We follow GDPR principles: data minimization, purpose limitation, security by design, and user control. Data is hosted in the EU when applicable, and processing agreements are in place with vendors.

Requests

To request data export or deletion, email privacy@thomas.app from the address associated with your account.