Privacy Notice

Last updated: April 2026 · Version 2.0

1. Who we are

EverythingThreads is operated by Kariem A., trading as EverythingThreads, as a sole trader registered in the United Kingdom. We are registered with the Information Commissioner's Office (ICO) as a data controller, registration number C1896585.

This notice explains what personal data we collect, why we collect it, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Contact: hello@everythingthreads.com

2. What data we collect and why

Newsletter subscribers (Substack / Beehiiv)

• Email address — to send you the newsletter you subscribed to
• Subscription date and preferences — to manage your subscription
• Lawful basis: Consent (UK GDPR Article 6(1)(a))
• You can unsubscribe at any time using the link in any email

M-Code Quiz and interactive tools with optional email

• The M-Code Quiz optionally collects your email address to send you your quiz result and subscribe you to the EverythingThreads newsletter
• You can skip the email step and still see your result — email is not required
• If provided, your email is sent to Beehiiv (our newsletter platform) with your quiz result M-code for personalisation
• Lawful basis: Consent (UK GDPR Article 6(1)(a)) — you chose to enter your email

Blackbird Scope web tools

• When you paste AI-generated text into a tool and submit it, that text is sent to our Cloudflare Worker or Netlify serverless function
• Before the text is passed to the Anthropic Claude API for analysis, our server applies automated PII detection and removes recognisable personal data patterns
• The anonymised text is sent to Anthropic's API to generate a risk score. Anthropic does not train on API submissions by default
• The anonymised text is not retained after scoring. Scores may be cached for up to one hour using Upstash Redis
• Evaluation scores and metadata (not raw text) are stored in Neon PostgreSQL for research
• Lawful basis: Legitimate interests (UK GDPR Article 6(1)(f))

Blackbird Scope Chrome Extension

• The AI response text visible on the page is sent to our Cloudflare Worker for scoring
• PII detection and anonymisation applies before any processing
• Extension settings (enabled state, sensitivity mode, evaluation counts) are stored in Chrome's sync storage and local storage on your device
• The extension does not capture your prompts — only the AI-generated response
• Lawful basis: Consent — you installed the extension and accepted the consent gate on first run

Browser-only tools

• Self-Anchor, Session Bridge, Signal Check, and other client-side tools process text entirely in your browser
• No text is transmitted to our servers
• Voice recording uses your browser's Web Speech API — audio is processed locally

3. Third parties we use

• Anthropic — processes anonymised text for scoring. Privacy policy
• Cloudflare — runs our scoring API. Privacy policy
• Netlify — hosts this website. Privacy policy
• Neon — PostgreSQL database (EU region). Privacy policy
• Upstash — Redis cache (EU region, 1hr TTL). Privacy policy
• Langfuse — LLM observability (EU-based). Privacy policy
• OpenAI — multi-model comparison. Privacy policy
• Google (Gemini) — multi-model comparison. Privacy policy
• Mistral AI — Boardroom chat (EU-based, France). Privacy policy
• Groq — Boardroom chat (zero data retention). Privacy policy
• Beehiiv — newsletter subscriptions
• Plausible Analytics — cookieless analytics (EU-based)

We do not sell personal data. We do not share personal data with advertisers.

4. How long we keep your data

• Newsletter data: until you unsubscribe
• Cached scores (Redis): 1 hour auto-delete
• Evaluation metadata (database): 12 months
• Server logs (Netlify): 30 days
• Commercial enquiries: 2 years
• Research data: 5 years from study completion

5. Your rights

Under UK GDPR you have the right to: access your data, correct inaccuracies, request deletion, object to processing, withdraw consent, data portability, and lodge a complaint with the ICO.

Contact: hello@everythingthreads.com. We respond within one calendar month.

Data protection complaints: If you are unsatisfied with how we handle your data, please contact us first at hello@everythingthreads.com. We aim to resolve all complaints within 14 days. If you remain unsatisfied, you have the right to lodge a complaint with the ICO at ico.org.uk/make-a-complaint or call 0303 123 1113.

6. Cookies and local storage

This website does not use tracking or advertising cookies. We use Plausible Analytics (cookieless). A cookie consent banner is displayed on first visit allowing you to accept all cookies or use essential only. Your preference is stored in browser localStorage for 12 months.

Some tools use browser localStorage for settings and session data (e.g. Session Bridge items, quiz progress, tool history). This data stays on your device and is never transmitted to our servers. The Chrome extension uses chrome.storage for evaluation counts and preferences.

7. International transfers

Some processors are US-based (Anthropic, Cloudflare, Netlify, Groq). Transfers are covered by UK IDTA, Standard Contractual Clauses, or the UK-US data bridge. Neon, Upstash, and Langfuse store data in EU regions. Mistral is EU-based (France).

8. Changes

We update this notice when practices change. The date at the top shows the last update. Significant changes are communicated to newsletter subscribers.