Privacy Policy

Effective date: 2 May 2026 · Last updated: 15 May 2026 · Version: 2.1

This Privacy Policy explains how Bazema Limited, trading as Thayne (Company No. 17054726), collects, uses, stores, and protects your personal information when you use our website at thayne.app or any of our services. We are committed to handling your data responsibly and in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this policy carefully. If you have any questions, you can contact us at elliot.bazley@thayne.app at any time.

Contents

01 Who we are 02 What information we collect 03 How we use your information 04 Legal basis for processing 05 Third parties we share data with 06 Payments and billing 07 Artificial intelligence and automated processing 08 How long we keep your data 09 Your rights 10 Cookies 11 Security 12 International data transfers 13 Children 14 Data breaches 15 Information about third-party enquirers 16 Account deletion 17 Marketing communications 18 Changes to this policy 19 Contact us

Who we are

We are Bazema Limited, a company registered in England and Wales under Company Number 17054726, trading as Thayne. Our registered office is at 41 The Rowans, Lancashire, UK.

For the purposes of UK GDPR, Bazema Limited is the data controller for personal information collected through thayne.app. This means we determine how and why your personal data is processed. Our ICO registration number is ZC099568.

You can contact us about any data protection matter at elliot.bazley@thayne.app.

What information we collect

Information you provide at signup

When you create a Thayne account, we collect:

First and last name — to identify you and personalise your experience
Email address — to create your account, send service communications, and contact you about your subscription
Password — stored in encrypted form by our authentication provider, Memberstack. We never have access to your plain-text password
Plan selection — whether you have signed up for a Free or Pro account

Information collected during onboarding

When you complete the Thayne onboarding conversation to configure your first AI link, we collect the content of that conversation, which may include:

A description of your profession and how you work
A description of your ideal client or enquirer
Your preferred tone and communication style
Any other information you choose to share to configure your AI

This information is used to generate your AI configuration and is stored in your account record.

Profile images

If you upload a profile picture or avatar to your account, the image is stored on Cloudflare R2 with a public URL so it can be displayed within the platform. You can update or remove your avatar at any time from your account settings.

Information collected through your AI links

When someone uses a Thayne link you have created, we collect the content of the conversation they have with your AI. This may include personal information voluntarily shared by the enquirer, such as their name, contact details, budget, requirements, and any other details they provide. This information is used to generate a profile delivered to you through your Thayne dashboard.

Payment and billing information

If you subscribe to Thayne Pro, payment is processed by Stripe. We do not store your full payment card details. We receive and store limited billing information from Stripe, including your Stripe Customer ID, subscription status, and billing history. See Section 6 for full details.

Account and usage data

We collect information about how you use the Thayne platform, including:

The AI links you create and their configuration
Conversation and profile data generated through your links
Notification preferences and account settings
Login and session information managed by Memberstack

Information collected automatically

When you visit thayne.app, our website hosting provider (Webflow) and infrastructure provider (Cloudflare) automatically collect certain technical information, including:

Log and usage data — your IP address, browser type and version, pages visited, time and date of your visit, and referring URLs. We also log IP addresses temporarily when conversation links are used, for the purpose of rate limiting and preventing abuse. These IP logs are retained for no more than 1 hour
Device data — information about the device you used to access our site, including hardware model and operating system
Location data — approximate geographic location derived from your IP address

How we use your information

We use the personal information we collect for the following purposes:

To create and manage your account — processing your signup, authenticating your identity, and maintaining your account
To deliver our service — providing you with access to the Thayne platform, processing your onboarding, generating and maintaining your AI link configurations, and delivering conversation profiles to your dashboard
To process payments — managing your subscription, processing payments through Stripe, and sending billing-related communications
To send service communications — transactional emails such as your welcome email, subscription confirmations, and important account notifications
To send notifications — email and, where configured, SMS notifications about new conversations and daily summaries
To respond to your enquiries — if you contact us directly, to respond to your message
To improve our product — understanding how people use our service so we can make it better
To protect our service — detecting and preventing fraudulent or abusive activity
To comply with legal obligations — where we are required to by law

Legal basis for processing

Under UK GDPR, we must have a lawful basis for processing your personal data. The bases we rely on are:

Purpose	Legal basis
Creating and managing your account	Contract — processing is necessary to perform our contract with you
Delivering the Thayne service	Contract — processing is necessary to perform our contract with you
Processing payments and managing subscriptions	Contract — processing is necessary to perform our contract with you
Sending transactional and service emails	Contract — these communications are necessary to deliver the service you have signed up for
Sending marketing communications	Consent — you provide consent at signup, and you can withdraw this at any time
Sending SMS notifications	Consent — you explicitly enable SMS notifications in your account settings
Improving our product and protecting our service	Legitimate interests — we have a legitimate interest in developing and protecting our business
Complying with legal obligations	Legal obligation

Your right to object. Where we rely on legitimate interests as our legal basis, you have the right to object to that processing. If you wish to do so, please contact us at elliot.bazley@thayne.app and we will consider your request.

