Privacy Policy
Last updated: June 9, 2026
Also see our Terms of Service and Compliance & Trust page.
1. Introduction
Thrive DeFi, LLC ("Thrive," "we," "us," or "our") operates the Thrive platform at thrive.fi, app.thrive.fi, and related subdomains (collectively, the "Services"). Thrive provides cryptocurrency market intelligence, trading journal tools, AI-powered analysis, and related educational content. We are not a broker, exchange, custodian, or investment adviser.
This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you visit our websites, create an account, subscribe, connect an exchange, or otherwise use the Services. It applies to users worldwide. By using the Services, you acknowledge this Policy. Where consent is required by law (for example, non-essential cookies or marketing email in certain regions), we obtain it separately.
2. Data Controller & Contact
Thrive DeFi, LLC is the data controller for personal information described in this Policy.
- 8 The Green Ste #11044, Dover, DE 19901, United States
- Privacy & data requests: privacy@thrive.fi (or support@thrive.fi)
- Enterprise / due diligence: cs@thrive.fi
3. Information We Collect
3.1 Account & identity
When you register or authenticate, we collect information such as:
- Email address and name (if provided)
- authentication provider user identifier and authentication metadata
- Account tier, subscription status, and preferences
- Multi-factor authentication status (we do not store your MFA secrets)
3.2 Billing & payments
Payment card and billing details are collected and processed by our payment processor. We receive limited billing metadata (customer ID, subscription status, last four digits, billing country, tax identifiers where applicable) — not full card numbers.
3.3 Trading & platform data you provide
- Trading journal entries, notes, tags, and uploaded CSV files
- Watchlists, custom alerts, and dashboard configurations
- Workbench notebooks, formulas, strategies, and marketplace content you publish
- AI chat prompts and conversation history within the product
- Support messages and feedback you send us
3.4 Exchange connections (optional)
If you connect an exchange, we store encrypted API credentials and sync read-only account data (balances, positions, trade history) to power portfolio tracking and journal import. We only request read-only permissions in our UI and onboarding; we do not request withdrawal or transfer permissions. You are responsible for the permissions you grant on the exchange side.
3.5 Automatically collected data
- Device type, browser, operating system, and language
- IP address and approximate location (city/country level)
- Pages viewed, features used, session duration, and referral URLs
- UTM campaign parameters and affiliate attribution cookies
- Error logs and performance metadata (via error monitoring and hosting logs)
- Anti-abuse signals (rate-limit counters, bot-detection metadata)
3.6 Marketing & communications
- Email marketing opt-in status and drip-sequence enrollment
- Newsletter and waitlist sign-ups
- Sales chat session identifiers when you interact with our website chat
4. Cookies & Similar Technologies
We use cookies, local storage, and similar technologies for:
- Strictly necessary: authentication sessions, security (bot-protection services), and load balancing
- Functional: consent preferences, affiliate attribution (
thrive_ref), and journey attribution - Analytics: first-party and third-party analytics (consent-gated where required) — loaded on thrive.fi only after you accept non-essential cookies
- Advertising / measurement: X (Twitter) Ads pixel — loaded on thrive.fi only after cookie consent
On app.thrive.fi, we use strictly necessary cookies plus product analytics to operate and improve the product. Where required by law, you may reject non-essential cookies on thrive.fi via our cookie banner. You can also control cookies through your browser settings; disabling essential cookies may prevent login.
5. How We Use Information
We use personal information to:
- Provide, operate, and improve the Services
- Authenticate users and enforce account security
- Process subscriptions, credit purchases, marketplace transactions, and affiliate payouts
- Sync exchange data and populate your journal and portfolio views
- Generate AI-powered signals, interpretations, coaching, and workbench responses
- Send transactional email (receipts, alerts, password resets, product notifications)
- Send marketing communications where permitted and with appropriate consent
- Measure product usage, diagnose errors, and prevent fraud or abuse
- Comply with legal obligations and respond to lawful requests
6. Legal Bases (EEA, UK & Similar Jurisdictions)
Where GDPR or equivalent law applies, we rely on:
- Contract: to provide the Services you subscribe to
- Legitimate interests: security, fraud prevention, product analytics, and service improvement (balanced against your rights)
- Consent: non-essential cookies, marketing email where required, and optional features
- Legal obligation: tax, accounting, and regulatory compliance
7. AI Processing
Thrive uses third-party AI providers (from third-party AI inference providers) to power signals interpretation, AI Coach, sales chat, workbench queries, and related features.
- We send only the data needed for each request — for example, your prompt, relevant journal context you invoke, and market data parameters — not your full account export by default
- We do not use your personal trading data to train public foundation models. AI providers process data under their enterprise/API terms and our instructions
- AI outputs are generated automatically and may be inaccurate; see our Terms disclaimers
- Credit-consuming AI actions are logged for billing and abuse prevention
8. How We Share Information
We do not sell your personal information. We do not share your individual trading journal or exchange-synced data with other users except where you explicitly publish content (for example, Marketplace listings) or use social features you opt into.
