How Thread by Heft IQ collects, uses, and protects information. Last updated June 11, 2026.
We store the data your organisation puts into Thread — prospects, deals, team-member activity, debriefs, tenant offerings, ICP notes, imported CRM records, documents, and generated sales collateral — on infrastructure we run for you. We do not sell it, we do not use it for advertising, we do not train shared AI models on it, and we do not mix it with other tenants’ data. The learning Thread surfaces is scoped to your own organisation.
In most customer workspaces, your company is the controller of the prospect, customer, employee, and CRM data you choose to put into Thread. Heft IQ acts as a processor/service provider for that workspace and uses the data only to provide, secure, and improve Thread for your organisation.
If you are a prospect, partner, or team member of a Thread customer, that customer may control the business records about you in their workspace. We will route privacy requests about that data to the customer’s admin when required.
Strictly to operate Thread for your team: render your dashboard, run your AI-assisted research and generation against your tenant context, import or reconcile CRM records, send notifications you opt into, and provide learning within your org. Your debriefs, practice runs, and deal outcomes improve your organisation’s memory — not a shared cross-customer model.
We do not sell personal data. We do not share it with advertisers. We do not feed it into third-party AI training pipelines.
Thread uses AI to help with account research, deal briefs, one-pagers, outbound drafts, buyer-map suggestions, practice coaching, and similar workflows. Prompts are built from the data available inside your tenant and, where relevant, public research collected for the account you asked Thread to work on.
We do not allow a provider to train general-purpose models on your tenant data. Generated output remains part of your workspace and should be reviewed by your team before external use, especially when it contains facts, recommendations, or regulated claims.
If an admin connects HubSpot, Thread stores the OAuth tokens needed to perform the import/sync actions the admin requests. Imported records keep a HubSpot reference so future runs can detect duplicates, skip unchanged records, and maintain an audit trail of what was created, updated, skipped, or flagged for review.
Thread is designed so teams can prospect and manage active pipeline in Thread while keeping HubSpot clean. We only send data back to connected systems when the workspace is configured to do so or when an authorised user initiates that action.
Thread uses carefully selected service providers to operate the product, including infrastructure, authentication, billing, customer-authorised CRM connectivity, AI processing, notifications, public-web research, background processing, and reliability monitoring.
We avoid publishing a full implementation map on the public website. Customers and security reviewers can review maintained subprocessor details, policies, and available artifacts through the Heft IQ Trust Center or by contacting privacy@heftiq.com.
Tenant-owned records are isolated at the data layer. Every tenant-owned record carries a tenant identifier, and application reads/writes are scoped to the requesting tenant. Cohort insights, research facts, decision traces, practice-run scorecards, HubSpot import rows, and generated collateral all stay inside that tenant boundary.
Active workspaces are retained for as long as your account is active. If you cancel, you can export your data (deals, debriefs, prospects, contacts, offering context, documents, and import history) as CSV/JSON for 30 days, after which we permanently delete it from active systems. Operational logs and analytics events are retained for up to 90 days unless we need to preserve them for security, fraud prevention, or legal reasons.
You can request a copy of your data, ask us to delete it, or correct it — email privacy@heftiq.com from the address on your account and we’ll respond within 30 days. If you’re a partner of one of our customers, your data is controlled by that customer; we’ll route your request to their admin.
We use first-party cookies for authentication and to remember your session. We do not use third-party advertising cookies.
We’ll update this page when our practices change. Material changes get an in-app notice or email notice before they take effect when required.
Privacy questions: privacy@heftiq.com
General: hello@heftiq.com