Privacy Policy

Last updated: February 18, 2026

1. Introduction

SoftFinity Corp ("Company", "we", "us") operates ThinContext.ai ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and handling your data with transparency, security, and compliance with applicable laws and regulations.

By using the Service, you consent to the data practices described in this Policy. If you do not agree with the practices described here, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

• Account information: Name, email address, and password when you create an account
• Payment information: Billing details processed securely through Polar (our Merchant of Record). We never store, process, or have access to your full credit card numbers, CVVs, or other payment card data on our own servers
• Video content: Videos, audio, and related media you upload for analysis
• Communications: Messages you send us via email, contact forms, or support channels

2.2 Information Collected Automatically

• Usage data: Pages visited, features used, timestamps, and interaction patterns
• Device information: Browser type, operating system, IP address, and device identifiers
• Cookies: We use essential cookies for session management and optional analytics cookies (see Section 15)

3. How We Use Your Information

We use collected information solely for the following purposes:

• Provide, operate, and improve the Service
• Process your videos through our AI pipeline and deliver structured text output
• Process payments and manage subscriptions through Polar (our Merchant of Record)
• Communicate with you about your account, service updates, and support requests
• Detect and prevent fraud, abuse, or security incidents
• Comply with legal obligations and enforce our Terms of Service

We do not use your data for advertising, marketing profiling, or any purpose unrelated to delivering and improving the Service.

4. Video, Audio, and Media Handling

We understand that the media you upload may contain sensitive, proprietary, or confidential content. We handle all uploaded media with the highest level of care:

• Temporary processing only: Uploaded videos, extracted audio tracks, intermediate frame captures, and all processing artifacts exist on our servers only for the duration necessary to complete analysis and deliver results
• Automatic purging: All media files — including the original source video, extracted audio, frame images, slide captures, and generated LLM-friendly text output — are permanently and irreversibly purged from our storage systems as soon as processing is complete and results have been delivered to your account. No media files are retained beyond operational necessity
• No model training: We do not use your uploaded videos, extracted audio, transcripts, visual analyses, or generated outputs to train, fine-tune, evaluate, or improve any AI or machine-learning models
• No human review: Your media content is processed entirely by automated systems. No human personnel view, listen to, or review your uploaded content unless you explicitly request support assistance and grant permission
• User-controlled output: The final structured text output remains accessible in your account dashboard until you choose to delete it or close your account

5. No Sale of Data

We do not sell, rent, lease, trade, or otherwise provide your personal information, uploaded content, generated outputs, usage data, or any data derived from your use of the Service to any third party, for any purpose, under any circumstances. This commitment is absolute and applies to:

• Personally Identifiable Information (PII)
• Uploaded media files (video, audio, images)
• Transcripts, visual analyses, and generated text outputs
• Usage analytics and behavioral data
• Payment and billing information

6. Information Sharing

While we never sell your data, we may share limited information with the following categories of recipients, solely as necessary to operate the Service:

• Merchant of Record (Polar): Billing and transaction data necessary to process payments and handle sales tax, VAT, and GST globally. Polar maintains its own privacy and security policies
• Cloud infrastructure providers: Encrypted data stored on and processed by our hosting infrastructure. Providers are bound by data-processing agreements and do not have access to the decrypted content of your media
• Legal requirements: When required by law, valid court order, subpoena, or government request. We will notify you of such requests unless legally prohibited from doing so
• Business transfers: In connection with any merger, acquisition, or sale of company assets. In such an event, your data would remain subject to the protections described in this Privacy Policy
• With your explicit consent: Only when you specifically and affirmatively authorize us to share information with a third party

7. Encryption and Security

We implement end-to-end encryption and comprehensive security measures to protect your data at every stage:

7.1 Encryption in Transit

All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher. This includes video uploads, API requests, account interactions, and output delivery. We enforce HTTPS on all connections and employ HTTP Strict Transport Security (HSTS) to prevent downgrade attacks.

7.2 Encryption at Rest

All data stored on our systems is encrypted at rest using AES-256 encryption. This applies to:

• Uploaded video and audio files (during temporary processing)
• Intermediate processing artifacts (frame captures, slide images, transcripts)
• Generated LLM-friendly text output
• Account information and metadata
• Backup and recovery data

7.3 End-to-End Data Protection

The entire data pipeline — from the moment you upload a video through frame analysis, audio transcription, visual-transcript fusion, LLM structuring, and output delivery — operates within encrypted channels. At no point in the processing pipeline is your data transmitted or stored in unencrypted form.

7.4 Infrastructure Security

• Role-based access control (RBAC) with principle of least privilege
• Multi-factor authentication (MFA) for all internal system access
• Network segmentation, firewalls, and intrusion-detection systems
• Continuous monitoring, logging, and alerting for anomalous activity
• Regular penetration testing and security audits
• Incident-response procedures with defined escalation paths

8. PII Protection

We treat all Personally Identifiable Information (PII) with the highest level of protection:

• Data minimization: We collect only the PII necessary to provide the Service (name, email, billing details)
• Purpose limitation: PII is used exclusively for the purposes described in this Policy and is never repurposed for marketing, profiling, or third-party use
• Encryption: All PII is encrypted both in transit (TLS 1.2+) and at rest (AES-256)
• Access restriction: Access to PII is limited to authorized personnel with a legitimate business need, enforced through RBAC and MFA
• Deletion on request: You may request complete deletion of your PII at any time (see Section 12)

If your uploaded video content contains PII of third parties (e.g., faces, names, voices), that content is subject to the same temporary processing and automatic purging described in Section 4.

