TWINBY PRIVACY POLICY

Last updated: January 21, 2026

Version: 1.0

This Privacy Policy (the “Policy”) explains in detail how Twinby collects, uses, discloses and protects information about you when you use our dating and social discovery services.

This Policy applies to the Twinby mobile application, twinby.com website and any related websites, pages or subdomains we operate that link to this Policy, and any other online products, features, content, communications or services provided by Twinby that link or refer to this Policy (collectively, the “Services”).

This Policy is intended to give you a clear understanding of:

what types of information we collect about you (including personal data and, where applicable, sensitive or “consumer health” data);
how and why we use that information;
with whom we share it and for what purposes;
how long we keep it and how we protect it;
what rights and choices you have under applicable data protection and privacy laws; and
how you can contact us in relation to your privacy.

This Policy does not describe every technical detail of our systems, but it is intended to be complete and accurate at the level required by applicable law (including, where applicable, U.S. state privacy laws, GDPR-style laws and similar frameworks).

By creating user account (the “Account”), accessing or using the Services, you:

acknowledge that you have had an opportunity to read this Policy;
understand that your information will be processed as described in this Policy; and
agree that your use of the Services is also governed by our Terms of Use and any other documents referenced there.

If you do not agree with this Policy, you must not use the Services and should delete your Account (if you have one). If you have questions about any part of this Policy, you should contact us before continuing to use the Services.

This Policy is designed primarily for adults. The Services are intended only for individuals who are at least 18 years old, and we do not knowingly collect personal data from children. Further details are provided in the relevant section of this Policy.

1. WHO WE ARE AND WHO IS RESPONSIBLE FOR YOUR DATA

1.1. Data Controller / Business

Depending on where you live, a different Twinby entity is responsible for your personal data and is your contractual counterparty under the Terms of Use:

If you reside in the United States

The controller / business is:

Twinby Inc.

228 Park Ave S, STE 85451

New York, NY 10003

United States

If you reside outside the United States

The controller is:

Twinby Global Limited

Unit 1603, 16th Floor, The L. Plaza,

367 - 375 Queen's Road Central, Sheung Wan,

Hong Kong

In this Policy, “Twinby”, “we”, “us” or “our” refers to the applicable entity above, and any reference to “controller” or “business” should be read accordingly, depending on which privacy law applies in your jurisdiction.

“You”, “your”, “User” means the individual who accesses or uses the Services, irrespective of whether you have created a registered Account, and whose personal data is processed by Twinby.

1.2. Change of Country of Residence

We determine the relevant Twinby entity primarily based on your place of residence. If your country of residence changes (for example, you move from the U.S. to another country, or vice versa):

we may update the applicable Twinby entity responsible for your data on a going-forward basis;
we will indicate any change to you through the Services or by other reasonable means (for example, by notice in the app or by email), where required; and
the new entity will become your controller / business for future processing, without affecting the lawfulness of processing carried out before the change.

The underlying infrastructure, systems and service providers may remain the same regardless of which entity is your controller, but responsibility and legal obligations will sit with the applicable entity described above.

1.3. Relationship with App Stores and Third Parties

This Policy covers how Twinby processes your data. It does not govern how independent third parties process your data when you interact with them, for example:

App Store Providers (such as Apple App Store and Google Play), which process your payment information and Account data under their own terms and privacy policies;
external websites or services you access via links from profiles, messages or ads;
third-party apps or platforms where you may see Twinby content or advertising.

Those third parties are typically independent controllers of your data for their own purposes. You should review their privacy policies separately. Twinby is not responsible for how they handle your data.

1.4. How This Policy Relates to Other Documents

This Policy should be read together with:

our Terms of Use, which govern your contractual relationship with Twinby and the use of the Services;
any Consumer Health Data Privacy Policy that may apply in certain jurisdictions (for example, Washington State or other U.S. states with similar laws);
any state-specific privacy or safety notices we make available (for example, Colorado Safety Policy or similar notices);
our Cookie Policy, which provides more detail on our use of cookies and similar technologies; and
any other Twinby policies, guidelines or notices referenced in the Services and incorporated by reference into the Terms of Use.

