Privacy Policy

Effective date: March 1, 2025

Thinkle (“Thinkle,” “we,” “us,” or “our”), operated by 3RZ d.o.o., provides a daily thinking trainer that delivers reflections, evaluates responses with AI, and tracks personal progress. This Privacy Policy explains how we collect, use, share, and protect information when you use our website, mobile experiences, or FastAPI backend (collectively, the “Services”).

Information We Collect

  • Account and profile data. Name, email, password hash, avatar, timezone, and learning goals that you choose to provide.
  • Content submissions. Answers to guided reflections, attachments, and feedback you generate through the Services. We treat this as user-generated content.
  • Usage and device signals. Log data (IP address, browser type, referring URLs, pages viewed, approximate location, timestamps), crash reports, and diagnostic events that help us maintain and secure the Services.
  • Cookies and local storage. Session tokens, preference flags, and analytics identifiers stored in your browser when you consent.
  • Third-party sources. If you connect services (e.g., Google or Apple for sign-in), we receive the basic profile data they make available under your authorization.

How We Use Information

  • Authenticate you and deliver core product functionality.
  • Generate guided reflections, evaluate answers, and serve personalized insights.
  • Improve the effectiveness, safety, and reliability of the Services.
  • Provide customer support and respond to requests.
  • Monitor for fraud, abuse, and violations of our Terms of Service.
  • Comply with legal obligations and enforce our agreements.

Legal Bases for Processing (EEA/UK)

When applicable laws require a legal basis, we process personal data under the following grounds: (a) your consent, (b) performance of a contract (providing the Services), (c) legitimate interests (maintaining and improving the Services, securing our systems), and (d) compliance with legal obligations.

How We Share Information

  • Vendors and service providers. Hosting, storage, analytics, customer support, security tooling, and communication platforms that help us operate the Services.
  • AI model providers. Third-party LLM vendors (such as OpenAI) process reflection/response content to deliver feedback and scoring.
  • Business transfers. In connection with a merger, acquisition, financing, or sale of assets, provided the recipient honors this Policy.
  • Legal requirements. If required by law, subpoena, or government request, or to protect rights, property, and safety.
  • With your direction. We share data with third parties when you ask us to or authorize integrations.

International Data Transfers

Our infrastructure may be located in the United States and other jurisdictions. When we transfer personal data internationally, we rely on appropriate safeguards such as Standard Contractual Clauses, data processing agreements, or an adequacy decision where available.

Data Retention

We keep personal data for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Content you submit may be retained until you delete it or close your account unless law requires longer retention.

Your Rights and Choices

  • Access, correct, or delete your data via in-product settings or by contacting us.
  • Withdraw consent for optional processing (analytics, marketing) at any time.
  • Opt out of marketing emails by using the unsubscribe link or contacting support.
  • Request data portability or restriction of processing where applicable under GDPR/UK GDPR.
  • Lodge a complaint with your local data protection authority.

Children

The Services are not directed to individuals under the age of 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child provided data, contact us and we will take steps to delete it.

Security

We implement administrative, technical, and physical safeguards to protect personal data. Despite these measures, no system is perfectly secure, and we cannot guarantee absolute security.

Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised version and update the effective date. If changes materially impact your rights, we will provide notice (e.g., via email or in-app notification) and obtain consent where required.

Contact Us

For privacy requests, contact us at rene@3rz.eu or by mail at 3RZ d.o.o., Suzanicev put 35, 51221 Kostrena, Croatia. You may also submit a data subject request through your account dashboard if available.

We use cookies and local storage to keep you signed in, remember preferences, and measure product usage. By clicking “Accept” you consent to non-essential tracking. You can learn more in our Cookie Policy.