Last updated · April 2026

Privacy Policy

Threshold is a tool for protecting yourself from yourself. It collects only what's needed to keep that promise — and it's deliberate about what it never collects.

What Threshold collects

On your computer (chrome.storage.local):

• Your name and a hashed version of your commitment code (we never store the original)
• Your blocklist (categories enabled and any custom domains you added)
• Your pledge text and your signature
• Your accountability partner's name, email address, and chosen relationship label
• Each time the block page renders (timestamp + the blocked domain only)
• Your journal entries (any writing you save while on the block page)
• Your settings (notification preferences, tradition choice for block-page quotes)

On our server (Supabase Postgres, hosted in your selected region):

• The same data as above, with one critical exception below
• Your unlock-request history (what you asked to change, your written reason, and your partner's decision)

What Threshold deliberately never collects

• Your journal entries are never sent to our server or to your partner. They live only on your computer. Your partner sees that you wrote N entries this week — never what you wrote.
• Your browsing history. We see only the moment a blocked domain was attempted — never what you visited otherwise.
• The original commitment code you typed during onboarding. We hash it once with PBKDF2 and forget the input.
• Cookies, fingerprinting, ad tracking, analytics on individual user behavior. None of it.

Who else processes your data

• Supabase hosts our database and serves the API. Privacy: supabase.com/privacy.
• Resend delivers emails to your accountability partner (verification, blocked-attempt notices, unlock requests, weekly summaries). Privacy: resend.com/privacy.
• Vercel hosts the partner-side web pages (verify and decide links). Privacy: vercel.com/privacy.

None of these companies sell your data. None of them share data with advertisers.

What your accountability partner sees

Your partner receives:

• An email when you set Threshold up, asking them to accept the role
• A short email each time you visit a blocked site (domain name only, plus your current streak)
• An email asking their decision when you submit an unlock request (with your written reason)
• A weekly summary email on Sundays (counts only — number of attempts, journal entries written, current streak)
• An email if you reset Threshold's setup

Your partner never sees: your journal contents, your pledge text after onboarding, your other browsing, or any data outside what's listed above.

How long we keep data

• Local data: until you uninstall Threshold or use the "Reset all data" button.
• Server data: as long as your install is active. If you uninstall, your install row is retained until you request deletion. Email privacy@jointhehold.com with your install ID and we'll delete everything within 30 days.

Your rights

• Access: email privacy@jointhehold.com for a copy of all data we have about you.
• Deletion: uninstall the extension to wipe local data; email us to delete server-side data.
• Correction: change your partner contact info or pledge anytime through the extension; email us to correct anything else.
• Withdrawal: stop using Threshold at any time. Uninstalling immediately stops any further data being sent or stored.

Children

Threshold is built for adults choosing recovery. We don't knowingly collect data from anyone under 18. If you believe a child has used Threshold and you'd like their data removed, email privacy@jointhehold.com.

Changes to this policy

If we change anything material, we'll update the "last updated" date at the top of this page. For significant changes (like adding new third-party processors), we'll also send a notice email to existing users with verified partners.

Contact

For privacy questions, data requests, or anything else: privacy@jointhehold.com.