Legal
Privacy Policy
Effective May 5, 2026
This policy describes what data throu collects, how it is used, and the choices you have. throu is operated by throu.ai.
1. Information we collect
We collect three categories of information:
Account information. When you sign up, our authentication provider (Clerk) records your email address, name, and authentication metadata (e.g., login timestamps, session identifiers). We use this to identify your account and secure access.
Connected-account data. When you connect a third-party service (Gmail, Google Calendar, GitHub, Jira, Linear, Notion, YouTube), OAuth tokens and the data your agents read from those services pass through throu so that your agents can act on your behalf. The scope of data is limited to what each agent needs and what you grant during OAuth.
Usage and content. Chats you send, agent runs you trigger, and outputs the agent produces are stored so you can review them later and so the system can resume long-running tasks across sessions.
2. How we use information
- To operate the agents you have explicitly connected and authorized.
- To send the chats and tool calls you make to large language model providers (currently Anthropic and OpenAI) and return their responses.
- To deliver notifications you have opted into via channels you have linked (e.g., Telegram).
- To debug, monitor, and improve the service.
- To comply with legal obligations.
We do not sell your personal information. We do not use your private content to train third-party models.
3. Service providers we share data with
throu relies on the following sub-processors. Each receives only the data needed to perform its function.
- Clerk - authentication, session management.
- Composio - OAuth token storage and brokered tool calls to connected third-party services.
- Anthropic - large language model inference (Claude).
- OpenAI - large language model inference (GPT family).
- Railway - application hosting and managed PostgreSQL database.
- Vercel - frontend hosting and edge network.
- Telegram - delivery of optional message notifications, when you have linked Telegram.
Each sub-processor handles data under its own privacy practices. You can revoke access at any time by disconnecting the relevant integration in Connections or by deleting your account.
4. Data retention
Account information is retained while your account is active. Chat history and agent run logs are retained for as long as your account is active so that you can review past activity, unless you delete them earlier. When you delete your account, we delete or anonymize the associated data within 30 days, except where retention is required by law.
OAuth tokens for connected services are deleted when you disconnect a provider or delete your account.
5. Your rights
Depending on where you live, you may have the right to access, correct, delete, or export your personal information, and to object to or restrict certain processing. To exercise any of these rights, email privacy@throu.ai.
You can revoke a connected service's OAuth grant at the provider (e.g., your Google Account security page) at any time, independent ofthrou.
6. Security
We use TLS in transit, encryption at rest, and the principle of least privilege for OAuth scopes. See our Security page for details.
7. Children
throu is not directed at children under 13 (or the age of digital consent in your jurisdiction). We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact privacy@throu.ai and we will delete it.
8. International transfers
Your information may be processed and stored in countries other than where you live, including the United States. By using throu, you consent to this transfer.
9. Changes to this policy
We may update this policy. Material changes will be reflected by an updated effective date and, where appropriate, additional notice (e.g., email or in-app banner).
10. Contact
Privacy questions: privacy@throu.ai. For other questions, see our Contact page.