Third parties we share data with

We do not sell your personal data. We share it only with the third-party service providers necessary to operate our business, all of whom are bound by data processing agreements:

Provider	Purpose	Location
Webflow Inc.	Website hosting and content management	USA (SCCs in place)
Cloudflare Inc.	Infrastructure, DNS, and edge computing for API requests	USA (SCCs in place)
Airtable Inc.	Data storage and database management	USA (SCCs in place)
Make (Celonis SE)	Workflow automation and data processing	EU
Resend Inc.	Transactional and service email delivery	USA (SCCs in place)
Memberstack Inc.	User authentication and account management	USA (SCCs in place)
Stripe Inc.	Payment processing and subscription management	USA (SCCs in place)
Anthropic PBC	AI language model powering Thayne conversations	USA (SCCs in place)
Twilio Inc.	SMS notifications (where enabled by the subscriber)	USA (SCCs in place)

We may also disclose your information to government or law enforcement agencies where required by law, or to protect the rights and safety of Thayne, our users, or others.

Payments and billing

Payments for Thayne Pro are processed by Stripe, Inc., a PCI-DSS compliant payment processor. When you subscribe to a paid plan, you will be directed to a Stripe-hosted checkout page to enter your payment details. We do not receive or store your full card number, CVV, or other sensitive payment credentials — these are handled entirely by Stripe.

We do receive and store the following from Stripe in order to manage your subscription:

Your Stripe Customer ID
Your subscription status (Active, Cancelled, or Paused)
The plan you are subscribed to
The last four digits of your payment card and its expiry date, for display in your account settings
A record of your invoices for billing history purposes

Stripe's privacy policy is available at stripe.com/gb/privacy.

Subscription management. You can view your billing history, manage your payment method, and cancel your subscription at any time from your Thayne account settings. Cancellations take effect at the end of your current billing period.

Artificial intelligence and automated processing

Thayne is an AI-powered service. Conversations that take place through Thayne links are processed by AI language models — currently Anthropic's Claude — to generate responses during the conversation and structured profiles afterwards.

This means:

The content of conversations is transmitted to Anthropic's systems to generate AI responses in real time
After a conversation ends, its content is processed by our systems to generate a structured profile including a fit assessment, intent level, and recommended next step
This processing is automated and does not involve human review at the point of generation
No fully automated decisions with legal or similarly significant effects are made about individuals — all profile outputs are advisory and subject to human review by the subscriber

We also use AI to generate onboarding outputs, welcome emails, and AI assistant responses within the link editor. These processes involve sending relevant account and configuration data to Anthropic's systems.

Opting out of AI processing. Because AI processing is fundamental to how Thayne operates, it is not possible to use the service without it. If you do not wish your personal information to be processed through AI systems, please do not use Thayne. If you have questions about how your data is used, contact us at elliot.bazley@thayne.app.

Anthropic's privacy policy is available at anthropic.com/privacy.

How long we keep your data

We retain your personal data only for as long as necessary for the purposes described in this policy. Our retention periods are as follows:

Account data — retained for the duration of your account. On account deletion, your account record and associated data are permanently deleted within 30 days, except where we are required by law to retain specific records (such as billing data — see below)
Conversation and profile data — retained for the duration of your account. When you delete your account, all conversation and profile data is permanently deleted from our systems
Payment and billing records — retained for 7 years from the date of the transaction, as required by UK tax law
Technical and usage data — retained for up to 12 months
Marketing communications data — retained until you unsubscribe or request deletion

When your data is no longer needed, we will securely delete or anonymise it.

Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

Right of access — you can request a copy of the personal data we hold about you
Right to rectification — you can ask us to correct inaccurate or incomplete data
Right to erasure — you can ask us to delete your personal data in certain circumstances
Right to restrict processing — you can ask us to limit how we use your data in certain circumstances
Right to data portability — you can ask us to provide your data in a structured, machine-readable format
Right to object — you can object to processing based on legitimate interests or for direct marketing purposes
Right to withdraw consent — where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal

To exercise any of these rights, please contact us at elliot.bazley@thayne.app. We will respond within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection, at ico.org.uk or by calling 0303 123 1113.

Cookies

Our website uses cookies — small text files stored on your device — to ensure the site works properly and to understand how it is used. The cookies we use include:

Strictly necessary cookies — required for the site to function, including authentication cookies set by Memberstack to keep you logged in
Performance cookies — set by Webflow and Cloudflare to ensure reliable delivery of our service

We do not currently use advertising or tracking cookies. You can control cookies through your browser settings at any time. Note that disabling strictly necessary cookies will prevent you from logging in to your Thayne account.

