Thewebsite of ThreadWork AG (hereinafter “ThreadWork”) is subject to Swissdata protection law, in particular the Federal Act on Data Protection (FADP).The EU recognizes that Swiss data protection law ensures an adequate level ofdata protection.

Withthis Privacy Policy, we inform you about which personal data is processed, forwhat purposes, how, and where, particularly in connection with our websitethread.work, our web platform, our mobile app, and our other offerings. We alsouse this Privacy Policy to inform you about the rights of individuals whosedata we process.

ThreadWorkhas implemented technical and organizational measures to ensure the mostcomprehensive possible protection of the personal data we process.Nevertheless, internet-based data transmissions may inherently contain securityvulnerabilities, meaning that absolute protection cannot be guaranteed.

1. Contact information

ThreadWork AG
Sempacherstrasse 5
6003 Lucerne
Switzerland
E-Mail: support@thread.work

‍
Data Protection Officer (DPO)
Vera Egli
Advokatur Fanger
Sempacherstrasse 5
P.O. Box
6002 Lucerne
E-Mail info@advokatur-fanger.ch

2. Principles of Data Processing

Weprocess personal data that is necessary to provide our services in asustainable, user-friendly, secure, and reliable manner. Such personal data mayinclude account and contact information, browser and device data, content data,metadata and ancillary data, usage data, as well as contract and payment data.

Weprocess personal data for as long as is necessary for the respective purpose oras required by law. Personal data that is no longer necessary for processing isanonymized or deleted.

Wegenerally process personal data only with the consent of the data subject,unless processing is permitted for other legal reasons, such as to fulfill acontract, to protect overriding legitimate interests, or because the processingis evident from the circumstances.

3. Collection and Processing of Personal Data

a) When Visiting the Website

When you visit our website, your browser automatically sends informationto our server, which is temporarily stored in log files. The followinginformation is collected:

–     IP address of therequesting device

–     Date and time ofaccess

–     Name and URL of thepage accessed

–     Website from whichthe access is made (referrer URL)

–     Browser, operatingsystem, and internet service provider used

Thisdata is processed to ensure a smooth connection, to facilitate the use of thewebsite, to evaluate system security and stability, and for administrativepurposes. No conclusions can be drawn regarding your identity.

b) When registering on the web platform

The following information is required when registering on thread.work:

–     Company name andlegal form

–     First and last nameof the contact person

–     Email address

–     Password

–     Billing address

Additionalinformation, such as phone numbers, may be provided optionally. The data to beentered is required for contract fulfillment and account management.

c) When using the platform

The following data is processed when using the platform:

–     Location data andlinked review portals

–     Responses to reviewscreated or approved by the customer

–     Configuration data(tone settings, workflow rules)

–     Usage data (logins,actions on the platform, use of responses)

–     Billing and paymentdata

d) When using the mobile app

Themobile app collects only the data necessary for its operation. There is notracking for advertising purposes and no transfer of data to third parties formarketing purposes. The mobile app uses the same login credentials as the webplatform.

e) When using the contact form

When using our contact form, the following information is required:

–     First and last name

–     Email address

–     Message

Aphone number may also be provided optionally.

f) When subscribing to the newsletter

Onlyan email address is required to subscribe to the newsletter. You canunsubscribe at any time, for example via a link at the end of each newsletteror by emailing support@thread.work.

4. Disclosure of Data

Yourpersonal data will only be disclosed to third parties if:

–     you have given yourexplicit consent;

–     it is necessary forthe performance of a contract (e.g., payment processing via Stripe);

–     it is necessary forthe establishment, exercise, or defense of legal claims;

–     there is a legalobligation to disclose the data.

Recipientsare generally located in Switzerland, the European Economic Area (EEA), or theUnited States. If a recipient is located in a country without an adequate levelof data protection, we ensure the protection of the data through appropriatesafeguards (e.g., standard contractual clauses, etc.).

5. Processors and Third-Party Services

Weuse the following categories of processors to provide our services:

–     Cloud infrastructureproviders (hosting in Switzerland/EEA)

–     Payment serviceproviders (U.S.)

–     Email andcommunication services

–     Analysis andmonitoring services

–     AI service providersfor generating suggested responses

Contractualagreements ensuring compliance with data protection requirements have beenentered into with all data processors.

6. Cookies

Weuse cookies on our website. Cookies are small files that your browserautomatically creates and stores on your device. They do not cause any harm anddo not contain any malware.

Wedistinguish between:

–     Technically necessarycookies: These are required for the functionality of the website and theplatform and cannot be disabled.

–     Analytics cookies:These are only set with your explicit consent and serve to improve ouroffering.

Youcan disable cookies in your browser settings at any time, either completely orpartially. Without cookies, our website may no longer be fully available.

7. Analytics Services

Tothe extent that we use analytics services, this is done only with your consentor based on anonymized data. The analytics services currently in use are listedon our website in the cookie banner. When using services from U.S. providers,data may be transferred to the United States.

8. Data Security

Weuse the SSL/TLS protocol (Secure Socket Layers or Transport Layer Security) inconjunction with the highest encryption level supported by your browser.

Inaddition, we implement appropriate technical and organizational securitymeasures to protect your data against accidental or intentional manipulation,loss, destruction, or unauthorized access by third parties. Our securitymeasures are continuously improved in line with technological developments.

9. Data Transfer Abroad

Theplatform is hosted in Switzerland or within the European Economic Area (EEA).Data will only be transferred to third countries if an adequate level of dataprotection is ensured (e.g., through an adequacy decision or standardcontractual clauses, etc.) or if there is another legal basis for doing so.

10. Retention and Deletion

Westore personal data only for as long as necessary for the respective processingpurposes or as required by statutory retention obligations. Upon termination ofthe contractual relationship, the customer has the option to export their datavia the web platform within 30 days. Thereafter, the data will be deleted,provided that no statutory retention obligations prevent this.

11. Links to Third-Party Websites

Referencesand links to third-party websites are outside our area of responsibility.Access to and use of such websites is at your own risk. We assume no liabilitywhatsoever for such websites.

12. Rights of Data Subjects

Youhave the following rights regarding your personal data:

–     Right of access: Youmay request information about your personal data processed by us, in particularregarding the purposes of processing, the categories of data, the recipients,and the planned retention period.

–     Right torectification: You may request the correction of inaccurate or the completionof incomplete personal data.

–     Right to erasure: Youmay request the erasure of your personal data, provided that no legal retentionobligations or legitimate interests prevent this.

–     Right to restriction:You may request the restriction of the processing of your personal data,provided that the legal requirements are met.

–     Right to dataportability: You may receive your personal data in a structured, commonly used,and machine-readable format or request its transmission to another controller.

–     Right to object: Youmay object to the processing of your personal data at any time, provided thatthe processing is based on legitimate interests that are not overridden by yourinterests.

–     Right to lodge acomplaint: You may lodge a complaint with the competent supervisory authority(Federal Data Protection and Information Commissioner, FDPIC).

Toexercise your rights, please contact support@thread.work.

13. Validity and Changes to This Privacy Policy

Dueto the ongoing development of our website and our services, or due to changesin legal requirements, it may become necessary to amend this Privacy Policy.The current version of the Privacy Policy can be accessed at any time atthread.work/privacy.

TheGerman version of this Privacy Policy shall prevail.

ThisPrivacy Policy is currently valid and is effective as of May 2026.