Privacy Policy

Effective April 12, 2026

This Privacy Policy explains what personal information Telosbound Institute Inc. (“Telosbound,” “we,” “us,” or “our”) collects when you use Theoria, how we use it, who we share it with, and the choices you have. Telosbound is a corporation incorporated under the laws of British Columbia, Canada, and is the controller of personal information processed through the Service.

We try to keep this document plain. If anything is unclear, write to us at legal@telosbound.com.

At a glance

  • We collect the information you give us when you create an account, post content, ask AI questions, and pay for a subscription.
  • We use it to provide the Service, run our business, communicate with you, and keep things secure.
  • We do not sell your personal information, and we do not show advertising on Theoria.
  • We rely on a small set of trusted service providers (Clerk, Stripe, Neon, Vercel, Sentry, PostHog, Anthropic) to run the Service. They are listed below.
  • You can ask us to access, correct, or delete your information at any time.

1. Information we collect

Information you give us

  • Account information. When you sign up, our identity provider Clerk collects your email address, first name, and last name, and a verification code. We store a record linking your Clerk user ID to your Theoria profile.
  • Billing information. If you purchase a paid plan, our payment processor Stripe collects your payment details and billing address. Telosbound does not see or store your full card number. We store a Stripe customer ID and metadata about your subscription (plan, status, renewal date, cancellation flag).
  • Content you create. Highlights, threads, notes, public and private discussions, replies, library requests, and the questions and answers in your AI inquiries.
  • Reading activity. Your reading position and progress within documents, so we can resume where you left off and show your library status.
  • Communications. If you email us, we keep the message and any information you choose to include.

Information collected automatically

  • Session and authentication cookies. Set by Clerk so that you stay signed in. These are necessary for the Service to function.
  • Preference and session storage. A small amount of data stored in your browser to remember things like your theme (light/dark) and your last library search.
  • Analytics and usage data. We use PostHog to understand how people use Theoria — for example, which documents are read, how far readers progress, which features are used, and where users encounter friction. PostHog receives page-view events, custom usage events, your user ID, IP address, browser type, and device information. PostHog requests are proxied through our own domain.
  • Session recordings. PostHog may record your browsing session within Theoria, including clicks, scrolls, page navigation, and text visible on screen. We use these recordings to diagnose usability issues and improve the Service. Recordings are stored by PostHog and retained according to their data-retention policies.
  • Diagnostic and error data. We use Sentry to record errors and performance information. Sentry receives technical context about the request and may include your user ID, IP address, and browser information so we can reproduce and fix problems.
  • Server logs. Our hosting provider (Vercel) records standard request logs, including IP address, request path, status code, and timestamps, for security and operational purposes.

We do not use advertising trackers or fingerprinting.

2. How we use information

We use personal information to:

  • create and maintain your account and authenticate you;
  • provide the Service, including saving your reading progress, displaying your annotations and discussions, and routing your questions to the AI inquiry feature;
  • process payments, manage subscriptions, prevent fraud, and issue receipts;
  • communicate with you about your account, security, billing, service updates, and your support requests;
  • monitor, debug, and improve the Service, including reproducing errors and analyzing aggregate usage patterns;
  • enforce our Terms of Service, protect the rights, safety, and property of Telosbound and our users, and respond to legal requests; and
  • comply with our legal obligations under Canadian and other applicable law.

Our legal bases for processing personal information include the performance of our contract with you (these Terms and Privacy Policy), your consent where required, our legitimate interests in running and improving the Service securely, and compliance with legal obligations.

3. Public discussions and other public content

Posts in public discussions are visible to anyone who can access the relevant page on Theoria, including unauthenticated visitors, and may be indexed by search engines or quoted in promotional material about Theoria, with attribution to your display name. Please do not post anything in a public discussion that you are not comfortable making permanently visible. Private discussions and personal notes are not displayed publicly and are accessible only to you (and, in the case of private group discussions, the people you share them with).

4. AI processing

When you use the Inquiry tool or other AI-assisted features, the text of your question and the relevant cited passages from the library are sent to Anthropic, our AI provider, for processing through the Vercel AI Gateway. Anthropic processes these requests to generate a response and, under its agreement with us, does not train its models on this data. Your conversation history is also stored in our database so you can return to it later. You can delete an inquiry from your account, and you can ask us to delete your full inquiry history at any time.

