Thinkwell Privacy Policy

Effective Date: Aug 1, 2025

Thinkwell ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your choices.

1. Information We Collect

We collect the following types of information when you use Thinkwell:

  • Google Account Data: Your name, email address, and basic profile information via Google OAuth.

  • Vendor Communication Data: Messages, files, and notes related to supplier interactions.

  • Usage Data: Information about how you use the platform, including feature usage and session activity.

2. Gmail Data Use

Thinkwell’s email integration uses Google OAuth to send and receive messages on your behalf via a dedicated inbox (e.g., sourcing@yourcompany.com). We request the following Gmail API scopes:

  • https://www.googleapis.com/auth/gmail.send

  • https://www.googleapis.com/auth/gmail.readonly

We only access emails:

  • Sent to or from the authorized inbox

  • Explicitly triggered by user actions in the Thinkwell platform

We do not read or store any unrelated emails. We do not send any emails on your behalf without your explicit initiation or approval. Emails are only processed as needed to support user-driven workflows such as vendor outreach, quote collection, or renewal follow-ups. You can revoke access at any time via your Google Account Permissions.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Thinkwell platform

  • Send notifications about tasks and updates

  • Help your team manage sourcing and renewal workflows

  • Monitor performance and prevent abuse

4. How We Share Your Information

We do not sell your personal data. We may share information with:

  • Trusted service providers (e.g., hosting and AI infrastructure)

  • Authorized members of your team or organization

  • Legal authorities if required by law

A list of subprocessors is available upon request.

5. Security

We use industry-standard security practices, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)

  • Role-based access controls

  • Regular internal reviews and audits

6. Data Retention & Deletion

You may request to delete your account and associated data at any time by contacting us at support@thinkwell.co.

7. Your Choices

You can revoke Google access at any time through your Google account settings. You may also request deletion of data by emailing us.

8. Contact

For privacy-related questions or concerns, please email support@thinkwell.co.