Twin Privacy Policy

Last Updated: [Insert Date]

This Privacy Policy explains how Twin (“Company,” “we,” “our,” or “us”) collects, uses, discloses, and safeguards personal information in connection with our data analytics, visualization, and integration services (the “Services”).

By using the Services, you agree to the practices described in this Policy. If you do not agree, please do not use the Services.

Quick Navigation

1. Scope & Controller

This Policy applies to personal information processed by Twin when you visit our websites, use the Services, interact with us, or otherwise communicate with us. Unless stated otherwise, Twin is the “controller” of your personal information for these activities.

If you are an end user of a Twin customer, we process your data as a “processor” on behalf of that customer. Our processing in that context is governed by our agreement with the customer (see Data Processing Addendum).

2. Information We Collect

  • Account & Profile Data: name, email, password (hashed), company, role, preferences.
  • Customer Data (ingested via Services): datasets, logs, metrics, schemas, dashboards, and other content you submit or connect. You (or your organization) control what is provided.
  • Usage Data: feature interactions, timestamps, diagnostics, crash logs, performance metrics.
  • Device & Technical Data: IP address, browser type, OS, device identifiers, referrer URL.
  • Payment Data: billing contact and limited card details processed by our payment processor.
  • Communications: support inquiries, feedback, and message contents.
  • Cookie/Tracking Data: identifiers and analytics signals (see Cookies).

3. Sources of Information

  • Directly from you when you create an account, upload datasets, or contact support.
  • Automatically via cookies, pixels, SDKs, and logs when you use the Services.
  • From third parties such as identity providers, data connectors, analytics vendors, and payment processors.

4. How We Use Information

  • Provide, operate, secure, and maintain the Services.
  • Process Customer Data at your direction and per our agreement.
  • Improve and develop features, models, and integrations.
  • Analyze usage to troubleshoot, prevent abuse, and enhance performance.
  • Communicate about updates, security, and service announcements.
  • Billing, account management, and fraud prevention.
  • Comply with legal obligations and enforce our terms.
  • Create Aggregated/De-identified insights that do not identify you.

6. Cookies & Similar Technologies

We use cookies, pixels, and SDKs for authentication, preferences, analytics, and to improve the Services.

  • Strictly Necessary: login/session management, security.
  • Functional: remembering settings and preferences.
  • Analytics: understanding usage to improve features.
  • Marketing (optional): measuring campaigns (consent where required).

Manage preferences via your browser settings or our cookie banner/manager. Some features may not function without certain cookies.

7. Sharing & Disclosure

  • Service Providers/Processors: hosting, cloud, analytics, support, and payment vendors bound by contractual safeguards.
  • At Your Direction: when you use integrations or share dashboards/datasets.
  • Legal/Compliance: to comply with law, protect rights, safety, or prevent abuse.
  • Business Transfers: related to mergers, acquisitions, financings, or asset sales.
  • Aggregated/De-identified Data: insights that do not identify individuals.

8. International Transfers

We may transfer personal information to countries other than where it was collected. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) and implement supplementary measures.

9. Data Retention

We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention may vary for different data types.

10. Security

We implement technical and organizational measures designed to protect personal information, including encryption in transit, access controls, and auditing. No system is 100% secure; you are responsible for protecting your credentials and devices.

11. Your Rights

Your rights may include:

  • Access, correction, deletion, and portability of your personal information.
  • Restriction or objection to certain processing.
  • Withdraw consent where processing is based on consent.
  • Opt out of marketing communications at any time.

To exercise rights, see Contact. Residents of certain jurisdictions (e.g., EEA/UK, California) have additional rights under local laws.

California (CPRA): You may have rights to know, correct, delete, and opt out of “sharing”/“sale” of personal information. We do not sell personal information as defined by CPRA. Use the “Do Not Sell or Share My Personal Information” link (if applicable) or contact us to exercise rights.

EEA/UK: You may lodge a complaint with your local supervisory authority; we encourage contacting us first.

12. Children’s Privacy

The Services are not directed to children under 16 (or as defined by local law), and we do not knowingly collect personal information from them.

13. Automated Decision-Making

We do not engage in automated decision-making that produces legal or similarly significant effects without human involvement. If this changes, we will provide required disclosures and choices.

14. Data Processing Addendum

For customers that are controllers under data protection laws, our Data Processing Addendum (DPA) governs our processing of Customer Data as a processor, including confidentiality, subprocessor controls, security measures, and international transfer mechanisms. To request or execute a DPA, contact us at privacy@Twin.com.

15. Changes to this Policy

We may update this Policy from time to time. We will post the updated Policy with a new “Last Updated” date and, where required, provide additional notice. Your continued use of the Services means you accept the changes.

16. Contact

If you have questions, concerns, or requests about this Policy or our data practices:

17. Key Definitions

  • Personal Information: information that identifies, relates to, or could reasonably be linked with an individual.
  • Customer Data: data you (or your organization) submit to the Services for processing and analysis.
  • Processor/Controller: roles as defined by applicable data protection laws (e.g., GDPR/UK GDPR).
  • Aggregated/De-identified Data: data that cannot reasonably be used to identify an individual.