If there is any inconsistency between this Policy and a more specific, jurisdiction-specific privacy notice or Consumer Health Data Privacy Policy, the more specific document will prevail for the scope and jurisdiction it covers, to the extent required by applicable law.

1.5. Contact Details for Privacy Matters

You can contact us about this Policy or our handling of your personal data using the contact details provided in the Section 16 and, where applicable, in any local privacy notice. In particular:

for general privacy questions and rights requests, you should use the dedicated privacy contact channels indicated later in this Policy;
for legal notices (including regulatory or law-enforcement communications), you should use the legal contact details indicated later in this Policy.

If you are located in a jurisdiction that requires a local representative or specific contact point (for example, a data protection officer, EU/UK representative or consumer contact), we will identify this in the relevant regional section or local notice.

2. SCOPE OF THIS POLICY; NOT FOR CHILDREN

2.1. Material Scope – When This Policy Applies

2.1.1. This Policy applies to the collection and processing of information about you in connection with your use of the Services, as defined in the preamble, including:

the Twinby mobile application;
the twinby.com website and any related websites we operate; and
any other online products, features, content or services that link to or reference this Policy.

2.1.2. This Policy applies:

when you create, access or use an Account;
when you browse or interact with the App or website (with or without an Account);
when you communicate with us (for example, via support, legal contacts or feedback forms);
when we receive information about you from third parties in connection with the Services (for example, App Store Providers, payment processors, analytics and safety partners).

2.1.3. This Policy does not apply to:

third-party websites, apps, platforms or services that are not controlled by Twinby, even if they are linked from or accessible through the Services;
any processing of your data carried out solely by App Store Providers, payment processors, social networks or other third parties under their own privacy policies.

When you access third-party services, their own privacy policies and terms apply, and you should review them separately.

2.2. Territorial Scope – Where This Policy Applies

2.2.1. This Policy applies to users worldwide, subject to Section 1 (who is responsible for your data) and any jurisdiction-specific sections or notices that we provide.

2.2.2. Certain provisions of this Policy apply only to residents of specific jurisdictions, for example:

U.S. state privacy laws such as the California Consumer Privacy Act (CCPA/CPRA) and similar laws in other states;
any applicable consumer health data laws;
any other local privacy or consumer protection laws that grant you additional rights or that impose specific obligations on Twinby.

Where required, we will provide additional state- or country-specific privacy notices that complement this Policy. If there is any conflict between such a specific notice and this Policy, the more protective provision for the user in the relevant jurisdiction will apply, to the extent required by law.

2.2.3. Nothing in this Policy is intended to limit any mandatory rights you may have under the laws of your place of residence that cannot be waived by contract. Where such rights exist, we will respect them.

2.3. Relationship with the Terms of Use and Other Notices

2.3.1. This Policy forms part of, and should be read together with, our Terms of Use. Capitalized terms used but not defined in this Policy have the meaning given to them in the Terms of Use.

2.3.2. In addition to this Policy and the Terms of Use, we may provide:

a Cookie Policy describing our use of cookies, SDKs and similar technologies;
a Consumer Health Data Privacy Policy (where required by law);
state- or country-specific privacy or safety notices;
in-product notices at the point of data collection (for example, consent dialogs for location or notifications).

Those documents and notices complement this Policy and may provide further detail on specific processing activities or legal requirements.

2.4. Age Restrictions – Services Are Not for Children

2.4.1. The Services are intended solely for adults who are at least eighteen (18) years old. By using the Services, you represent and warrant that you are at least 18 years old, as set out in the Terms of Use.

2.4.2. We do not knowingly collect personal data from:

anyone under the age of 18; and
in particular, any “child” as defined under U.S. Children’s Online Privacy Protection Act (COPPA) (generally, under 13 years of age).