We may share information with:
- Service providers (processors) listed in Section 9, under data-processing agreements
- Payment & tax: our payment processor for billing, creator payouts, and tax calculation/collection
- Marketplace: aggregate subscriber counts to Creators; our payout provider handles Creator tax forms
- Affiliate partners: attribution data when you arrive via a referral link (not your trading data)
- Exchange partners: outbound click timestamps when you use referral links to third-party exchanges — we do not receive your exchange account data from those links
- Legal & safety: when required by law, court order, or to protect rights, safety, and integrity of the Services
- Business transfers: merger, acquisition, or asset sale, subject to this Policy
9. Subprocessors
We rely on the following categories of providers. Each processes data only on our instructions and under contractual safeguards:
- Authentication & identity — sign-in, sessions, MFA
- Payments & billing — subscriptions, credits, payouts, tax
- Cloud infrastructure — application hosting, database, storage
- Transactional email — account and billing notifications
- Error monitoring — receives page URL, user agent, Thrive user ID, and stack traces — not request bodies, API keys, or journal content
- Rate limiting & caching — abuse prevention counters (hashed user ID or IP)
- AI inference — prompts you submit for AI features (see Section 7)
- Product & marketing analytics — usage measurement (consent-gated where required)
- Bot & abuse prevention — fraud and scraper protection
- Licensed market-data providers — asset symbols and query parameters only, never your identity
The vendor-level list is available under enterprise DPA. Category summary at thrive.fi/legal/subprocessors.
Updates or questions: privacy@thrive.fi.
10. Data Security
We implement technical and organizational measures including encryption in transit (HTTPS/TLS), encryption at rest for exchange API credentials, access controls, webhook signature verification, rate limiting, and environment-isolated secrets. No system is 100% secure; you are responsible for safeguarding your account credentials and exchange API keys.
11. Data Retention
- Active accounts: data retained while your account is active and as needed to provide the Services
- Deleted accounts: personal data deleted or anonymized within a reasonable period after confirmed deletion, except where retention is required by law (tax, billing disputes, fraud prevention)
- Backups: residual copies may persist in encrypted backups for a limited period before rotation
- Analytics logs: retained per provider default retention windows
12. Your Rights & Choices
Depending on your location, you may have the right to:
- Access, correct, or delete your personal information
- Export your data (self-serve: Dashboard → Settings → Export)
- Object to or restrict certain processing
- Data portability
- Withdraw consent where processing is consent-based
- Opt out of marketing email via unsubscribe links
- Delete your account (Dashboard → Settings → Delete Account)
Submit requests to privacy@thrive.fi. We respond within the timeframe required by applicable law (typically 30 days for GDPR). We may verify your identity before fulfilling requests.
13. Region-Specific Disclosures
13.1 European Economic Area & United Kingdom
You may lodge a complaint with your local supervisory authority. For cross-border transfers outside the EEA/UK, we rely on Standard Contractual Clauses and/or adequacy decisions where applicable.
13.2 California (CCPA / CPRA)
California residents have the right to know what personal information we collect, request deletion or correction, and opt out of the "sale" or "sharing" of personal information. We do not sell personal information.We may "share" identifiers and usage data with analytics/ad partners only where you consent via our cookie banner. Submit requests to privacy@thrive.fi with subject line "California Privacy Request." We do not discriminate against you for exercising these rights.
13.3 Other regions
If local law grants you additional privacy rights, contact us and we will honor them to the extent required. The Services are not directed at jurisdictions where use would violate local law.
14. International Data Transfers
Thrive is based in the United States. Your information may be processed in the U.S. and other countries where our providers operate. We implement appropriate safeguards — including standard contractual clauses and processor agreements — for international transfers as required by applicable law.
15. Automated Processing
Thrive uses automated systems (including AI and rule-based engines) to generate signals, scores, and analytics. These outputs are informational tools, not legal or financial decisions about you. We do not make solely automated decisions producing legal or similarly significant effects without human involvement.
16. Third-Party Links & Services
The Services may link to third-party exchanges, social networks, or websites. Their privacy practices are governed by their own policies. When you leave Thrive via a partner referral link, the exchange's terms apply to your relationship with them.
17. Children
The Services are not intended for anyone under 18. We do not knowingly collect personal information from children. Contact us if you believe a child has provided data and we will delete it.
18. Changes to This Policy
We may update this Policy periodically. We will post the revised version with an updated "Last updated" date. For material changes affecting how we use personal information, we will provide additional notice (for example, email to active subscribers or an in-product banner) where required by law. Continued use after the effective date constitutes acceptance where permitted.
19. Contact
- Thrive DeFi, LLC
- 8 The Green Ste #11044, Dover, DE 19901, United States
- Privacy: privacy@thrive.fi
- Support: support@thrive.fi