Privacy Policy

Effective Date: February 26, 2025
Last Updated: February 26, 2025
Thunderbit, Inc. (the "Company") is dedicated to protecting the privacy of its users. This Privacy Policy ("Privacy Policy") is designed to explain how we collect, use, share, and safeguard the information you provide to us, and to help you make informed decisions when using our Service.
For the purposes of this Privacy Policy:

• "Site" refers to the Company's website, accessible at https://thunderbit.com.
  
• "Extension" refers to the Thunderbit Chrome browser extension available on the Chrome Web Store.
  
• "Service" refers to the Company's services accessed via the Site and/or the Extension, which allow users to extract data from websites using AI, export data to third-party platforms, auto-fill web forms, and execute related workflows.
  
• "Extracted Data" refers to the data that you extract from third-party websites using our Service.
  
• "AI Service Providers" refers to the third-party artificial intelligence providers we use to process data on your behalf, currently Google (Gemini).
  
• The terms "we," "us," and "our" refer to the Company.
  
• "You" refers to you, as a user of our Site, Extension, or Service.
  

By accessing our Site, installing our Extension, or using our Service, you agree to this Privacy Policy and our Terms of Use (https://thunderbit.com/terms), and you consent to the collection, storage, use, and disclosure of your information as described in this Privacy Policy.
I. INFORMATION WE COLLECT
We collect the following categories of information:

1. Information You Provide Directly
   When you create an account, you provide us with your email address, username, and password. You may also provide additional information such as your name, job role, company name, and preferred time zone.
   When you contact our support team or communicate with us, we collect the content of your messages, your email address, and any attachments you provide.
   
   

2. Information Collected Automatically
   When you visit our Site or use our Service, we automatically collect certain information, including:
   

   • IP address and approximate geographic location
   • Browser type, version, and operating system
   • Device type and unique device identifiers
   • Referring and exit URLs
   • Pages viewed, features used, and actions taken (e.g., clicks, time spent)
   • Date and time of access
   • Language preferences
     
     

3. Information Collected via the Chrome Extension
   When you use the Extension to extract data from a web page, the following information is collected and processed:
   

   • Web page content: The HTML content of the web page you choose to extract data from is sent to our servers for processing by our AI Service Providers. This content is used solely to perform the data extraction you requested and is not retained after processing is complete.
   • Page URLs: The URLs of pages you extract data from may be logged for service functionality, troubleshooting, and usage analytics.
   • Extracted Data: The structured data resulting from AI extraction is stored in your account so you can access, export, or manage it.
   • Form auto-fill data: When you use the auto-fill feature, form field data is stored locally within the Extension on your device. This data is not transmitted to our servers.
     
     

4. Information from Third-Party Sources
   If you sign in using Google OAuth, we receive your name, email address, and profile picture from Google. If you connect third-party integrations (such as Google Sheets, Airtable, or Notion), we receive authentication tokens necessary to export data on your behalf.
   
   

5. Payment Information
   We use Stripe as our payment processor. When you make a purchase, your payment information (such as credit card number) is collected and processed directly by Stripe. We do not store your full payment card details on our servers. We may receive limited information from Stripe, such as the last four digits of your card, card type, and billing address, for record-keeping and support purposes. For more information, please refer to Stripe's Privacy Policy at https://stripe.com/privacy.
   

II. COOKIES AND TRACKING TECHNOLOGIES
We use cookies and similar tracking technologies to collect information and improve our Service.

1. Types of Cookies We Use
   

   • Essential Cookies: Required for the basic functionality of our Site and Service, such as authentication and session management.
   • Analytics Cookies: Help us understand how users interact with our Site and Service. We use Google Analytics and Amplitude to collect usage data such as pages visited, features used, and session duration.
   • Functional Cookies: Remember your preferences (e.g., language, time zone) to provide a personalized experience.
     

   We use both persistent cookies (which remain on your device until deleted) and session cookies (which expire when you close your browser).
   
   

2. Third-Party Analytics
   We use the following third-party analytics services:
   

   • Google Analytics: Collects information about how you use our Site. You can learn more at https://policies.google.com/privacy and opt out at https://tools.google.com/dlpage/gaoptout.
   • Amplitude: Collects product usage analytics to help us improve the Service. You can learn more at https://amplitude.com/privacy.
     
     

3. Managing Cookies
   You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our Site and Service.
   
   

4. Do Not Track
   Our Site does not currently respond to "Do Not Track" (DNT) browser signals. However, you can manage your tracking preferences through your browser's cookie settings or the opt-out mechanisms described above.
   