9. PCI DSS Compliance

ThinContext.ai does not directly handle payment card data. All payment processing is delegated to Polar, our Merchant of Record, which handles billing, sales tax, VAT, and GST on our behalf.

• We never store, process, or transmit credit card numbers, CVVs, magnetic stripe data, or other cardholder data on our servers
• Payment forms are served directly by Polar's secure checkout infrastructure
• We retain only a tokenized reference and basic billing metadata necessary for subscription management
• Our systems are designed to maintain PCI DSS compliance by ensuring complete isolation from cardholder data environments

10. PHI and HIPAA Compliance

We recognize that some customers may upload video content containing Protected Health Information (PHI), such as recordings of medical consultations, healthcare training sessions, or clinical presentations. ThinContext.ai maintains safeguards aligned with the requirements of the Health Insurance Portability and Accountability Act (HIPAA):

10.1 Administrative Safeguards

• Designated security and privacy officers responsible for compliance oversight
• Workforce training on privacy and security policies
• Access management procedures with regular access reviews
• Documented incident-response and breach-notification procedures

10.2 Physical Safeguards

• Data center access restricted to authorized personnel with physical access controls
• Environmental protections for hardware and storage systems
• Secure media disposal procedures for decommissioned storage devices

10.3 Technical Safeguards

• Encryption in transit (TLS 1.2+) and at rest (AES-256) for all data, including any PHI
• Unique user identification and authentication
• Automatic session timeouts and audit logging of all access to systems containing data
• Automatic purging of all media and processing artifacts upon completion of analysis

10.4 Business Associate Agreements

Enterprise and healthcare customers who will upload content containing PHI must execute a Business Associate Agreement (BAA) with SoftFinity Corp prior to uploading any PHI. To arrange a BAA, contact us at hello@thincontext.ai.

11. Data Retention and Purging

We follow a strict data-retention policy designed to minimize the amount and duration of data we hold:

• Uploaded media (video, audio): Permanently purged from all storage systems immediately upon completion of processing and delivery of results. No copies are retained
• Processing artifacts (frames, slides, intermediate transcripts): Permanently purged simultaneously with the source media upon processing completion
• Generated text output: Retained in your account until you delete it or close your account
• Account information (name, email): Retained for the duration of your active account. Upon account deletion, all PII is permanently removed within 30 days
• Payment records: Billing transaction records are retained as required by tax and financial regulations (typically 7 years), but contain no full payment card data
• Server logs: Anonymized server logs may be retained for up to 90 days for security monitoring and debugging purposes. Logs do not contain media content or PII

All purging operations use secure deletion methods that render data unrecoverable.

12. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal information we hold about you
• Right to rectification: Request correction of inaccurate or incomplete information
• Right to erasure: Request permanent deletion of your personal information and account data
• Right to restriction: Request that we restrict certain processing activities
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing of your personal information in certain circumstances
• Right to withdraw consent: Withdraw your consent at any time where processing is based on consent

To exercise any of these rights, contact us at hello@thincontext.ai. We will respond to your request within 30 days.

13. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you
• Right to delete: You may request deletion of your personal information, subject to certain legal exceptions
• Right to opt out of sale: We do not sell personal information. No opt-out is necessary because no sale occurs
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights
• Right to correct: You may request correction of inaccurate personal information
• Right to limit use of sensitive personal information: You may request that we limit the use of any sensitive personal information to what is necessary to provide the Service

14. GDPR (European Users)

For users in the European Economic Area (EEA) and United Kingdom (UK), we process personal data in accordance with the General Data Protection Regulation (GDPR):

• Legal basis: We process your data based on: (a) contractual necessity to provide the Service, (b) your consent where applicable, (c) our legitimate interests in operating and improving the Service, and (d) legal obligations
• Data transfers: Data transferred outside the EEA is protected by Standard Contractual Clauses (SCCs) or other approved transfer mechanisms
• Data Protection Officer: For GDPR-related inquiries, contact us at hello@thincontext.ai
• Supervisory authority: You have the right to lodge a complaint with your local data protection supervisory authority

15. Cookies

We use the following categories of cookies:

• Essential cookies: Required for the Service to function, including session management, authentication, and security. These cannot be disabled
• Analytics cookies: Help us understand how users interact with the Service so we can improve it. These are optional and can be disabled through your browser settings or our cookie preferences

We do not use advertising cookies, tracking pixels, or third-party marketing cookies. You can control cookie behavior through your browser settings.

16. Children's Privacy

The Service is not intended for individuals under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe that a child has provided us with personal information, please contact us immediately at hello@thincontext.ai and we will promptly delete the information.

17. International Data Transfers

Your information may be transferred to and processed in the United States, where our servers are located. If you are located outside the United States, please be aware that the U.S. may have different data protection laws than your jurisdiction. By using the Service, you consent to the transfer of your information to the United States.

For EEA and UK users, transfers are safeguarded by Standard Contractual Clauses (SCCs) as described in Section 14.

18. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting the updated Policy on this page, updating the "Last updated" date, and sending an email notification to the address associated with your account at least 30 days before the changes take effect.

19. Contact Us

For privacy-related questions, data-access requests, HIPAA inquiries, or BAA arrangements, contact us at:

SoftFinity Corp
4444 Geary Blvd #202
San Francisco, CA 94118
Email: hello@thincontext.ai
Phone: +1 (415) 426-8280