TwineoTwineo

Privacy Policy

Effective Date: March 30, 2026

Introduction

Twineo provides an AI-powered digital twin service that helps founders and solopreneurs generate content on X (Twitter) in their own style. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR).

Data We Collect

  • X (Twitter) Data: Your public tweet history, replies, and profile information via X OAuth.
  • Authentication Data: Google account information (name, email) via Google OAuth.
  • Usage Data: How you interact with the platform, generated tweets, approval/rejection feedback.
  • AI Training Data: Your past tweets and content used to train your personal AI twin (Style Profile).
  • Technical Data: IP address, browser type, device information, server logs.

How We Use Your Data

  • Train and operate your personal AI twin.
  • Generate tweets and replies in your style each morning.
  • Improve the service and develop new features.
  • Communicate with you (account notifications, product updates, support).
  • Comply with applicable legal obligations.

Legal Basis (GDPR)

  • Contract performance: providing the service you signed up for.
  • Legitimate interest: service improvement, security, fraud prevention.
  • Consent: where required (e.g. certain marketing communications).

Third-Party Processors

We share your data only with trusted sub-processors, all operating under GDPR-compliant Data Processing Agreements:

  • Anthropic (Claude API) — AI content generation. Your data is not used to train their global models.
  • Neon (PostgreSQL) — Primary database hosting.
  • Fly.io — Backend server hosting.
  • Upstash / Redis — Caching and rate limiting.
  • Vercel — Frontend hosting.
  • Stripe — Secure payment processing (if applicable).
  • Google & X (Twitter) — Authentication only.

We do not sell your personal data. Ever.

Data Retention

  • X history & AI Style Profile: Retained while your account is active + 30 days after deletion (for recovery purposes).
  • Usage logs: Maximum 12 months.

Data is deleted or anonymized when no longer necessary for the stated purposes.

Your GDPR Rights

As a user, you have the right to:

  • Access and receive a copy of your personal data (data portability).
  • Rectify inaccurate data.
  • Erase your data (Right to be Forgotten).
  • Restrict or object to processing.
  • Withdraw consent at any time.

To exercise these rights, contact: contact@gettwineo.com

International Transfers

Data is primarily hosted within the EU or via providers using Standard Contractual Clauses (SCCs) for any transfers outside the EU.

Security

We implement technical and organizational security measures including encryption at rest and in transit, access controls, and regular security reviews to protect your data.