Legal

Privacy Policy

Last updated: March 4, 2026

Overview

ThinkingPatterns.ai ("ThinkingPatterns", "we", "us") provides a security findings management and observability platform for software development teams. This Privacy Policy explains how we collect, use, and protect information when you use our services.

What we collect

Account information: Email address, name, and authentication credentials when you create an account.

Finding metadata: Security finding details submitted via SARIF ingestion, including rule IDs, finding titles, severity levels, file paths, line numbers, and remediation guidance.

Usage data: Page views, feature usage, and interaction events to improve the product experience.

API keys: Scoped credentials you generate for programmatic access.

What we do NOT collect

We never collect or store your source code. ThinkingPatterns only receives finding metadata (file paths, line numbers, and finding descriptions) — not the source files themselves. Your code stays on your machines and in your repositories.

How we use your data

We use collected information to:

  • Provide and operate the ThinkingPatterns platform
  • Compute security metrics (MTTR, fix rates, finding velocity)
  • Deduplicate findings via fingerprinting
  • Send transactional emails (password resets, invitations)
  • Improve the product based on usage patterns

Third-party services

We use the following third-party services:

  • Supabase — Authentication and database hosting (PostgreSQL)
  • PostHog — Product analytics (anonymized usage events)
  • Vercel — Application hosting and CDN

Data retention

Account data is retained for as long as your account is active. Finding data is retained for the lifetime of the project it belongs to. You can delete projects and their associated data at any time from the project settings.

Upon account deletion, all associated data is permanently removed within 30 days.

Data security

All data is encrypted in transit (TLS 1.2+) and at rest. Database access is governed by row-level security policies that enforce organization-level isolation.

Your rights

You have the right to:

  • Access and export your data
  • Correct inaccurate information
  • Delete your account and all associated data
  • Object to processing of your data

Contact us

For privacy inquiries, contact us at privacy@thinkingpatterns.ai.