage patterns and traffic data.

1.4 Lead and Customer Data You Process Through Our Service

As a platform provider, we process data on your behalf when you use our Service to manage lead communications. This includes:

  • Lead contact information (names, phone numbers, email addresses)

  • Communication content (SMS messages, emails, form submissions)

  • Lead classification and qualification data

  • Conversation histories and AI-generated responses

 

2. How We Use Your Information

 

We use collected information for the following purposes:

2.1 Service Delivery and Operations

  • Providing, maintaining, and improving our Service

  • Processing and managing your subscription

  • Enabling AI-powered lead response and qualification

  • Delivering communications through integrated channels (SMS, email)

  • Providing customer support and responding to inquiries

 

2.2 Analytics and Improvement

  • Analyzing usage patterns to improve Service functionality

  • Developing new features and capabilities

  • Training and improving our AI models using aggregated, de-identified data

  • Monitoring Service performance and reliability

 

2.3 Communications

  • Sending transactional communications (account confirmations, billing notifications, service updates)

  • Providing product announcements and feature updates

  • Sending marketing communications (with your consent, where required)

 

2.4 Legal and Security

  • Complying with legal obligations

  • Enforcing our Terms of Service

  • Protecting against fraud, abuse, and security threats

  • Defending our legal rights

3. How We Share Your Information

 

We do not sell your personal information. We share information only in the following circumstances:

 

3.1 Service Providers

We engage trusted third-party service providers to perform functions on our behalf:

Stripe

Payment processing

Billing information, transaction data

 

Twilio

SMS and voice communications

Phone numbers, message content

 

Mailgun

Email delivery

Email addresses, email content

 

Google Analytics

Website analytics

Anonymized usage data

 

Supabase

Database hosting

Encrypted account and lead data

 

Vercel

Application hosting

Server logs, request data

 

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

 

3.2 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

 

3.3 Business Transfers

If we are involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

 

3.4 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to:

  • Comply with applicable laws or regulations

  • Protect the rights, property, or safety of Thunderhead AI, our users, or the public

  • Detect, prevent, or address fraud, security, or technical issues

4. Data Retention

 

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Account Data: Retained while your account is active and for 90 days after account closure to allow for reactivation.

  • Lead and Communication Data: Retained according to your subscription plan settings. Archived data is retained for up to 365 days before permanent deletion.

  • Billing Records: Retained for 7 years for tax and legal compliance.

  • Usage Analytics: Aggregated analytics data may be retained indefinitely in de-identified form.

 

You may request deletion of your data at any time by contacting us at privacy@getthunderhead.com

 

5. Data Security

 

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

  • Access Controls: Role-based access controls and multi-factor authentication for administrative access.

  • Infrastructure Security: Our Service is hosted on SOC 2-compliant infrastructure with regular security audits.

  • Data Isolation: Multi-tenant architecture with strict data isolation between customer accounts using Row Level Security.

 

Despite our efforts, no method of transmission or storage is completely secure. We cannot guarantee absolute security of your data.

 

6. Cookies and Tracking Technologies

 

6.1 Types of Cookies We Use

Essential

Required for Service functionality (authentication, security)

Session

 

Functional

Remember your preferences and settings

1 year

 

Analytics

Understand how visitors interact with our Service

2 years

 

6.2 Google Analytics

We use Google Analytics to analyze Service usage. Google Analytics uses cookies to collect information about your use of our Service. This information is transmitted to and stored by Google. You can opt out by installing the Google Analytics Opt-out Browser Add-on.

 

6.3 Managing Cookies

When you first visit our Service, you will be presented with a cookie consent banner allowing you to accept or reject non-essential cookies. You can modify your preferences at any time through your browser settings or by clicking the "Cookie Preferences" link in our website footer.

Most browsers allow you to refuse cookies or alert you when cookies are being sent. Note that disabling cookies may affect Service functionality.

 

7. Your Privacy Rights

 

Depending on your location, you may have certain rights regarding your personal information:

 

7.1 Rights for All Users

  • Access: Request a copy of the personal information we hold about you.

  • Correction: Request correction of inaccurate or incomplete information.

  • Deletion: Request deletion of your personal information, subject to legal retention requirements.

  • Data Portability: Request your data in a structured, commonly used format.

  • Withdraw Consent: Withdraw consent for processing where consent is the legal basis.

 

7.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected.

  • Right to Delete: Request deletion of your personal information.

  • Right to Opt-Out of Sale: We do not sell personal information. However, you may opt out of any future sales.

  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

 

To exercise these rights, contact us at privacy@getthunderhead.com or call +15035239766 We will respond within 45 days.

 

7.3 European Economic Area (EEA) Residents (GDPR)

If you are located in the EEA, you have rights under the General Data Protection Regulation (GDPR):

  • Lawful Basis: We process your data based on: (a) contract performance, (b) legitimate interests, (c) legal obligations, or (d) your consent.

  • Right to Object: Object to processing based on legitimate interests.

  • Right to Restrict Processing: Request restriction of processing under certain circumstances.

  • Right to Lodge a Complaint: File a complaint with your local data protection authority.

For GDPR inquiries, contact our Data Protection contact at privacy@thunderhead.ai.

 

8. Data Processing for Business Customers

 

When you use our Service to process lead communications, you act as the data controller for lead data, and we act as a data processor on your behalf.

 

8.1 Your Responsibilities

  • Ensure you have appropriate legal basis to collect and process lead data

  • Provide any required privacy notices to leads

  • Respond to data subject requests from your leads

  • Comply with applicable data protection laws

 

8.2 Our Responsibilities

  • Process lead data only according to your instructions

  • Implement appropriate security measures

  • Assist you in responding to data subject requests

  • Delete or return lead data upon termination of your account

 

A Data Processing Agreement (DPA) is available upon request for customers who require one.

 

9. International Data Transfers

Our Service is hosted in the United States. If you access our Service from outside the United States, your information will be transferred to and processed in the United States.

 

For EEA residents, we rely on Standard Contractual Clauses approved by the European Commission to ensure adequate protection for international data transfers.

 

10. Children's Privacy

Our Service is designed for business use and is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn we have collected information from a child under 18, we will delete it promptly.

 

11. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

 

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated Privacy Policy on our website with a new "Last Updated" date

  • Sending you an email notification (for material changes)

  • Displaying a notice within the Service

 

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

 

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

 

Thunderhead AI LLC

Email: privacy@getthunderhead.com

Phone: +15035239766

 

For data protection inquiries or to exercise your privacy rights, please email privacy@getthunderhead.com with the subject line "Privacy Rights Request."

bottom of page