III. HOW WE USE YOUR INFORMATION
We use your information for the following purposes:

• Provide and operate the Service: Process your data extraction requests, deliver Extracted Data, enable form auto-fill, and facilitate data exports to third-party platforms.
• AI-powered data extraction: Send web page content to our AI Service Providers (Google Gemini) to extract structured data as requested by you.
• Account management: Create and manage your account, authenticate your identity, and process payments.
• Communications: Respond to your inquiries, provide technical support, send service-related notifications, and (with your consent) send promotional communications.
• Improve and develop the Service: Analyze usage patterns, diagnose technical issues, and develop new features and functionality.
• Security and fraud prevention: Detect, prevent, and address fraud, unauthorized access, and other harmful activity.
• Legal compliance: Comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
  
  

IV. AI AND AUTOMATED DATA PROCESSING

1. AI Service Providers
   Our Service uses artificial intelligence to extract structured data from web pages. When you initiate a data extraction, the HTML content of the target web page is transmitted from our servers to Google (Gemini) for processing. Google processes this data solely to generate the extraction results you requested.
   
   

2. Data Sent to AI Providers
   The data sent to our AI Service Providers may include:
   

   • The HTML content of the web page you are extracting data from
   • Your extraction instructions or query parameters
   • Contextual information necessary to perform the extraction
     

   We do not send your account credentials, payment information, or other personally identifiable information to our AI Service Providers for the purpose of data extraction.
   
   

3. AI Provider Data Handling
   Our agreements with AI Service Providers require that they process your data only as instructed by us and do not use your data for their own purposes, including training their AI models. For more information on how Google handles data, please refer to Google's Privacy Policy at https://policies.google.com/privacy.
   
   

4. No AI Training on Your Data
   We do not use your data (including Extracted Data, web page content, or API calls) to develop, improve, or train generative AI or machine learning models. Your data is processed solely to provide the Service to you.
   
   

5. Automated Decision-Making
   Our Service uses automated processing (AI) to extract and structure data from web pages based on your instructions. This automated processing does not make decisions that produce legal or similarly significant effects on you. You always retain full control over what data is extracted, how it is used, and where it is exported.
   

V. HOW WE SHARE YOUR INFORMATION
We do not sell, trade, or rent your Personal Information to third parties for their marketing purposes. We may share your information with the following categories of recipients:

• AI Service Providers: Google (Gemini) receives web page content to perform AI-powered data extraction, as described in Section IV.
• Cloud Infrastructure Providers: We use cloud hosting services to store and process data securely.
• Analytics Providers: Google Analytics and Amplitude receive usage data to help us analyze and improve the Service.
• Payment Processor: Stripe processes your payment transactions. We share only the information necessary to complete your purchases.
• Third-Party Integrations (at your direction): When you choose to export Extracted Data to Google Sheets, Airtable, Notion, or other platforms, we transfer data to those platforms on your behalf and at your instruction.
• Legal and Compliance: We may disclose your information if we believe in good faith that it is necessary to comply with applicable laws or enforceable governmental requests, enforce our Terms of Use, address fraud or security issues, or protect the rights, property, or safety of our users or the public.
• Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and the choices you may have regarding your information.
  
  

VI. THIRD-PARTY INTEGRATIONS
Our Service allows you to export Extracted Data to third-party platforms, including but not limited to:

• Google Sheets: Extracted Data is exported to your Google Sheets account via the Google Sheets API.
• Airtable: Extracted Data is exported to your Airtable account via the Airtable API.
• Notion: Extracted Data is exported to your Notion workspace via the Notion API.
  

These exports are initiated by you and occur only at your direction. Once your data is transferred to a third-party platform, it is governed by that platform's privacy policy and terms of service. We encourage you to review the privacy policies of any third-party platforms you use.
We access these platforms using authentication tokens that you authorize via OAuth or API keys. We use these tokens solely to perform the data export operations you request and do not access your third-party accounts for any other purpose.

VII. INTERNATIONAL DATA TRANSFERS
Our servers and operations are located in the United States. If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.
If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, we rely on appropriate legal mechanisms to transfer your data, including Standard Contractual Clauses (SCCs) approved by the European Commission. You may request a copy of the relevant transfer mechanisms by contacting us at contact@thunderbit.com.

VIII. DATA RETENTION
We retain your information for the following periods:

• Account data (email, name, profile information): Retained for as long as your account is active and for a reasonable period thereafter to fulfill legal obligations and resolve disputes.
• Extracted Data: Retained in your account until you delete it or until your account is terminated.
• Web page content sent for AI processing: Not retained after extraction is complete. HTML content is discarded once the AI extraction results are generated.
• Usage and analytics data: Retained in aggregated or anonymized form for up to 24 months.
• Payment records: Retained as required by applicable tax and financial reporting laws.
  

When the retention period expires or when you request deletion, we will delete or anonymize your data in a secure manner, unless we are legally required or permitted to retain it.