2.4.3. You must not create an Account or use the Services if:

you are under 18; or
applicable law in your jurisdiction prohibits you from using dating or similar services at your current age.

2.5. If We Learn That a User Is Underage

2.5.1. If we become aware, or have reasonable grounds to believe, that a user is under 18, we may take appropriate measures, which can include:

suspending or terminating the Account;
restricting access to the Services;
deleting or anonymizing personal data associated with the Account, to the extent required or permitted by law;
taking additional steps if required by applicable law (for example, under COPPA or similar laws).

2.5.2. If you are a parent or legal guardian and believe that your child has provided us with personal data or is using the Services in violation of this Policy and the Terms of Use, you should contact us immediately using the details in Section 17.8 of the Terms of Use or contact us at . We will review the situation and take appropriate action, which may include:

verifying your identity and relationship to the child;
locating the relevant Account, if possible;
deleting or anonymizing personal data relating to the child, to the extent required by law.

2.6. Misrepresentation of Age

2.6.1. If you misrepresent your age in order to access the Services, you are in breach of the Terms of Use. In such cases, we may:

immediately suspend or terminate your Account;
restrict your future ability to create new Accounts;
retain limited information necessary to enforce our rules, protect safety, prevent abuse and comply with legal obligations.

2.6.2. Where required by law, we may keep records of such incidents and, in serious cases (for example, involving High-Risk Categories or potential offences against minors), we may cooperate with law enforcement or relevant authorities, in line with applicable legal standards and our safety procedures.

2.7. No Deliberate Profiling of Children

2.7.1. We design and operate the Services on the basis that users are adults. We do not deliberately target, profile or personalize experiences for children, and we do not knowingly use personal data of anyone under 18 for any processing purpose.

2.7.2. If at any point we discover that personal data of a child has been processed contrary to this Policy, we will take reasonable steps to:

stop the processing;
delete or anonymize the data, unless we are legally required to retain it (for example, for safety or law-enforcement purposes);
adjust our internal processes to reduce the risk of recurrence.

3. INFORMATION WE COLLECT

3.1. Overview

3.1.1. In connection with providing the Services, we collect information about you that can be grouped into the following broad categories:

information you provide directly;
information we collect automatically when you use the Services;
information we receive from other users and third parties;
information we derive or infer from other data.

3.1.2. Some of this information may be considered sensitive under certain laws (for example, information about sexual life or orientation, precise location, certain health-related information, or government-issued IDs). Where required by law, we will only process such information with your consent or under another legal basis allowed by applicable law. Additional details are in Section 3.5 and in any jurisdiction-specific notices.

3.1.3. We describe how and why we use these categories of information in Section 4 (How We Use Your Information) and in other parts of this Policy.

3.2. Information You Provide to Us

3.2.1. Account Registration and Profile Data

When you create or update an Account, you may provide:

identification and contact details
email address;
mobile phone number;
username or handle;
basic profile data
name (or display name);
age and date of birth;
gender;
location information you choose to show (e.g., city, region);
language and/or preferred app language;
dating-related information
your preferences regarding who you want to see or match with (e.g., age range, gender, distance);
relationship goals or intentions (e.g., casual dating, long-term relationship), where such fields are available;
interests, tags, hobbies, prompts and similar profile fields;
authentication / login data (depending on features available)
password or other credentials (if you register with email/phone and password);
identifiers from supported single sign-on or external login providers (e.g., Apple, Google), if you choose to use them.

3.2.2. Photos, Videos and Other Profile Content

You may upload or otherwise provide:

photos and/or videos for your profile;
prompts, bios and free-text fields;
optional content such as voice notes, interests, or short answers to questions.

By choosing to upload photos, videos or text, you understand that they may reveal information about you, including sensitive information (for example, sexual orientation, religion, ethnicity or health status), depending on what you decide to share. You are not required to provide such information, but if you choose to do so, it will be processed in accordance with this Policy and applicable law.

