Privacy Policy

Throughlines provides read-only revenue analytics for Merchant-of-Record (MoR) platforms — a single dashboard for your recurring revenue across Polar, Paddle, and Lemon Squeezy. This policy explains what we collect, how we use it, and the choices you have. It applies to the Throughlines web application and related services (the “Service”).

By using the Service you agree to this policy. If you do not agree, please do not use Throughlines.

We collect only what we need to run the Service:

• Account information. Your name and email address when you create an account. If you sign in with Google, we receive your basic Google profile and email from that sign-in; we never receive your Google password.
• Connected platform credentials. When you connect a MoR account, you provide a read-only access token or API key. These credentials are encrypted at rest using AES-256-GCM and are used solely to read your billing data on your behalf.
• Billing data from your connected platforms. We ingest customers, subscriptions, orders, products, and the events that change recurring revenue, so we can compute your MRR and related metrics. This data is read only from the platforms you connect — we never create, modify, or cancel anything in those accounts.
• Usage and log data. Standard technical data such as IP address, browser type, and timestamps, used to operate, secure, and debug the Service.

We use the information above to:

• provide the consolidated analytics dashboard and its features;
• authenticate you and keep your account secure;
• operate background jobs that backfill and keep your data in sync;
• communicate with you about the Service (e.g. account and security notices);
• maintain, improve, and troubleshoot the Service.

We do not sell your personal information or your billing data, and we do not use it for advertising.

Throughlines is strictly read-only. We never write to your connected accounts — no refunds, no edits to subscriptions, no charges. The access you grant is used only to read the data needed to compute your analytics.

We rely on a small number of trusted infrastructure providers to run the Service. Your data may be processed by:

• Neon — our serverless Postgres database (where your account and ingested billing data are stored);
• Vercel — application hosting and delivery;
• Inngest — durable background jobs (backfills and webhook processing);
• Paddle — payment processing for paid Throughlines subscriptions;
• Resend — transactional email, where email is configured;
• The MoR platforms you connect (Polar, Paddle, Lemon Squeezy) — the sources we read your billing data from.

We take reasonable measures to protect your information, including encrypting connected platform credentials at rest, transport encryption in transit, and read-only access to your accounts. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

We keep your data for as long as your account is active. You remain in control:

• Disconnect a platform. Deleting a connection removes its stored credentials and cascades the deletion of the billing data and ledger we ingested for it.
• Delete your account. You can request deletion of your account and associated data by contacting us.
• Access & correction. You may request a copy of, or corrections to, your personal information.

Depending on where you live, you may have additional rights under applicable data protection laws.

We use strictly necessary cookies to keep you signed in and to operate the Service. We do not use advertising or third-party tracking cookies.

Throughlines is a business tool not directed to children, and we do not knowingly collect personal information from anyone under 16.

We may update this policy from time to time. When we do, we’ll revise the “Last updated” date above, and for material changes we’ll take reasonable steps to notify you.

Questions about this policy or your data? Email us at support@throughline.app.