Privacy Policy

Thrive21.ai
Effective Date: November 18, 2025

1. Introduction

Thrive21.ai ("we," "us," "our") operates Thrive21.ai. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in compliance with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

We do not sell personal information.

2. Information We Collect

2.1 Information You Provide

Account information (name, email, company name)
Payment information (processed by third-party payment processors; we do not store credit card numbers)
Business data and analysis inputs you submit to the Service
Communications with support

2.2 Automatically Collected Information

Usage data (reports generated, features used, time spent)
Device information (browser type, IP address, operating system)
Cookies and similar tracking technologies (see Cookie Policy)

2.3 Third-Party Data

Publicly available market data (economic indicators, industry statistics)
Data enrichment from public sources to enhance analysis quality

3. How We Use Your Information

We use your information to:

Provide and improve the Service
Process payments and manage subscriptions
Generate strategic analysis and reports
Send account notifications and service updates
Comply with legal obligations
Train and improve our AI models using aggregated, anonymized, de-identified usage patterns. We never use your identifiable business inputs or proprietary data for training. Only fully aggregated, anonymized, de-identified usage patterns are used.

4. Legal Basis for Processing (GDPR)

We process your data based on:

Contract performance: To provide the Service you subscribed to
Legitimate interests: To improve the Service and prevent fraud
Consent: Where required by law (e.g., marketing communications, cookies)
Legal obligation: To comply with tax, accounting, and regulatory requirements

5. Data Sharing and Disclosure

We share your information only as follows:

5.1 Service Providers (Data Processors)

These service providers act as Data Processors under GDPR, processing data on our behalf:

Payment processing services
Cloud hosting and infrastructure providers
Authentication and database services
Third-party AI services for analysis generation

All service providers are contractually obligated to protect your data and use it only for providing services to us.

5.2 Legal Requirements

We may disclose information if required by law, court order, or government request.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5.4 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6. Data Retention

We retain your information:

Account data: Until account deletion plus 90 days for backup systems
Usage data: 24 months for service improvement
Payment records: 7 years for tax compliance
Aggregated/anonymized data: Indefinitely for AI training and research

7. Your Privacy Rights

7.1 GDPR Rights (EU Users)

Access: Request a copy of your personal data
Rectification: Correct inaccurate information
Erasure: Request deletion ("right to be forgotten")
Portability: Receive your data in a structured format
Restriction: Limit processing of your data
Objection: Opt out of processing based on legitimate interests
Withdraw consent: For consent-based processing

7.2 CCPA Rights (California Users)

Know what personal information is collected
Know if personal information is sold or disclosed
Opt out of sale of personal information (we don't sell data)
Request deletion of personal information
Non-discrimination for exercising privacy rights

If you wish to formally opt out of any potential data sale, contact us at support@thrive21.ai with subject line "Do Not Sell My Personal Information."

7.3 Exercising Your Rights

8. Data Security

We implement industry-standard security measures:

Encryption in transit (TLS/SSL) and at rest
Access controls and authentication
Regular security audits
Secure cloud infrastructure

No system is 100% secure. We cannot guarantee absolute security.

9. International Data Transfers

Your data may be processed in the United States. For EU users, we rely on:

Standard Contractual Clauses (SCCs) with service providers
Adequacy decisions where applicable
Your explicit consent where required

10. Children's Privacy

The Service is not intended for users under 18. We do not knowingly collect information from minors. If we discover such collection, we will delete it promptly.

11. Cookies and Tracking

See our Cookie Policy for details on cookies and tracking technologies.

12. Marketing Communications

We may send promotional emails if you consent. You can opt out anytime via:

Unsubscribe link in emails
Account settings
Email to support@thrive21.ai

13. Changes to Privacy Policy

We may update this Privacy Policy at any time, effective immediately upon posting. Material changes will be communicated via email.

14. Data Controller and Data Protection Officer

Thrive21.ai is the data controller responsible for your personal information.

Sam Solomon, CEO
c/o Northwest Registered Agent
8735 Dunwoody Place Ste N
Atlanta, GA 30350
Email: support@thrive21.ai

Thrive21 is not required to appoint a Data Protection Officer under GDPR.

15. Complaints

EU users may lodge complaints with their local supervisory authority. California users may contact the California Attorney General.