3.2.3. Content and Communications with Other Users

When you use the Services, you may generate or provide:

messages and other communications
text messages, emojis, reactions;
images, videos, voice messages or other media sent to other Users;
engagement data
likes, passes, matches, blocks;
reports you submit about other Users or content;
responses to in-app prompts or features (e.g., “like”, “super like”, “boost” usage).

We process this information to operate the Services (for example, delivering messages and matches), maintain safety, and enforce our Terms and Community Guidelines.

3.2.4. Communications with Us

If you contact us directly, you may provide:

support requests and correspondence
messages sent to support (in-app or via email);
information about technical issues, payment problems, or safety concerns;
legal, privacy and DMCA communications
notices sent to our legal or DMCA contact addresses;
information and documentation you provide when exercising privacy rights or sending a DMCA notice or counter-notice;
identity or verification information
documents or details you voluntarily provide when we ask for additional verification (e.g., copies of ID, selfie photos, evidence for a complaint).

We keep records of these communications as part of our legitimate business interests (e.g., support, compliance, dispute handling), subject to applicable retention rules.

3.2.5. Surveys, Research and Feedback

We may invite you to participate in:

surveys, questionnaires or research studies;
beta tests, product experiments or user interviews;
feedback forms about features, safety or satisfaction.

If you participate, we collect the information you provide in your responses. You can decline to participate; this does not affect your use of the core Services.

3.2.6. Payment and Billing Information

If, now or in the future, you purchase Paid Services directly from Twinby (not through an App Store Provider), we may collect:

payment method details (e.g., limited card details as allowed by PCI-DSS, or tokens from payment processors);
billing address and country;
transaction metadata (date, time, amount, product/plan, currency).

If your purchase is made through an App Store Provider (Apple, Google, etc.), that provider will collect and process your payment information under its own terms; Twinby typically receives only limited data (e.g., transaction ID, product purchased, country, and basic status information).

3.3. Information We Collect Automatically When You Use the Services

3.3.1. Usage and Log Information

When you access or use the Services, we automatically collect certain usage information, such as:

log data
dates and times of access;
pages/screens viewed;
features used (e.g., swipes, likes, matches, messages, profile edits);
in-app actions (e.g., opening notifications, updating settings);
app events and technical logs
app crashes and diagnostics;
performance metrics;
error codes and debugging information.

We use this information to operate, secure and improve the Services, troubleshoot problems and understand how users interact with Twinby.

3.3.2. Device and Technical Information

We may collect information about the device and software you use, such as:

device identifiers
device ID, advertising ID (e.g., IDFA / GAID where permitted);
other identifiers that may be generated by the app or OS;
device characteristics
device type (phone, tablet);
operating system and version;
app version;
language and region settings;
network and connection data
IP address;
mobile network provider, connection type (Wi-Fi, mobile);
approximate location inferred from network or IP (see Section 3.3.3 and 3.5.2).

This information is used for security, fraud prevention, compatibility, analytics and, where applicable, advertising/measurement (for details of cookies/SDKs see Section 3.3.4 and the Cookie Policy).

3.3.3. Location-related Information

Depending on your device settings and permissions, we may collect:

approximate location
inferred from your IP address or general network information;
precise location (only with your explicit device permission)
GPS-based or similar precise location data from your device’s location services.

We use location-related information to:

show you Users and content near you;
display distances or regional information;
support safety, abuse detection and fraud prevention;
comply with legal or regulatory requirements (for example, compliance with restrictions in certain jurisdictions).

You can control the App’s access to precise location through your device settings. If you disable location services, certain features may be limited or unavailable.

3.3.4. Cookies, SDKs and Similar Technologies

When you visit twinby.com or use the App, we and our partners may use:

cookies (including HTTP cookies);
software development kits (SDKs) integrated into the App;
pixels, tags, local storage;
other similar technologies.

These technologies may collect information such as:

usage and event data (pages, buttons, actions);
device and browser information;
identifiers (e.g., cookie IDs, advertising IDs, app instance IDs);
referrer URLs and campaign parameters.

We use these technologies for purposes including:

authentication and security;
remembering your settings and preferences;
analytics and measurement of how the Services are used;
fraud and abuse detection;
where applicable and permitted by law, advertising and marketing measurement.

Details of our use of cookies and similar technologies, and your options to manage them (including consent where required), are set out in our Cookie Policy.

3.4. Information We Receive from Other Users and Third Parties

3.4.1. Other Users

We may receive information about you from other users of the Services, for example:

reports and complaints (e.g., harassment, scams, safety concerns);
information provided in messages or content that other users share with you;
feedback or ratings, if such features are introduced.

We process this information to maintain safety, enforce our Terms and Community Guidelines, and respond to reports and disputes.

3.4.2. App Store Providers and Payment Partners

From App Store Providers and payment processors, we may receive:

limited transaction information (e.g., product purchased, date, country, price, currency, transaction ID, basic status);
technical information about installation, updates or failures related to the App;
basic information that allows us to link a purchase to your Account (e.g., an anonymous or pseudonymous identifier).

We do not receive your full payment card details from App Store Providers.

3.4.3. Analytics, Advertising and Measurement Partners

Where permitted by law and by your settings, we may receive aggregated or pseudonymous data from analytics or advertising partners, such as:

information about how users found our Services (e.g., campaign tags, attribution data);
performance metrics for advertising campaigns or referrals;
aggregated audience and interest categories.

This helps us understand how users discover and use the Services and how effective our marketing is. More details are provided in the Cookie Policy and any applicable state-specific privacy notices (e.g., “Your Privacy Choices”).

3.4.4. Safety, Fraud Prevention and Law-Enforcement Sources

To maintain safety and comply with legal obligations, we may receive information from:

service providers that assist with fraud prevention, abuse detection and identity verification;
public or commercial databases (e.g., sanctions lists, watchlists), where permitted by law;
law-enforcement authorities, regulators or courts, when they lawfully provide information to us.

We use this information to assess risk, detect High-Risk Categories (as defined in our Terms of Use), prevent or respond to suspected fraud, abuse, illegal activity or security incidents, and comply with legal requirements.

3.4.5. Social Media and Integration Partners

If, now or in the future, we introduce optional integrations with social networks or other platforms and you choose to connect them, we may receive information from those third parties in accordance with their privacy policies and your settings, such as:

basic profile information;
lists of friends or connections (if you consent);
content you choose to import or share.

You can always choose not to connect such integrations; they are optional.

3.5. Sensitive and Special Categories of Personal Data

3.5.1. Sexual Life, Orientation and Relationship Information

Because Twinby is a dating and social discovery Service, some information you choose to provide or display may relate to your:

sexual orientation;
preferences regarding the gender(s) of people you wish to match with;
dating intentions or relationship goals;
lifestyle preferences or boundaries you choose to indicate.

This information can be considered “sensitive” or “special category” data under certain laws. You are not required to provide such information, but if you do, we will process it:

to operate core dating functionality (matching, discovery, communications);
to personalize your experience (e.g., who you see and who can see you);
to enforce our Terms and protect safety (for example, in connection with High-Risk Categories);
in accordance with applicable law and, where required, based on your consent.

3.5.2. Location and Geolocation Data

Precise location data (GPS or similar) can also be considered sensitive. We collect and use precise location only:

when you explicitly grant the App permission to access device location; and
for purposes described in this Policy and the Terms of Use (e.g., nearby matches, safety, fraud prevention).

You can revoke location permission at any time via device settings. If you do so, some location-based features may not be available.

3.5.3. Consumer Health and Well-Being Information

In some cases, users may share information related to their emotional well-being, mental health, or aspects of sexual health (e.g., preferences regarding safer sex, STI status, or certain boundaries) in profiles or messages. Depending on applicable law, such information may be considered:

“consumer health data” (for example, under certain U.S. state laws); or
a special category of personal data.

