thoughtleaders.ai
Work with us →
LEGAL

Privacy Policy

This policy explains what ThoughtLeaders, Inc. collects when you use the ThoughtLeaders.AI website, the tl command-line tool, our Claude Code plugin, the browser extension, and the API behind them — and what we do with it. We try to collect as little as the Service needs to work.

Last updated · June 2, 2026

Who this covers

ThoughtLeaders, Inc. ("ThoughtLeaders," "we," "us") operates thoughtleaders.ai and the tl CLI (together, the "Service"). This policy applies to the Service and the account behind it. We act as the data controller for the personal information described here. Our main company website (thoughtleaders.io) and our managed agency services are governed by their own agreements.

What we collect

Account & identity

When you sign in — through Google SSO or with an email and password — we receive your name, email address, and the organization you belong to. We store a profile for you, your plan, and your credit balance.

Authentication credentials

The CLI completes a PKCE OAuth flow and stores the resulting access token in your operating system's secure keychain, on your own machine — not on our servers. If you set up a TL_API_KEY for unattended runs, that key is associated with your account so we can authenticate and meter your requests.

Usage data

Each request records which command or endpoint you called, how many credits it cost, a timestamp, your IP address, and basic client metadata (CLI version, operating system). We use this to meter credits, secure your account, prevent abuse, and improve the Service. We don't retain the full text of your raw query bodies beyond what is needed to operate and debug the Service.

Billing data

Payments are processed by BlueSnap. We receive confirmation of a transaction, the amount, and limited card metadata (brand, last four digits, expiry). We never receive or store your full card number.

Website data

This landing page does minimal web analytics. Our web plaform uses cookies strictly necessary to keep you signed in. We don't run third-party advertising trackers.

What we do

  • Operate, meter, and bill the Service.
  • Authenticate you and secure your account.
  • Enforce plan scoping and prevent fraud or abuse.
  • Provide support and respond to your requests.
  • Send essential service messages — and, if you opt in, occasional product updates.
  • Comply with our legal, tax, and accounting obligations.

Legal bases (EEA / UK users)

Where the GDPR or UK GDPR applies, we rely on:

  • Our legitimate interests — to secure, meter, and improve the Service.
  • Your consent — for the optional Gmail connection and any marketing email.
  • Legal obligation — for tax and accounting records.

How we share it

We do not sell your personal information. We share it only with:

  • Service providers and subprocessors who run the Service on our behalf — including BlueSnap (payments), Google (sign-in and, if you connect it, Gmail), and Cloudflare (hosting and delivery) — under contracts that limit their use of it.
  • Our affiliates within the ThoughtLeaders group, to provide and support the Service.
  • Authorities, when required by law or to protect our rights, our users, or the public.
  • A successor entity, in connection with a merger, acquisition, or sale of assets, subject to this policy.

Creators & public data

Most of the data in the Service — YouTube channels, videos, transcripts, brand mentions, and view curves — is aggregated from publicly available sources and third-party APIs in line with their terms. It is about creators and brands, not about you as a user. If you are a creator and want to know what we hold about your channel, or to request a correction, contact us at the address below.

How long we keep it

We keep account and billing records for as long as your account is active and for as long afterward as we need them for tax, accounting, and legal purposes. Usage logs are retained on a rolling basis for security and metering. Authentication tokens live only on your device until you log out or revoke them.

Security

Account data is encrypted in transit (TLS). Authentication tokens are held in your OS keychain rather than stored by us in plaintext. Access to data is scoped by plan and enforced server-side with row-level security. No system is perfectly secure, but we work to protect your information and to notify you of material incidents as required by law.

Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal information, to object to or restrict certain processing, and to withdraw consent. To exercise any of these, email privacy@thoughtleaders.io. You can also delete your account at any time, which removes your profile and stops further processing. EEA and UK users may lodge a complaint with their local supervisory authority.

International transfers

We are based in the United States and process data there and in regions operated by our providers. Where required, we rely on appropriate safeguards — such as the EU Standard Contractual Clauses — for transfers out of the EEA or UK.

Children

The Service is built for business use, is not directed to anyone under 18, and we do not knowingly collect information from children.

Changes to this policy

We may update this policy as the Service evolves. We'll change the "last updated" date above and, for material changes, give notice through the Service or by email.

Contact

ThoughtLeaders, Inc. — privacy@thoughtleaders.io. For anything else, hello@thoughtleaders.io.