Privacy Notice

Last updated: 29 April 2026 · Version 2.3

1. Who we are

EverythingThreads is operated by Kariem A., trading as EverythingThreads, as a sole trader registered in the United Kingdom. We are registered with the Information Commissioner's Office (ICO) as a data controller, registration number C1896585.

This notice explains what personal data we collect, why we collect it, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Contact: hello@everythingthreads.com

2. What data we collect and why

Newsletter subscribers (Substack / Beehiiv)

• Email address — to send you the newsletter you subscribed to
• Subscription date and preferences — to manage your subscription
• Lawful basis: Consent (UK GDPR Article 6(1)(a))
• You can unsubscribe at any time using the link in any email

M-Code Quiz and interactive tools with optional email

• The M-Code Quiz optionally collects your email address to send you your quiz result and subscribe you to the EverythingThreads newsletter
• You can skip the email step and still see your result — email is not required
• If provided, your email is sent to Beehiiv (our newsletter platform) with your quiz result M-code for personalisation
• Lawful basis: Consent (UK GDPR Article 6(1)(a)) — you chose to enter your email

LiveScope web tools

• When you paste AI-generated text into a tool and submit it, that text is sent to our Cloudflare Worker or Netlify serverless function
• Before the text is passed to the Anthropic Claude API for analysis, our server applies automated PII detection and removes recognisable personal data patterns
• The anonymised text is sent to Anthropic's API to generate a risk score. Anthropic does not train on API submissions by default
• The anonymised text is not retained after scoring. Scores may be cached for up to one hour using Upstash Redis
• Evaluation scores and metadata (not raw text) are stored in Neon PostgreSQL for research
• Lawful basis: Legitimate interests (UK GDPR Article 6(1)(f))

LiveScope browser extension

LiveScope is published to the Chrome Web Store as the canonical build. Builds for Microsoft Edge Add-ons, Firefox AMO, and Safari are also available. The data flow described below applies identically across all four browser builds, with one privacy-positive difference noted under “On-device scoring path” below.

• The extension operates on supported AI chat platforms only: ChatGPT (chat.openai.com, chatgpt.com), Claude (claude.ai), Google Gemini (gemini.google.com), Mistral Le Chat (chat.mistral.ai), and Microsoft Copilot (copilot.microsoft.com)
• The AI response text visible on the page is the only content ever sent for scoring. The extension does not capture your prompts, only the AI-generated response
• PII detection and anonymisation applies before any processing
• Extension settings (enabled state, sensitivity mode, evaluation counts, locale preference, opt-in flag for the on-device path, and — for paid-tier subscribers — an API key used solely to validate tier access) are stored in the browser's sync and local storage on your device. The API key is sent only to our own Cloudflare Worker and is never shared with any third party.
• Local reliability-score history (the last 50 scores, used to render the trend sparkline in the popup) is stored in your browser's local storage and never transmitted
• Page metadata captured alongside each evaluation: the AI platform domain (e.g. chatgpt.com), and the visible name of the model selector on that page (e.g. “GPT-5”, “Claude Sonnet 4.6”). This is not personal data; it is used to populate the per-model breakdown on the public model comparison page.
• Lawful basis: Consent — you installed the extension and accepted the consent gate on first run

On-device scoring path (privacy-positive option)

• On Chrome and Edge builds (v1.2.13+), an opt-in on-device scoring path is available. When enabled, AI response text is scored locally in your browser and never transmitted to our Cloudflare Worker
• The on-device path runs in cascade: first Chrome's built-in Prompt API (Gemini Nano), then a self-hosted WebLLM model (Gemma 2-2B-it, ~1.4 GB downloaded once from Hugging Face and cached in your browser's IndexedDB)
• Model weights are static binary tensors. They are downloaded once on first activation of the on-device path and never contacted again unless you clear browser storage
• The on-device path is unavailable on Firefox and Safari (the offscreen document API required by WebLLM is not implemented in those browsers). On those builds the extension uses the Cloudflare Worker scoring path described above
• When the on-device path is active, no network request is made for scoring. Privacy maximised for users who can afford the local-storage and compute cost

Live model comparison (everythingthreads.com/model-comparison)

• Once a day, our worker sends a fixed set of pre-published benchmark prompts to a roster of frontier AI models (Anthropic, OpenAI, Google, Groq, Mistral) to collect their responses for comparative analysis.
• The prompts are written by us and contain no personal data. The visitor on the page does not send any data to any model provider — the page only reads cached aggregate scores from our database.
• Each response is scored by a separate judge model (Anthropic Claude Haiku) and the aggregate is published on the public page with confidence intervals.
• Lawful basis: Legitimate interests (UK GDPR Article 6(1)(f)) — independent research and transparency.

Browser-only tools

• Self-Anchor, Session Bridge, Signal Check, and other client-side tools process text entirely in your browser
• No text is transmitted to our servers
• Voice recording uses your browser's Web Speech API — audio is processed locally

3. Third parties we use

• Anthropic — processes anonymised text for scoring. Privacy policy
• Cloudflare — runs our scoring API. Privacy policy
• Netlify — hosts this website. Privacy policy
• Neon — PostgreSQL database (EU region). Privacy policy
• Upstash — Redis cache (EU region, 1hr TTL). Privacy policy
• Langfuse — LLM observability (EU-based). Privacy policy
• OpenAI — multi-model comparison. Privacy policy
• Google (Gemini) — multi-model comparison. Privacy policy
• Mistral AI — Boardroom chat (EU-based, France). Privacy policy
• Groq — Boardroom chat (zero data retention). Privacy policy
• Beehiiv — newsletter subscriptions
• Plausible Analytics — cookieless analytics (EU-based)

We do not sell personal data. We do not share personal data with advertisers.

4. How long we keep your data

• Newsletter data: until you unsubscribe
• Cached scores (Redis): 1 hour auto-delete
• Evaluation metadata (database): 12 months
• Server logs (Netlify): 30 days
• Commercial enquiries: 2 years
• Research data: 5 years from study completion

5. Your rights

Under UK GDPR you have the right to: access your data, correct inaccuracies, request deletion, object to processing, withdraw consent, data portability, and lodge a complaint with the ICO.

Contact: hello@everythingthreads.com. We respond within one calendar month.

Data protection complaints: If you are unsatisfied with how we handle your data, please contact us first at hello@everythingthreads.com. We aim to resolve all complaints within 14 days. If you remain unsatisfied, you have the right to lodge a complaint with the ICO at ico.org.uk/make-a-complaint or call 0303 123 1113.

6. Cookies and local storage

This website does not use tracking or advertising cookies. We use Plausible Analytics (cookieless). A cookie consent banner is displayed on first visit allowing you to accept all cookies or use essential only. Your preference is stored in browser localStorage for 12 months.

Some tools use browser localStorage for settings and session data (e.g. Session Bridge items, quiz progress, tool history). This data stays on your device and is never transmitted to our servers. The Chrome extension uses chrome.storage for evaluation counts and preferences.

7. International transfers

Some processors are US-based (Anthropic, Cloudflare, Netlify, Groq). Transfers are covered by UK IDTA, Standard Contractual Clauses, or the UK-US data bridge. Neon, Upstash, and Langfuse store data in EU regions. Mistral is EU-based (France).

8. Changes

We update this notice when practices change. The date at the top shows the last update. Significant changes are communicated to newsletter subscribers.