LEGAL

Privacy Policy

This Privacy Policy describes what personal information Thabit, Inc. collects, why we collect it, how we use it, and the choices and rights you have. We apply this Policy to our websites, products, and services worldwide.

LAST UPDATED · APRIL 17, 2026

1. Scope

This Policy covers personal information we collect from: (a) visitors to our websites, including thabit.ai; (b) individuals who sign up for an account or subscribe to a plan; (c) representatives of organizations that become customers; and (d) individuals who contact us directly by email, phone, or through our application forms.

2. Information We Collect

Information you provide

  • Account information, name, email address, organization, role, when you sign up.
  • Billing information, company name, billing address, tax ID; payment card data is processed by our payment provider Stripe and never stored on Thabit systems.
  • Content you create, the documents, packages, and input data you provide while using the Services (collectively, “Customer Data”).
  • Communications, emails, support tickets, survey responses, and in-product feedback.

Information collected automatically

  • Device and usage data, IP address, browser type, operating system, screen size, referrer URL, pages visited, features used, and timestamps. We use this to operate and improve the Services and to detect abuse.
  • Cookies and similar technologies, see Section 7 below.

Information from third parties

  • Identity providers (Clerk, Okta, Azure AD, Google) when you use single sign-on.
  • Payment processor (Stripe) for subscription status.
  • Publicly available sources (LinkedIn, company websites) for business-development purposes with named-account prospects.

3. How We Use Information

We use personal information to:

  • Provide, operate, and maintain the Services;
  • Process subscriptions, payments, and refunds;
  • Communicate with you about your account, security, and service changes;
  • Provide customer support and respond to requests;
  • Detect, prevent, and address fraud, abuse, and security incidents;
  • Improve and develop new features based on aggregated usage patterns;
  • Comply with legal obligations including tax, accounting, and regulatory requirements;
  • Send service-related announcements (you cannot opt out of these while your account is active);
  • With your consent, send marketing communications (you may opt out at any time).

We do not use Customer Data to train machine-learning models. AI-assisted features in our product are powered by third-party foundation models (see Section 4); we do not share Customer Data with those providers for training purposes, and our agreements with them require the same.

4. How We Share Information

We share personal information only as described below.

Subprocessors

We use carefully selected service providers (“subprocessors”) to help operate the Services. Each subprocessor is bound by contract to protect your information and may use it only to provide services to us. The full list is maintained at /legal/subprocessors.

Legal process

We may disclose information when required by law, regulation, legal process, or governmental request; to enforce our Terms; to protect the rights, property, or safety of Thabit, our customers, or the public; or in connection with investigating fraud or security issues.

Business transfers

If Thabit is involved in a merger, acquisition, or sale of assets, personal information may be transferred, subject to the acquirer honoring this Policy’s commitments. We will notify affected users via email or prominent notice before the transfer.

With your direction

We share information when you direct us to, such as when you invite colleagues to your workspace or authorize an integration.

5. Data Retention

We retain account information for the life of your account. Customer Data is retained for the duration of your subscription plus a 60-day grace period post-termination. After deletion, data is purged from production systems within 30 days and from backups within 90 days. Aggregated, anonymized data may be retained indefinitely.

Certain records (invoices, tax documents, logs required for security or regulatory reasons) are retained per applicable law, typically seven years.

6. Your Rights

Depending on where you live, you have rights to:

  • Access the personal information we hold about you;
  • Correct inaccurate or incomplete information;
  • Delete your personal information (subject to retention obligations);
  • Port your data to another service;
  • Restrict or object to certain processing;
  • Withdraw consent to processing based on consent;
  • Opt out of the sale or sharing of personal information, Thabit does not sell personal information.

To exercise any of these rights, email privacy@thabit.ai. We respond within 30 days.

7. Cookies

We use the following categories of cookies and similar technologies:

  • Strictly necessary, authentication, security, load balancing. Cannot be disabled.
  • Analytics, PostHog and Vercel Analytics for understanding product usage. Anonymized where possible.
  • Preferences, remembering your selected options between visits.

We do not use third-party advertising cookies. You can control cookies through your browser settings.

8. Security

We apply administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, or destruction. Details are in our Security Overview. No system is perfectly secure; in the event of a breach affecting your personal information, we will notify you per applicable law.

9. International Transfers

Thabit is based in the United States, and our subprocessors are primarily located in the US. If you access the Services from outside the US, your information will be transferred to, stored, and processed in the US. For EEA/UK customers, transfers are governed by Standard Contractual Clauses as described in our DPA.

10. Children

The Services are not directed to individuals under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact privacy@thabit.ai.

11. California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act and California Privacy Rights Act. In the preceding 12 months, we have collected the categories of personal information described in Section 2 for the business purposes in Section 3. We have not sold or shared personal information as those terms are defined under the CPRA. To submit a request, email privacy@thabit.ai.

12. Changes

We may update this Policy periodically. We will post the updated version at this URL with a new “Last updated” date and, for material changes, provide additional notice via email or in-product. Your continued use of the Services after the effective date means you accept the changes.

13. Contact

Thabit, Inc.
San Diego, California, USA
Privacy inquiries: privacy@thabit.ai
General inquiries: abdala@thabit.ai