Threadbase privacy

Privacy

Threadbase is a thin client for self-hosted Threadbase streamers. It does not run any analytics, crash-reporting, or telemetry service of its own.

What stays on your device

  • Server URLs and API keys (Keychain / Keystore via SecureStore)
  • Session display names, draft prompts, UI settings, quick-access list, React Query cache
  • All Claude Code session content fetched from your streamer

What leaves your device, and where it goes

Data that leaves your device
DataDestinationPurpose
DataSession content, prompts, files, status eventsDestinationThe Threadbase streamer URL you configuredPurposeShow your sessions in the app
DataExpo push token (ExponentPushToken[…])Destination(a) Expo's push relay; (b) every streamer you've paired with, via POST /api/push/registerPurposeDeliver session notifications
DataPairing handshakeDestinationThe streamer URL encoded in the pair QR you scanPurposeExchange API key during setup

What we do not collect

The app makes no network calls to any developer-operated backend — there is no Threadbase analytics server, no crash-reporting endpoint, no advertising or tracking SDK. Apart from the Expo push relay (used solely to deliver notifications you opted into) and the streamer URLs you yourself enter, the app talks to nothing.

Permissions used

Permissions used by the app
PermissionWhy
PermissionCameraWhyScan pairing QR codes; attach photos to sessions
PermissionPhoto libraryWhyAttach photos to sessions
PermissionMicrophone + speech recognitionWhyDictate prompts (speech-to-text is on-device)
PermissionNotificationsWhyDeliver session status alerts from your streamers

Your control

  • Remove a server in Settings to revoke its push token and stop all traffic to it
  • Disable notifications system-wide in iOS Settings → Threadbase
  • Uninstalling the app deletes every byte stored locally; nothing persists off-device