Security and privacy

Your thoughts. Your account. Your control.

Think Loud™ is the system of record for what you say and what we make from it. Model providers process the request you authorise. They do not own your library.

Intentional capture only

Think Loud™ never records continuously. Capture begins when you press, speak, or trigger it. The microphone state is always visible.

Account-scoped data

Each user can only access their own data. Row-level security at the database enforces this on every read and write.

Secrets stay on the server

Model and integration secrets are stored as server-side secrets. They are never shipped to the browser.

Export your data

Original audio, transcripts, and generated assets are yours. Export them at any time from settings.

Delete or purge

Delete any thought, idea, or asset. Use account purge to remove everything, including original audio in storage.

Research runs only when requested

External research using Apify or Playwright runs only when you explicitly ask. Evidence and sources are logged.

What we store

Original audio (within your plan storage), raw transcripts, cleaned thoughts, related-thought links, ideas, asset drafts, finished assets, and an internal usage ledger for voice minutes, creation credits, and storage.

What we do not do

  • We do not record without your action.
  • We do not sell your data.
  • We do not train shared models on your private content.
  • We do not claim certifications we have not obtained.

Roadmap commitments

SOC 2 readiness work, downloadable audit logs, and team-scoped roles are tracked openly. We will list them here only when shipped.