We do not require you to disclose such information to use the Services. If you choose to do so, it is processed in line with this Policy, and, where applicable, with our Consumer Health Data Privacy Policy and any specific consent requirements.

3.5.4. Government IDs and Identity Verification Data

For safety, fraud prevention and compliance reasons (for example, when investigating reports or verifying that users meet age requirements), we may, in specific cases:

request that you provide a copy of a government-issued identity document or other identification information;
ask you to submit a selfie or a short video to compare with your profile photo or ID.

Where we use such data, we typically process:

the image(s) you submit;
basic document data (e.g., name, date of birth, document type, country);
verification results (e.g., match/no match, document validity flags).

We do not use such images or verification data for general facial recognition across the Service, beyond what is necessary to verify your identity and enforce our rules, unless expressly stated and permitted by law.

3.5.5. Handling of Sensitive Data

Where laws require specific bases or additional safeguards for processing sensitive data, we will:

only process such data when necessary and proportionate for clearly defined purposes;
rely on the appropriate legal bases (e.g., your explicit consent, provision of the Service you request, safety or compliance with legal obligations);
apply additional technical and organizational measures to protect such data;
offer choices or withdrawal options where required.

3.6. Inferences and Derived Data

3.6.1. Based on the information described above, we may create derived data or inferences, such as:

approximate user segments or categories (e.g., active / inactive users; frequent travelers; high-risk for fraud);
internal safety and trust indicators (e.g., risk scores for spam, scams or High-Risk Categories, based on patterns of behavior, reports and technical signals);
personalization and relevance metrics (e.g., which profiles to show you more often based on your swipes and interactions).

3.6.2. These inferences are used to:

operate and improve matching and discovery;
protect safety and combat fraud, spam and abuse;
customize parts of your experience (where permitted by law);
comply with legal and regulatory requirements.

3.6.3. We do not use profiling or automated decision-making in a way that produces legal or similarly significant effects on you without ensuring that such processing is carried out in accordance with applicable law (including any required notices, safeguards and rights). Where such processing exists and is regulated, we will describe it in the relevant jurisdiction-specific sections of this Policy.

4. HOW WE USE YOUR INFORMATION

4.1. Overview

4.1.1. We use the information described in Section 3 to operate, secure and improve the Services, to enable core dating functionality, to protect users and Twinby from harm and fraud, and to comply with legal and regulatory requirements.

4.1.2. Depending on your location, applicable law may require us to identify the legal bases on which we process your personal data. Where such laws apply (for example, in the EEA, UK or similar jurisdictions), we generally rely on one or more of the following legal bases:

performance of a contract with you (including taking steps at your request before entering into a contract);
our legitimate interests (for example, operating and improving the Services, preventing abuse and fraud);
your consent (for example, to certain types of cookies, marketing communications, or processing of sensitive data where required by law);
compliance with legal obligations (for example, responding to lawful requests from authorities, enforcing rights);
protection of vital interests of you or another person (for example, where there is a serious and immediate risk of harm).

4.1.3. In the subsections below we describe the main purposes for which we use your information and, where relevant, the corresponding legal bases under data protection laws that require them. For users in jurisdictions where such detail is not mandatory, this section still explains how and why we process your information.

4.2. Providing and Operating the Services

4.2.1. We use your information to provide the core functionality of the Services, including to:

create and manage your Account;
authenticate you when you log in;
create, display and update your profile;
show you other Users’ profiles and show your profile to other Users;
process your likes, passes, matches and other in-app actions;
deliver and display messages and other communications between you and other Users;
provide you with Paid Services, Subscriptions and Virtual Items (e.g., boosts, visibility features);
maintain technical functionality, including app performance, availability and compatibility.

4.2.2. Categories of data used:

Account and profile data;
photos, videos and other profile content;
messages and user interactions;
device and technical information;
payment and transaction data;
location-related information.

4.2.3. Legal bases:

performance of Terms of Use – to provide requested services and features;
legitimate interests – to operate an effective, secure and user-friendly platform;
consent – where required for specific features (e.g., precise location, certain sensitive data).

4.3. Safety, Security, Abuse and Enforcement

4.3.1. Safety is a core element of the Services. We use your information to:

prevent, detect and investigate fraud, scams and other deceptive practices (including romance and financial scams);
identify and address behavior and content related to High-Risk Categories and other violations of our Terms, Community Guidelines and policies;
review and act on reports and complaints from Users and third parties;
monitor, detect and prevent spam, bots, automation and scraping;
protect the safety, rights, property and security of Users, Twinby, our staff and third parties;
detect and respond to security incidents, including unauthorized access attempts, Account takeover, and technical attacks on our infrastructure;
enforce our Terms of Use, Community Guidelines and other policies.

4.3.2. For these purposes we may use:

information you provide (profile data, content, messages, reports);
information from other Users and third parties (including reports and complaints);
technical and usage data (logs, device identifiers, IP addresses, cookies/SDK data);
inferences and internal risk scores derived from your behavior, reports and technical signals;
information from safety, fraud-prevention and verification partners (where applicable).

4.3.3. This may include:

automated and manual review of content and behavior;
temporary or permanent Enforcement Actions (see Terms of Use Section 11);
enhanced verification steps (e.g., ID checks, selfies) in cases of suspected abuse or high risk.

4.3.4. Legal bases (where applicable):

legitimate interests – maintaining the safety and integrity of the Services, preventing fraud and abuse, protecting rights and safety;
compliance with legal obligations – for example, responding to lawful requests or implementing required safety measures;
protection of vital interests – in cases of serious and immediate risk of harm.

4.4. Communications with You

4.4.1. We use your information to communicate with you about the Services, including to:

send transactional and service messages (e.g., verification codes, security alerts, notices about matches or messages, subscription status);
inform you about changes to our Terms of Use, this Policy or other policies;
respond to your inquiries, support requests, complaints and exercise of privacy or consumer rights;
send reminders or notifications related to your Account, activity, or settings.

4.4.2. Depending on your settings and applicable law, we may also send you:

product and relationship communications (e.g., suggestions to complete your profile, feature tips, safety notices);
marketing and promotional communications about Twinby (e.g., new features, offers, campaigns).

4.4.3. You can manage certain communication preferences (for example, marketing emails or push notifications) through the mechanisms described in Section 10.5 of the Terms and in this Policy. Some service communications (e.g., security alerts, key legal notices) are required for the operation of the Services and cannot be fully opted out of while you maintain an Account.

4.4.4. Legal bases:

performance of a contract – providing service and transactional communications;
legitimate interests – ensuring you receive relevant and useful information about your Account and safety;
consent – where required for marketing or certain electronic communications.

4.5. Personalization, Matching and Recommendations

4.5.1. We use your information to personalize your experience on Twinby, for example to:

suggest profiles that may be more relevant to you based on your preferences, location and in-app behavior;
determine where and how often your profile is shown to other Users;
adapt content, tips and onboarding flows to make them more relevant to you;
tailor certain aspects of the interface or features depending on your usage patterns.

4.5.2. For these purposes, we may use:

profile data (including interests, prompts, photos);
dating preferences (e.g., age range, gender, distance);
location-related information;
usage and interaction data (e.g., likes, passes, messages, time in app, responses to prompts);
derived data and inferences (e.g., segments indicating preferred interaction patterns).

4.5.3. We do not guarantee any particular outcome or number of matches. Personalization is intended to improve relevance and efficiency but does not constitute a guarantee of any specific result (see Terms of Use Sections 4.7 and 12.3).

4.5.4. Legal bases:

performance of a contract – to provide core matching and discovery functionality of a dating service;
legitimate interests – to improve relevance, user satisfaction and efficiency of the platform;
consent – where required for certain types of profiling or personalization.

