Privacy Policy
Last updated: June 28, 2026.
1. Who We Are
thinqOS is a product of AI4Outcomes, operated by DeMers IT Inc., a company incorporated in Ontario, Canada. This policy explains what we collect, how we use it, and your rights under applicable privacy law. For users in Canada this includes PIPEDA and provincial privacy laws (such as Quebec's Law 25 and the BC and Alberta PIPA); for users in the EU and UK it includes the GDPR and UK GDPR; for users in the United States it includes state privacy laws such as the CCPA and CPRA.
2. Information We Collect
We collect the following categories of information:
- Account data, through Clerk: your email, display name, and authentication tokens.
- Mind data: everything held in your mind graph, including beliefs, goals, skills, entities, preferences, relationships, and the evaluations attached to them. This is the core of the product.
- Conversation history: your threads, messages, and attachments.
- Uploaded content: documents you upload.
- Model usage data: token counts, the providers used, and costs.
- Technical data: IP address, browser, device, and timestamps.
3. How We Use It
- To run the platform: storing, retrieving, attending to, and consolidating your cognitive state.
- To route AI requests to provider APIs on your behalf.
- To bill accurately, based on token usage.
- To debug and improve the service.
We do not sell your data, we do not use your cognitive state to train third-party models without your explicit consent, and we do not share your data with advertisers. For the purposes of the CCPA and CPRA, we do not "sell" or "share" personal information as those terms are defined.
4. Where Your Data Lives
- Neon Postgres for application data, isolated by identity.
- Google Cloud Run for compute.
- Clerk for authentication and session management.
- AI provider APIs (Anthropic, OpenAI, Google) for inference. Each provider has its own data-handling policy.
5. Third Parties and Sub-processors
We use the following sub-processors to operate the platform:
- Clerk, for authentication and session management.
- Anthropic, OpenAI, and Google, for inference. Your prompts and conversation context are transmitted to the providers you select, so review each provider's privacy policy.
- Google Cloud Platform, for hosting.
- Neon, for managed Postgres.
We will give notice to registered users before adding a new sub-processor that materially changes how your data is handled. Enterprise customers may request a data-processing agreement (DPA) at legal@thinqos.com.
6. International Users, Legal Bases, and Transfers
thinqOS is operated from Canada, and your data is processed in Canada and the United States, including by the sub-processors listed above. Where the GDPR or UK GDPR applies to you, our legal bases for processing are the performance of our contract with you (to provide the platform), your consent where we request it, and our legitimate interests in operating, securing, and improving the service. Cross-border transfers out of the EU or UK rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum. If you are in Quebec, additional rights and French-language obligations under Law 25 apply, and you may contact us to exercise them.
7. Your Rights
Under applicable privacy law, including PIPEDA and provincial Canadian laws, and, where they apply to you, the GDPR, UK GDPR, and US state privacy laws, you have the right to:
- access your data, by exporting your mind graph as JSON;
- correct your data, by editing any node in your mind graph;
- delete your data; on account deletion we begin purging your Mind within 30 days. Residual copies may briefly persist in encrypted backups, which are cleared on the backup cycle, and in third-party AI provider systems under their own retention policies;
- withdraw consent, by deleting your account;
- where the GDPR applies, additionally restrict or object to processing, request portability, and lodge a complaint with your supervisory authority.
To exercise any of these rights, contact us at legal@thinqos.com.
8. Data Retention
We keep each category of data only as long as needed:
- Account data: for the life of your account, then deleted within 30 days of account closure.
- Mind data, conversation history, and uploaded content: until you delete them or close your account.
- Model usage data, such as token counts, providers, and costs: up to 24 months, for billing and accounting.
- Technical and security logs: up to 12 months.
- Backups: on a rolling basis, purged within 30 days.
Anonymized, aggregated data may be kept longer for service improvement and abuse prevention.
9. Cookies and Local Storage
We use a Clerk session cookie for authentication and a session-storage key that tracks an active admin impersonation session. We use no analytics, tracking, or advertising cookies.
10. Security
- Clerk handles password hashing and authentication-token security.
- All traffic is encrypted in transit with TLS.
- Neon provides encryption at rest and in transit.
- We do not yet encrypt individual cognitive nodes at rest. End-to-end encryption of the Mind is on the roadmap, with no committed timeline, and we mark it as planned rather than claiming it today.
11. Data Breach Notification
If a breach of our security safeguards creates a real risk of significant harm, we will notify affected users and the Office of the Privacy Commissioner of Canada as required under PIPEDA, without undue delay. Where the GDPR or UK GDPR applies, we will also notify the relevant supervisory authority within 72 hours of becoming aware of a qualifying breach, and affected individuals where required.
12. Children's Privacy
thinqOS is intended for adults. You must be at least 18 years old to use it, and it is not directed to children. If you believe someone under 18 has created an account, contact us at legal@thinqos.com.
13. Changes to This Policy
We may update this policy from time to time. "Material changes" means changes to the data we collect, how we use or share it, retention, or your rights. We will give at least 30 days' notice of material changes by email to registered users and in-product. Continued use after the notice period constitutes acceptance.
14. Contact
Questions about this policy? Contact us at legal@thinqos.com.