ThresholdIQ ("we", "our", "us") is the operator of thresholdiq.app and the ThresholdIQ anomaly detection platform.
For privacy enquiries, contact us at: support@thresholdiq.app
When you upload CSV, XLSX, JSON, or XML files into ThresholdIQ, those files are read entirely within your browser using the FileReader API. The file bytes are never transmitted to our servers or any third party. Once you close or refresh the tab, the data is gone.
When you sign in via our magic-link email login, we collect and store the following on our servers (Cloudflare Workers KV):
| Data | Purpose | Retention |
|---|---|---|
| Email address | Authentication (magic-link OTP login), account identification, transactional emails (login codes, alert notifications) | Until account deletion |
| Customer ID (UUID) | Internal account identifier | Until account deletion |
| Subscription tier & status | Determine feature access and usage limits | Until account deletion |
| Usage counts (runs this month, total runs) | Enforce tier-based usage limits | Monthly reset; totals retained until account deletion |
| Stripe customer ID & subscription ID | Link your account to your payment subscription | Until subscription ends or account deletion |
| Consent flag & date | Record your GDPR/analytics consent decision | Until account deletion |
| Login timestamps | Account activity auditing | Until account deletion |
| Account creation date | Trial period calculation | Until account deletion |
Your email address is also stored as a one-way SHA-256 hash for fast account lookup. The plaintext email is stored alongside your account record for transactional email delivery.
| Data | Purpose | Retention |
|---|---|---|
| OTP verification codes | Email login verification | 10 minutes (auto-deleted) |
| Session tokens (HMAC-signed) | Authenticate API requests after login | 7 days (stateless; not stored server-side) |
| IP-based rate limit counters | Prevent abuse of login, checkout, and chat endpoints | 15 minutes to 1 hour (auto-deleted) |
If you accept our storage notice, we store the following in your browser's localStorage — this data stays on your device and is never sent to our servers:
| Key | What it stores | Purpose |
|---|---|---|
tiq_consent | "1" (accepted) or "0" (declined) | Records your storage consent decision |
tiq_pro | "1" or "0" | Whether Pro mode is active this session |
tiq_profiles | JSON array of saved threshold profiles | Allows you to reload your configurations |
tiq_session | Session token | Keeps you logged in across page refreshes |
If you decline storage, none of the above is written. The app still works — your profiles simply won't persist after you close the tab.
ThresholdIQ uses the following analytics services to understand how the site is used and improve the product:
Both tools may set cookies in your browser. You can block these via your browser settings or by declining our consent notice.
ThresholdIQ loads open-source JavaScript libraries from cdnjs.cloudflare.com. When your browser requests these scripts, Cloudflare's CDN will receive your IP address. Cloudflare's privacy policy applies: cloudflare.com/privacypolicy
ThresholdIQ loads fonts locally from our own domain. No third-party font services are contacted during normal use.
We share data with the following third parties solely to operate the Service. We do not sell personal data.
| Service | Data shared | Purpose |
|---|---|---|
| Cloudflare (Workers, KV, Pages) | Account data, email (hashed + plaintext), IP addresses | Application hosting, data storage, rate limiting |
| Stripe | Email address, payment information (collected directly by Stripe) | Subscription billing and payment processing |
| Zoho Mail | Recipient email address, email content | Sending OTP login codes and threshold alert notification emails |
| Cloudflare Workers AI | Chat messages you type in the in-app chatbot | AI-powered help assistant (Llama 3.2 model). Messages are not stored after processing. |
| Google Analytics | Anonymised usage data, IP address (anonymised by GA4) | Website analytics |
| Microsoft Clarity | Anonymised session recordings | Usability analysis |
ThresholdIQ offers an optional Google Sheets import feature. If you choose to use this feature:
For users in the European Economic Area (EEA) and United Kingdom, our legal bases are:
You have the right to:
To clear browser-side data: open DevTools (F12) → Application tab → Local Storage → right-click your domain → Clear.
Your account data is stored on Cloudflare's global network (Workers KV), which replicates data across multiple regions. Payment data is processed by Stripe (headquartered in the United States). Transactional emails are sent via Zoho Mail (servers in India and United States). These transfers are governed by the respective providers' data protection agreements and, where applicable, Standard Contractual Clauses.
ThresholdIQ is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect data from children.
We may update this policy. The "Last updated" date at the top will reflect changes. Material changes (new data collection or new third-party sharing) will be communicated via email or an in-app notice. Continued use after changes constitutes acceptance of the updated policy.
For privacy questions, data access requests, or account deletion, contact us at: