Privacy policy
1. Scope and controller details
This Privacy Policy describes how TwinMail (a product of Twindevs, Inc.) processes personal data when operating the TwinMail service. For account administration and commercial operations, Twindevs, Inc. acts as the data controller for business records and account metadata.
2. Product architecture and processing roles
TwinMail is local-first. Message bodies, attachments, and local indexes are stored on the operator device. In this model, the operator organization controls operational mailbox content processed through TwinMail. Twindevs processes limited service metadata required to operate subscriptions, support requests, and optional cloud workflows explicitly initiated by the operator.
3. Data categories we process
- Account and billing data: account email, organization label, plan, invoices, and payment state.
- Operational telemetry: service events required for reliability, abuse prevention, and support triage.
- Encrypted sync payloads: ciphertext blobs for optional multi-device synchronization.
- Optional AI payloads: only data explicitly submitted through per-action consent sheets.
4. Data we do not access by default
- Email message content and attachments stored only in local vaults.
- Local search indexes and intent queries run on-device unless explicitly escalated.
- Provider credentials stored in local encrypted boundaries.
5. Lawful bases for processing
- Contract: account provisioning, billing, support, and service operation.
- Legitimate interests: security monitoring, abuse prevention, and service reliability.
- Consent: optional cloud AI actions and optional analytics features where enabled.
- Legal obligations: tax, accounting, and regulatory record-keeping.
6. AI provider processing terms
Cloud AI features are disabled by default. Each cloud action requires explicit opt-in at action time with payload preview. TwinMail transmits only approved payloads to the configured provider. AI-provider processing is governed by provider contractual terms and the applicable data processing addendum. TwinMail does not permit model training on submitted customer content where provider controls support that restriction.
7. Subprocessors
TwinMail uses subprocessors for specific functions such as payment handling, encrypted object storage, and delivery infrastructure. Current subprocessors are listed below:
- Stripe: subscription billing and payment operations.
- Cloudflare: network delivery and optional encrypted blob storage services.
- Configured AI providers: only when operator-triggered cloud AI actions are approved.
8. International transfers
Where personal data is transferred internationally, Twindevs applies transfer safeguards including Standard Contractual Clauses and related contractual protections. Transfer scope is minimized by local-first design.
9. Retention schedule
- Account and subscription records: retained while account is active and for required audit periods.
- Encrypted sync objects: deleted after account termination according to service retention windows.
- Support records: retained for support continuity and security traceability, then purged.
10. Security safeguards
TwinMail applies encryption in transit, role-based access controls, event logging, and operational monitoring for hosted components. Local message boundaries remain on-device by design, reducing central content exposure.
11. Data subject rights
Depending on jurisdiction, data subjects may request access, correction, deletion, restriction, objection, and portability for data controlled by Twindevs. Requests can be submitted to privacy@twindevs.com.
12. Children
TwinMail is not directed to children under 16. If we learn that personal data was submitted in violation of this policy, we will take appropriate remediation steps.
13. Policy updates
Material policy changes are communicated through product notices or account email. The version and change summary above indicate the currently published revision.
14. Contact
Privacy inquiries: privacy@twindevs.com
Data protection contact: dpo@twindevs.com
Twindevs, Inc.