Privacy Policy

Effective Date: October 16, 2025

Last Updated: October 16, 2025

Introduction

Welcome to Twined. This Privacy Policy explains how Twined, Inc., a Delaware corporation ("Twined," "we," "us," or "our"), collects, uses, shares, and protects your information when you use our mobile application, website, and related services (collectively, the "Services").

We are committed to protecting your privacy while delivering innovative, AI-powered communication experiences. Please read this policy carefully to understand our practices.

Contact Us: If you have questions or concerns about this Privacy Policy, contact us at legal@twined.ai.

1. Information We Collect

We collect several categories of information to provide, improve, and secure our Services:

1.1 Information You Provide to Us

Account Information: When you create a Twined account, we collect your phone number, name, date of birth, and account credentials (username, password). If you sign in via a third party like Apple or Google, we collect the necessary login tokens. We use this for account management, identity verification, fraud prevention, and regulatory compliance.

Content You Create and Share: We collect content you generate and share through the Services, including messages, media (photos, videos, audio), interactions (reactions, emojis), location information you choose to share, links, and prompts you submit to our AI features.

1.2 Information Derived from Your Content

To provide AI-powered features, we process your content to create AI-generated responses, vector embeddings to organize and search your content, and personalized insights based on your usage.

1.3 Information from Third-Party Services

When you connect third-party services (e.g., streaming platforms, calendar applications), we collect data you authorize them to share with us, such as activity data and profile information.

1.4 Automatically Collected Information

We automatically collect device information (operating system, unique identifiers), usage data (features accessed, session duration), network information (IP address), and log data (crash reports, performance metrics) to operate, troubleshoot, and improve the Services.

1.5 Cookies and Similar Technologies

We use cookies and session tokens to maintain your session and analyze usage. We do not use cookies for advertising or embed third-party trackers in our Services. However, we cannot control trackers or cookies in third-party links shared by other users.

2. How We Use Your Information

2.1 Providing and Improving the Services

We use your information to deliver our core messaging and AI features, personalize your experience, and improve our services. To provide these features, you grant us permission to process your content as described in this policy.

By default, we use your content to train and improve our AI models. Before any training, we de-identify this data by automatically detecting and redacting common categories of personally identifiable information (PII) such as (but not limited to) passwords, credit card numbers, Social Security numbers, health diagnoses, precise addresses, and phone numbers. Our detection systems continually improve to identify and protect additional categories of sensitive information.

You can disable the use of your content for training at any time in your account settings. If you are in a group conversation where any member has opted out, we will not use any content from that conversation for training. Content already incorporated into existing model parameters cannot be retroactively removed because the content has been converted into mathematical parameters distributed throughout the model and cannot be individually identified or extracted. However, we will not use your future content for training once you opt out. Opting out does not affect Twined's ability to provide Services to you.

2.2 Safety, Security, and Compliance

We use information to prevent fraud, abuse, and violations of our Terms of Service, detect and respond to security incidents, comply with legal obligations, and protect the rights and safety of Twined and our users.

2.3 Communications

We use your contact information to send service-related announcements, respond to your support requests, and notify you of changes to our policies or Services.

3. How We Share Your Information

We do not sell your personal information. We share it only in these limited circumstances:

3.1 With Other Users

When you send messages, share content, or interact with other Twined users, that information is shared with your intended recipients according to your choices.

3.2 With Service Providers

We engage third-party service providers to perform functions on our behalf. These providers are contractually obligated to use your information only as necessary to provide their services to us and to implement appropriate security measures. Our service providers include:

  • Cloud Infrastructure Providers: For hosting, data storage, and computing resources

  • AI Service Providers: We transmit queries and content to third-party AI providers (such as OpenAI, Anthropic, Google, and Mistral) solely to generate responses and features you request. We configure these integrations to prohibit training on our data where available, and select providers with policies against training on API data. However, we cannot guarantee third-party compliance with their own stated policies.