IX. DATA SECURITY
We implement industry-standard security measures to protect your information, including:

• Encryption in transit: All data transmitted between your browser, our servers, and third-party services is encrypted using TLS 1.2 or higher.
• Encryption at rest: Data stored on our servers is encrypted using AES-256 encryption.
• Access controls: Access to user data is restricted to authorized personnel on a need-to-know basis.
• Extension security: The Chrome Extension communicates with our servers exclusively over HTTPS. Form auto-fill data is stored locally in the Extension and is not transmitted to our servers.
• Infrastructure security: We use reputable cloud infrastructure providers that maintain industry-standard security certifications.
  

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security. If you become aware of any unauthorized access to your account, please contact us immediately at contact@thunderbit.com.

X. YOUR PRIVACY RIGHTS

1. Rights for All Users
   Regardless of your location, you have the following rights:
   

   • Access: Request a copy of the personal information we hold about you.
   • Correction: Request that we correct inaccurate or incomplete personal information.
   • Deletion: Request that we delete your personal information, subject to certain legal exceptions.
   • Data portability: Request your data in a structured, commonly used, and machine-readable format.
   • Opt-out of marketing: Unsubscribe from promotional communications at any time by following the unsubscribe instructions in our emails or adjusting your preferences in the settings section of the Site.
   • Withdraw consent: Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
     

   Please note that even if you opt out of marketing communications, we may still send you administrative messages (e.g., updates to this Privacy Policy or service notifications).
   To exercise any of these rights, please contact us at contact@thunderbit.com. We will respond to your request within 30 days.
   
   

2. Additional Rights for EEA, UK, and Swiss Residents (GDPR)
   If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following additional rights under the General Data Protection Regulation (GDPR) and equivalent laws:
   

   • Right to restriction of processing: Request that we restrict the processing of your personal data in certain circumstances.
   • Right to object: Object to the processing of your personal data where we rely on legitimate interests as our legal basis.
   • Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated.
     

   Legal Basis for Processing: We process your personal data on the following legal bases:
   

   • Contract performance: Processing necessary to provide you with the Service you requested (e.g., account management, data extraction, data export).
   • Legitimate interests: Processing necessary for our legitimate business interests, such as improving the Service, ensuring security, and preventing fraud, where these interests are not overridden by your rights.
   • Consent: Processing based on your explicit consent, such as sending marketing communications. You may withdraw your consent at any time.
   • Legal obligation: Processing necessary to comply with applicable laws and regulations.
     
     

3. Additional Rights for California Residents (CCPA/CPRA)
   If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
   

   • Right to know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purposes for collection, and the categories of third parties with whom we share it.
   • Right to delete: You have the right to request that we delete your personal information, subject to certain exceptions.
   • Right to correct: You have the right to request that we correct inaccurate personal information.
   • Right to opt-out of sale or sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
   • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
     

   Categories of Personal Information Collected: In the preceding 12 months, we have collected the following categories of personal information:
   

   • Identifiers: Name, email address, IP address, account username.
   • Commercial information: Purchase history, payment records.
   • Internet or network activity: Browsing history on our Site, interaction with our Service, pages visited.
   • Geolocation data: Approximate location derived from IP address.
   • Professional information: Job role, company name (if provided).
     

   To submit a request, contact us at contact@thunderbit.com. We will verify your identity before fulfilling your request and respond within 45 days.
   

XI. CHILDREN'S PRIVACY
Our Site and Service are not intended for individuals under the age of 16. We do not knowingly collect or solicit personal information from anyone under 16. If we discover that we have collected personal information from a child under 16 without appropriate consent, we will delete it promptly. If you believe we have collected such information, please contact us at contact@thunderbit.com.

XII. CHROME WEB STORE COMPLIANCE
Thunderbit's use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.
In accordance with these requirements:

• We limit our use of data to providing and improving our Service as described in this Privacy Policy.
• We do not transfer, use, or sell user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
• We do not transfer, use, or sell user data to data brokers or information resellers.
• We do not transfer, use, or sell user data for purposes unrelated to the Extension's core functionality of AI-powered web data extraction and form auto-fill.
• Human access to user data is limited to purposes directly related to providing the Service, security investigations, compliance with law, or when the data is aggregated and anonymized for internal operations.
  
  

XIII. LINKS TO OTHER WEBSITES
Our Site and Service may contain links to third-party websites or applications. We are not responsible for the privacy practices or content of these third parties. This Privacy Policy applies only to information collected by us through our Site, Extension, and Service. We encourage you to review the privacy policies of any third-party websites you visit.

XIV. CHANGES TO THIS PRIVACY POLICY
We reserve the right to update this Privacy Policy at any time. If we make material changes, we will notify you by email or by posting a prominent notice on our Site at least 30 days before the changes take effect. Non-material changes will take effect immediately upon posting.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our Service after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

XV. CONTACT US
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:
Email: contact@thunderbit.com
Website: https://thunderbit.com
For GDPR-related inquiries, you may also contact us at the email address above with the subject line "GDPR Request."
Thank you for trusting Thunderbit with your information.