Theoria also offers audio playback features. Audio is generated internally using text-to-speech technology and stored in our blob storage so it can be replayed. No user data is sent to a third-party provider for this purpose.

5. Sub-processors and how we share information

We do not sell your personal information. We share it only with the following categories of recipients, and only as needed:

  • Service providers (sub-processors) who help us run Theoria. The current list is:
    • Clerk — authentication and account management (United States).
    • Stripe — payment processing and subscription billing (United States; processes payments globally).
    • Neon — managed PostgreSQL database hosting (United States).
    • Vercel — application hosting, blob storage, and feature flags (United States).
    • Sentry — error and performance monitoring (United States).
    • PostHog — product analytics and session replay (United States).
    • Anthropic, accessed through the Vercel AI Gateway — large language model responses for AI inquiry features (United States).
    • Google Fonts — typography served to your browser.
    We choose providers that we believe offer appropriate security and privacy practices, and we update this list when it changes.
  • Legal and safety recipients. We may disclose information when we believe in good faith that disclosure is necessary to comply with a law, regulation, legal process, or enforceable governmental request; to enforce our Terms; to protect the rights, property, or safety of Telosbound, our users, or the public; or to detect and prevent fraud or security incidents.
  • Business transfers. If Telosbound is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will require the recipient to honour the commitments we have made in this Policy, or we will give you notice and choices.

6. International transfers

Telosbound is based in Canada. Most of our service providers are located in the United States, which means your personal information will be processed and stored outside Canada and may be subject to the laws of those jurisdictions, including lawful access by foreign authorities. We rely on contractual and technical safeguards with our providers to protect your information when it is transferred internationally.

7. Data retention

We keep personal information for as long as your account is active, and afterward for as long as we have a legitimate business or legal reason to do so — for example, to keep accurate financial records, resolve disputes, defend legal claims, or comply with tax and regulatory obligations.

When you delete content (such as a discussion reply or an inquiry), we remove it from active use. Residual copies may persist for a limited time in encrypted backups before being overwritten in the normal course. When you delete your account, we delete or de-identify your personal information within a reasonable period, except where retention is required by law or necessary to complete in-flight transactions.

8. Security

We take the security of your information seriously and use administrative, technical, and physical safeguards designed to protect it, including encryption in transit, access controls, and isolation of credentials. No system is perfectly secure, however, and we cannot guarantee absolute security. If we become aware of a breach that affects your personal information, we will notify you and the relevant authorities as required by applicable law.

9. Your rights and choices

Subject to applicable law, you have the right to:

  • Access the personal information we hold about you;
  • Correct information that is inaccurate or incomplete;
  • Delete your personal information and your account;
  • Withdraw consent for processing that is based on your consent (this will not affect prior processing);
  • Object to or restrict certain processing;
  • Receive a copy of your information in a portable format;
  • Lodge a complaint with a privacy regulator, including the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner for British Columbia.

To exercise any of these rights, write to legal@telosbound.com. We may need to verify your identity before responding. We will reply within the timeframe required by applicable law.

10. Account deletion

To delete your account, send a request from the email address associated with your account to support@telosbound.org. We will confirm receipt and process the deletion within a reasonable period. After deletion, your private notes and inquiries will be removed. Public discussion posts you authored may remain on the Service in anonymized form so that surrounding conversations remain coherent; on request we will also remove or redact those posts where reasonably possible.

11. Children

Theoria is intended for users who are at least 16 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact support@telosbound.org and we will take steps to delete it.

12. Cookies and similar technologies

Theoria uses cookies and similar technologies for the following purposes: authentication cookies set by Clerk to keep you signed in; analytics cookies set by PostHog to distinguish returning visitors, track sessions, and support session replay; and a small amount of local browser storage to remember preferences such as your theme and your last library search. We do not use advertising cookies.

13. Changes to this Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Effective” date at the top of this page. If the changes are material, we will take reasonable steps to notify you, such as posting a notice in the Service or sending an email. Your continued use of the Service after the updated Policy takes effect means you accept it.

14. Contact

Telosbound Institute Inc.
British Columbia, Canada
legal@telosbound.com

See also our Terms of Service.