Gifting has never been easier
Perfect if you're short on time or are unable to deliver your gift yourself. Enter your message and select when to send it.
Threadverse Privacy Policy
# Privacy Policy — Threadverse
**Last updated:** 17 April 2026
## 1. Introduction
Threadverse is an internal business analytics tool operated by Thread Heads Pty Ltd ("Threadheads", "we", "us", "our"), ABN registered in Australia. This Privacy Policy explains how Threadverse collects, uses, stores, and protects data when authorised personnel use the platform in connection with the Threadheads online store.
Threadverse is not a consumer-facing application. It is used exclusively by Threadheads employees and authorised contractors to manage store operations, analyse business performance, and optimise marketing activities.
## 2. Data Controller
**Thread Heads Pty Ltd**
Melbourne, Victoria, Australia
Contact: admin@threadheads.com
## 3. What Data We Process
Threadverse processes the following categories of data in connection with operating the Threadheads online store:
### 3.1 Store Operations Data
- Product catalogue information (titles, descriptions, images, pricing, inventory levels)
- Order data (order IDs, line items, quantities, revenue totals, timestamps)
- Collection and category structures
### 3.2 Aggregated Analytics Data
- Sales performance metrics aggregated by product, category, and time period
- Customer lifetime value metrics computed from order history
- Search analytics (queries, click-through rates, zero-result rates — no personal identifiers)
### 3.3 Advertising Data
- Campaign, ad set, and ad performance metrics from connected advertising platforms
- Spend, impressions, clicks, conversions, and return on ad spend
- Campaign configuration and budget data
### 3.4 Customer Data (Aggregated Only)
- Customer records are processed solely to compute aggregate business metrics (e.g., lifetime value, repeat purchase rate, vendor preferences)
- Individual customer data is not displayed, exported, or shared beyond what is necessary for these aggregate computations
- Customer email addresses are used only as a unique identifier for deduplication during aggregation and are not stored in analytics tables
### 3.5 Personnel Data
- Authorised user email addresses and authentication tokens for platform access
- Activity logs for audit and security purposes
## 4. How We Use Data
All data processed by Threadverse is used exclusively for legitimate internal business purposes:
- Monitoring sales performance and identifying trends
- Analysing product performance to inform merchandising decisions
- Optimising advertising spend and measuring return on investment
- Managing product collections and inventory
- Computing aggregate customer metrics to inform business strategy
- Generating internal reports and insights for the Threadheads team
We do not sell, rent, or share any data processed by Threadverse with third parties for their own purposes.
5. Third-Party Services
Threadverse integrates with the following third-party services to perform its functions:
| Service | Purpose | Data Shared |
|---------|---------|-------------|
| Shopify | E-commerce platform — source of store data | Authorised API access to store data we already own |
| Meta (Facebook) | Advertising platform | Authorised API access to our own ad account data |
| Google Ads | Advertising platform | Authorised API access to our own ad account data |
| OpenAI | AI-powered analysis features | Product titles and images for categorisation (no customer data) |
Each integration uses authenticated API access scoped to the minimum permissions required. No customer personally identifiable information (PII) is sent to AI services.
## 6. Data Retention
**Product and order data:** Retained for the lifetime of the Threadheads store for historical trend analysis.
**Advertising data:** Daily snapshots retained for up to 24 months for year-over-year comparison.
**Search analytics:** Retained for up to 12 months, then automatically purged.
**Aggregated metrics:** Retained indefinitely as they contain no personal data.
**Authentication tokens:** Automatically expire and are rotated on a regular schedule.
## 7. Data Security
We implement appropriate technical and organisational measures to protect data processed by Threadverse:
- All data is transmitted over encrypted connections (TLS/HTTPS)
- API authentication is required for all data access
- Access is restricted to authorised Threadheads personnel only
- Database access uses role-based permissions with least-privilege principles
- Audit logs record significant operations for security review
- The platform is not publicly accessible to consumers
## 8. GDPR Compliance
For customers in the European Economic Area (EEA) and United Kingdom, Threadverse supports the following data subject rights through Shopify's GDPR webhook framework:
**Right of Access:** Customer data export requests are fulfilled within 30 days.
**Right to Erasure:** Customer personal data is anonymised upon request. Email addresses and identifying information are replaced with redacted placeholders.
**Data Portability:** Customer data can be exported in machine-readable format upon request.
To exercise these rights, customers should contact privacy@threadheads.com.au or use the contact methods available on threadheads.com.au.
## 9. Australian Privacy Act
Threadheads complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). Personal information is handled in accordance with these principles, including collection limitation, data quality, security, and openness.
## 10. Cookies and Tracking
Threadverse itself does not set cookies on consumer devices or track website visitors. Search analytics on the Threadheads storefront use anonymous session identifiers that are not linked to customer accounts or personal information.
## 11. Children's Privacy
Threadverse does not knowingly collect or process personal data of children under 16. The platform processes aggregated order data which may include orders placed by or on behalf of minors, but no age-related personal data is stored or analysed.
## 12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. The "Last updated" date at the top of this page indicates when the policy was last revised.
## 13. Contact Us
If you have questions about this Privacy Policy or how Threadverse handles data, please contact:
Thread Heads Pty Ltd
Email: admin@threadheads.com
Website: https://www.threadheads.com
---
This policy applies to the Threadverse internal analytics platform only. For the Threadheads customer-facing privacy policy, please visit [threadheads.com.au/policies/privacy-policy].