  • Communication Services: For phone number verification and delivering push notifications (notification payloads containing message content are encrypted to protect against interception during transmission)

  • Integrated Third-Party Services: For features you choose to enable (such as music streaming, calendar integration, and other connected apps)

  • Analytics and Monitoring Services: For error tracking, performance monitoring, feature management, and understanding service usage

  • Customer Support Tools: For responding to your inquiries and support requests

We conduct due diligence on all service providers and require them to maintain confidentiality and security standards consistent with this Privacy Policy.

3.3 For Legal Reasons

We may disclose your information if required by law or in good faith belief that such disclosure is necessary to:

  • Comply with valid legal processes (subpoenas, court orders, warrants)

  • Respond to claims that content violates third-party rights

  • Respond to government requests, including national security requirements

  • Enforce our Terms of Service or other policies

  • Protect the rights, property, or safety of Twined, our users, or the public

3.4 Business Transfers

If Twined is involved in a merger, acquisition, bankruptcy, reorganization, or sale of assets, your information may be transferred as part of that transaction. In such an event:

  • We will provide advance notice before your information is transferred

  • If the transfer would result in a material change to how your data is handled, processed, or used under this Privacy Policy, we will:

    • Notify you at least 30 days before the transfer is completed

    • Provide you the option to delete your account and all associated data before the transfer occurs

    • Honor all deletion requests submitted before the transfer deadline

  • Any successor entity will be contractually bound to honor the commitments made in this Privacy Policy for data collected prior to the transfer, unless you affirmatively consent to new terms

Your rights under this section survive any business transfer to the fullest extent permitted by law.

4. Data Security

We implement commercially reasonable technical, administrative, and physical safeguards designed to protect your information from unauthorized access, disclosure, alteration, and destruction:

  • Encryption: All user content is encrypted at rest and in transit using industry-standard encryption protocols

  • Secure Transmission: Push notification payloads containing message content are encrypted to protect against interception during transmission

  • Access Controls: We implement role-based access controls that restrict employee and contractor access to personal information. Access requires documented business justification, is subject to real-time audit logging, and may require multiple levels of management approval for sensitive data operations

  • Confidentiality Obligations: All personnel with access to user data are subject to strict confidentiality obligations through employment agreements, non-disclosure agreements, and vendor contracts

  • Security Monitoring: We maintain continuous monitoring for security threats and vulnerabilities

  • Incident Response: We have procedures in place to detect, respond to, and recover from security incidents

While we implement strong security measures, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.

5. Your Privacy Rights

Regardless of where you live, Twined provides the following rights to all users:

5.1 Access, Portability, Correction, and Deletion

You have the right to request a copy of your data, correct inaccuracies, and delete your account. You can exercise these rights within the app or by contacting legal@twined.ai. Following verification of your identity, we will provide your data in a portable, machine-readable format within 45 days. Account data is typically deleted within 90 days of archival.

Limitations on Deletion:

  • We retain usage logs, abuse reports, and debugging information for up to 5 years for legal compliance, security purposes, fraud prevention, and service improvement

  • Content already incorporated into AI model parameters cannot be removed from existing models because the content has been converted into mathematical parameters distributed throughout the model and cannot be individually identified or extracted. However, we will not use your future content for training once you opt out.

  • We cannot control or delete content you have shared with other users, which may have been copied, cached, screenshot, or re-shared by recipients

  • We may retain information when required by law, including to comply with tax, accounting, or other legal retention requirements

  • We may retain information necessary to resolve disputes, enforce our agreements, or complete transactions initiated before deletion

  • If your account is under investigation for violations of our Terms of Service or applicable law, we may retain relevant information until the matter is resolved

5.2 California-Specific Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you in the preceding 12 months, the categories of sources, our business purposes for collection, and the categories of third parties with whom we share information

  • Right to Delete: You may request deletion of your personal information, subject to the limitations described in Section 5.1

  • Right to Correct: You may request correction of inaccurate personal information

  • Right to Opt-Out: We do not sell personal information as that term is defined under California law. While we share data with service providers as described in Section 3, we do not share personal information for cross-context behavioral advertising. If you wish to limit certain data sharing, you may opt out of training as described in Section 2.1.

  • Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information (such as precise geolocation or health information) for purposes other than providing the Services. We do not use such information for profiling or targeted advertising.

  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights, including by denying services, charging different prices, or providing a different level of service quality

To exercise these rights, contact us at legal@twined.ai with "California Privacy Rights Request" in the subject line. We will verify your identity before processing your request and respond within 45 days.

5.3 Additional US State Privacy Rights

Several US states provide privacy rights similar to California's CCPA. If you reside in Colorado, Connecticut, Virginia, Utah, or other states with comprehensive privacy laws, you may have rights including access, deletion, correction, and opt-out rights.

Global Privacy Control (GPC): Because we do not sell or share personal information for cross-context behavioral advertising, GPC is not currently applicable to our Services. If our practices change, we will honor browser-based opt-out signals such as GPC.

Appeals: Some state laws provide a right to appeal our decision if we decline to act on your privacy request. You may appeal by contacting us at legal@twined.ai with "Privacy Rights Appeal" in the subject line. We will respond with our decision and reasoning within the timeline required by law.

6. Data Retention

We retain your information only as long as necessary to provide the Services and fulfill the purposes described in this Privacy Policy:

  • Active Account Data: Retained while your account remains active and for a reasonable period thereafter to allow account recovery

  • Archived Account Data: Deleted within 90 days of account archival, subject to the exceptions outlined in Section 5.1

  • Logs and Operational Data: Usage logs, error reports, and debugging information are retained for up to 5 years for security analysis, fraud prevention, legal compliance, and service improvement

  • Training Data: De-identified content used for AI model training may be retained within model parameters until the relevant models are retired or retrained

7. Children's Privacy

Twined is not intended for users under 18 years of age. By using Twined, you represent and warrant that you are at least 18 years old. We do not knowingly collect, use, or share personal information from anyone under 18.

If we discover that we have inadvertently collected information from someone under 18, we will promptly delete such information from our systems.

If you believe a user under 18 has created an account or is using Twined, please contact us immediately at legal@twined.ai.

8. Third-Party Links and Services

The Services may contain links to or integrations with third-party websites, applications, and services that we do not own or control. This Privacy Policy applies only to information collected by Twined. We are not responsible for the privacy practices or content of third-party services.

When you connect third-party services to Twined (such as music streaming platforms or calendar applications), those services' privacy policies govern their collection and use of your information. We encourage you to review the privacy policies of any third-party services before connecting them to your Twined account.

Other users may share links that contain tracking technologies or cookies. We cannot control and are not responsible for third-party tracking practices in user-generated content.

9. International Users

Twined currently operates in and provides Services exclusively to users in the United States and its territories. Our Services are not directed to individuals outside the United States.

If you access Twined from outside the United States, you do so at your own risk and are responsible for compliance with applicable local laws. Your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using Twined, you consent to the transfer of your information to the United States and its processing as described in this Privacy Policy.

10. No Advertising or Profiling

Twined does not engage in:

  • Targeted advertising based on your personal information

  • Selling or renting personal information to third parties for their marketing purposes

  • Creating detailed user profiles for advertising purposes

  • Behavioral tracking for cross-context advertising

We are committed to a privacy-respecting business model that generates value through our Services, not through advertising or data brokerage.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, Services, technologies, legal requirements, or business operations.

When we make changes, we will:

  • Update the "Last Updated" date at the top of this Privacy Policy

  • Post the revised Privacy Policy on our website and within the Services

  • Provide notice of material changes through in-app notifications or other appropriate means

For material changes that significantly affect your rights or how we handle your information, we will provide prominent notice and, where required by law, obtain your consent before the changes take effect.

Your continued use of Twined after changes become effective constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Information

Twined, Inc.
Legal Department
Email: legal@twined.ai

For general support inquiries: support@twined.ai

If you have questions about this Privacy Policy, concerns about how we handle your information, or wish to exercise your privacy rights, please contact us at legal@twined.ai. We will respond to verified requests within 45 days.

13. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of Delaware and the federal laws of the United States, without regard to conflict of law principles.

By using Twined, you acknowledge that you have read and understood this Privacy Policy.