Privacy Policy
Last updated: March 26, 2026
ThoughtDrops ("we", "our", or "us") operates the ThoughtDrops mobile application (the "App"). This Privacy Policy explains in detail what information we collect, how we use it, who we share it with, and how we protect it.
By creating an account or using the App, you agree to the collection and use of information in accordance with this policy.
1. User Registration & Account Data
When you create an account, we collect:
| Data | Purpose | Storage |
|---|---|---|
| Full name | Display in your profile | Server database |
| Email address | Account identification & login | Server database |
| Password | Account authentication | Hashed with bcrypt (12 salt rounds) — we never store or see your plain-text password |
Authentication method: Email and password only. We do not currently offer social login (Google, Apple, Facebook). Your session is managed via JSON Web Tokens (JWT) with a 30-day expiration. Tokens are stored on your device only and are never shared with third parties.
Password requirements: Minimum 8 characters.
2. Voice Recordings & Transcription
When you use the voice capture feature:
- Your audio is recorded on your device in M4A format.
- The recording is uploaded to our servers over an encrypted HTTPS connection.
- The audio file is sent to OpenAI's Whisper API for transcription.
- The audio file is permanently deleted from our servers immediately after transcription is complete. We do not retain, archive, or back up your audio recordings.
- Only the text transcription is saved to your project.
OpenAI processes audio data under their API terms, which state that API inputs are not used to train their models. See OpenAI's Privacy Policy.
3. Project Content & AI Processing
As you use ThoughtDrops, the following content is generated and stored in your account:
- Transcriptions — text converted from your voice memos
- Talking points — key points extracted from your transcription
- Research — web research gathered to support your topic
- Scripts — full video scripts generated from your research and talking points
- Short scripts — 60-second condensed versions of your scripts
- Tweets — social media posts generated from your content
This content is stored in our database so you can access it across sessions. It is associated with your account and is not visible to other users.
AI Services Used for Content Generation
| Service | What We Send | Purpose | Data Training |
|---|---|---|---|
| OpenAI Whisper | Audio file | Voice-to-text transcription | Not used for training (policy) |
| Anthropic Claude | Transcription text, talking points, research | Script generation, research synthesis, talking point extraction, tweet & short script creation | Not used for training (policy) |
| Brave Search | Search queries derived from your topic | Web research to enrich your scripts | Standard search queries (policy) |
All three services process data under their respective API terms. None of them use API inputs to train their AI models.
4. Video Recordings (Studio)
When you record video using the Studio teleprompter feature:
- Video is recorded directly on your device using your device's camera.
- Finished recordings are saved to your device's camera roll / photo library.
- We do not upload, access, transmit, or store your video recordings on our servers.
5. Device Permissions
ThoughtDrops requests the following device permissions. Each is only used when you actively initiate the related action — we never access these in the background.
iOS
| Permission | Why We Need It |
|---|---|
| Microphone | Record voice memos for transcription and audio during Studio video recording |
| Camera | Record video with the teleprompter overlay in Studio mode |
| Photo Library (Add Only) | Save your recorded videos to your camera roll |
Android
| Permission | Why We Need It |
|---|---|
| Record Audio | Record voice memos and audio during video recording |
| Camera | Record video with the teleprompter overlay in Studio mode |
| Read/Write Media | Save and access recorded videos on your device |
| Foreground Service | Keep audio recording active when the screen overlay appears |
6. Data Storage & Security
We take the security of your data seriously. Here is how your information is protected:
Infrastructure
- Database: PostgreSQL hosted on Railway with SSL/TLS encryption in transit
- Backend: Node.js (Express) hosted on Railway
- All data transmitted between your device and our servers is encrypted via HTTPS/TLS
Authentication Security
- Passwords are hashed using bcrypt with 12 salt rounds — we never store plain-text passwords
- Sessions use JWT tokens (30-day expiration) stored only on your device
- All API keys (OpenAI, Anthropic, Brave) are stored as server-side environment variables and are never sent to or accessible from your device
On-Device Storage
- A single preference flag (onboarding completion) is stored locally via AsyncStorage
- Your JWT session token is stored on-device for authentication
- No project content, transcriptions, or personal data is cached on your device
7. Analytics & Tracking
We do not use any analytics, tracking, or crash-reporting services. There are no third-party SDKs (such as Google Analytics, Mixpanel, Firebase Analytics, or Sentry) in the App. We do not track your behavior, collect device identifiers, or build user profiles for advertising.
8. Data Sharing
We do not sell, rent, trade, or share your personal information with third parties for marketing or advertising purposes.
Your data is shared only with the AI service providers listed in Section 3, solely to deliver the app's core functionality (transcription, research, and script generation). These providers process data under their API terms and do not use API inputs for model training.
9. Data Retention
| Data Type | Retention |
|---|---|
| Account info (name, email) | Until you delete your account |
| Project content (transcriptions, scripts, research) | Until you delete the project or your account |
| Voice recordings (audio files) | Deleted immediately after transcription — not retained |
| Video recordings | Stored on your device only — never on our servers |
| JWT session tokens | Expire after 30 days |
10. Your Rights
You have the right to:
- Access — request a copy of the personal data we hold about you
- Deletion — request deletion of your account and all associated data (projects, transcriptions, scripts). Upon deletion, all your data is permanently removed from our database.
- Export — export your project content (scripts, transcriptions) from within the App
- Correction — update your name or email from your profile settings
- Withdraw consent — stop using the App and delete your account at any time
To exercise any of these rights, contact us at hello@thoughtdrops.us. We will respond within 30 days.
11. Children's Privacy
ThoughtDrops is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children. If you believe a child has created an account, please contact us and we will promptly delete the account and all associated data.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will update the "Last updated" date at the top of this page. Continued use of the App after changes are posted constitutes your acceptance of the updated policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your data, contact us at:
Email: hello@thoughtdrops.us
Website: thoughtdrops.us