For full details of the cookies we use and how to manage them, please see our Cookie Policy.

Security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These include:

Encrypted data transmission using HTTPS across all pages and API endpoints
Password hashing — your password is never stored in plain text
Access controls limiting who within our organisation can access personal data
Use of reputable third-party providers who maintain their own security standards including PCI-DSS compliance for payment processing
API authentication on all data endpoints to prevent unauthorised access

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

If you believe your personal data has been compromised, please contact us immediately at elliot.bazley@thayne.app.

International data transfers

Some of our third-party service providers are based in the United States. When we transfer your personal data outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR, including Standard Contractual Clauses (SCCs) approved by the ICO or the UK International Data Transfer Agreement (IDTA) where applicable.

By creating a Thayne account, you acknowledge that your data may be transferred to and processed in countries outside the UK. We will always ensure that such transfers are made in compliance with applicable data protection law.

Children

Thayne is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected such data, please contact us at elliot.bazley@thayne.app and we will delete it promptly.

Data breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of it, as required by UK GDPR.

Where the breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay, explaining the nature of the breach, the likely consequences, and the measures we are taking to address it.

If you believe your data held by us may have been compromised, please contact us immediately at elliot.bazley@thayne.app.

Information about third-party enquirers

When someone clicks a conversation link created by a Thayne subscriber, their conversation is processed by our systems to generate a profile. This section explains how that data is handled.

What we collect from enquirers

During a Thayne conversation, we collect any personal information an enquirer voluntarily shares, which may include their name, email address, phone number, professional background, budget, requirements, and any other details they choose to provide during the conversation.

How enquirer data is used

To generate a structured profile delivered to the subscriber who owns the link, including a fit assessment, intent level, and recommended next step
To generate AI-powered briefing documents and conversation intelligence within the subscriber's dashboard
To store a full conversation transcript accessible to the subscriber

Disclosure to enquirers

Thayne subscribers are responsible for informing their enquirers that conversations are powered by AI and that a profile will be generated from the conversation. Subscribers accept this responsibility as part of our Terms of Service.

Enquirer rights

Enquirers whose data has been collected through a Thayne conversation link have the same rights under UK GDPR as described in Section 9 of this policy. To exercise these rights, enquirers should contact us at elliot.bazley@thayne.app. We will respond within one calendar month.

Controller and processor roles. When a Thayne subscriber deploys a conversation link, the subscriber is the data controller in respect of enquirer data — they determine the purposes for which it is collected and how it will be used. Bazema Limited acts as a data processor on behalf of the subscriber, processing enquirer data only as needed to deliver the Thayne service. Subscribers are responsible for ensuring their use of Thayne links complies with applicable data protection law, including obtaining any necessary consents from their enquirers and providing appropriate privacy notices before conversations begin.

Account deletion

You can request deletion of your Thayne account at any time by contacting us at elliot.bazley@thayne.app.

When your account is deleted, the following happens:

Your account record, AI link configurations, and conversation and profile data are permanently deleted from our systems
Your Memberstack authentication record is deleted
If you have an active Pro subscription, it will be cancelled and no further charges made. Refunds are not provided for unused portions of a billing period
Payment and billing records are retained for 7 years as required by UK tax law
Anonymised, aggregated usage data that does not identify you may be retained for product improvement purposes

Deletion is permanent and cannot be undone. We aim to complete account deletion requests within 30 days.

Marketing communications

By creating a Thayne account, you consent to receiving emails from us about Thayne, including product updates, feature announcements, and relevant information about our service.

You can withdraw this consent at any time by:

Clicking the unsubscribe link at the bottom of any marketing email we send you
Emailing us at elliot.bazley@thayne.app with the subject line "Unsubscribe"

We will process your request within 10 working days. Note that even after unsubscribing from marketing, we will continue to send you essential service-related communications such as subscription confirmations, payment receipts, and important account notifications. These cannot be opted out of while your account remains active.

Changes to this policy

We may update this Privacy Policy from time to time as our product evolves. When we make material changes, we will notify you by email at least 14 days before the changes take effect. The updated policy will be posted at thayne.app/privacy with an updated effective date.

We encourage you to review this policy periodically. Your continued use of our website or services after any changes constitutes your acceptance of the updated policy.

Contact us

If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal data, please contact us:

Email: elliot.bazley@thayne.app
Trading name: Thayne
Legal entity: Bazema Limited
Company number: 17054726
ICO registration number: ZC099568
Registered office: 41 The Rowans, Lancashire, UK

We aim to respond to all privacy-related enquiries within 5 working days, and to all data subject access requests within one calendar month.