4.6. Analytics, Service Improvement and Product Development

4.6.1. We use information about how you and others use the Services to:

measure and analyze performance of features and overall service usage;
understand how Users interact with profiles, messages, matches and different product flows;
identify areas where the App or website can be improved, simplified or made more secure;
test new features, interface changes, algorithms or safety tools (including A/B tests and experiments);
generate aggregated statistics (e.g., total number of active users in a region, popular features).

4.6.2. For these purposes, we rely on:

usage and log data;
device and technical data;
location-related data (often in aggregated or generalized form);
survey and feedback responses (where provided);
cookies, SDKs and similar technologies (see Cookie Policy).

4.6.3. Wherever reasonably possible, we use aggregated or de-identified data for analytics and product improvement.

4.6.4. Legal bases:

legitimate interests – to understand and improve how the Services are used, ensure quality, and develop new features;
consent – where required for the use of certain cookies, SDKs or analytics tools.

4.7. Advertising, Marketing and Measurement

4.7.1. Twinby may use certain information for marketing and advertising purposes, including to:

promote Twinby and our features to existing users (e.g., in-app promotions, emails, push notifications, allowed under applicable law);
measure and understand the effectiveness of marketing campaigns (e.g., which ads or campaigns led to installations or sign-ups);
build basic audiences or segments for advertising where permitted by law (for example, to show Twinby ads to adults interested in dating apps, without using sensitive categories contrary to law or platform policies).

4.7.2. For these purposes we may use, in compliance with applicable law:

limited identifiers (e.g., advertising IDs, cookie IDs, app instance IDs);
installation and event data (e.g., app opens, registrations, subscription conversions);
campaign parameters and attribution data (e.g., which ad or campaign was associated with an installation);
approximate location and device type.

4.7.3. For how we handle any “sale” or “sharing” of personal data under U.S. state privacy laws (including additional disclosures and opt-out choices), see Sections 5.1 and 12.

4.7.4. Legal bases:

legitimate interests – to promote and grow our business and understand marketing effectiveness;
consent – where required for targeted advertising, certain cookies/SDKs or sharing with advertising partners;
compliance with state privacy laws – for opt-out preferences where applicable.

4.8. Compliance with Legal Obligations and Protection of Rights

4.8.1. We use your information to comply with legal, regulatory and judicial obligations, including to:

respond to lawful requests, court orders, subpoenas or other legal processes;
comply with applicable consumer, privacy, safety and electronic communications laws;
maintain records required under applicable law;
cooperate with law enforcement or other authorities where we believe, in good faith, that such cooperation is legally required or reasonably necessary to protect rights, safety or property.

4.8.2. We may also process information to:

establish, exercise or defend legal claims;
enforce our Terms of Use, Community Guidelines and other agreements;
prevent, investigate or respond to allegations of illegal activity, violations of our policies, or disputes with Users or third parties.

4.8.3. Legal bases:

compliance with legal obligations;
legitimate interests – to protect our rights, our Users and third parties, and to handle disputes and claims;
protection of vital interests – in urgent cases involving risk of serious harm.

4.9. Aggregated, De-identified or Anonymized Data

4.9.1. We may create aggregated, de-identified or otherwise anonymized data derived from your information and from other users’ information. For example, we may aggregate usage data to publish general statistics (e.g., number of users in a city, average app usage time) without identifying you.

4.9.2. We may use and disclose such aggregated or de-identified data for any lawful purpose, including for:

analytics and research;
service improvement;
business reporting;
public information about general usage trends.

4.9.3. Where we de-identify data, we will not attempt to re-identify individuals from such data, except as permitted or required by law (for example, to test or demonstrate the effectiveness of de-identification processes).

4.10. Automated Decision-Making and Profiling

4.10.1. The Services use forms of profiling and automated decision-making, primarily to:

recommend which profiles you see and in what order;
decide which Users see your profile;
help detect fraud, spam and abuse;
support safety measures related to High-Risk Categories.

4.10.2. These automated processes are used to:

provide the core functionality of a dating/matching service;
protect the safety and integrity of the platform;
increase relevance and efficiency of matches and recommendations.

4.10.3. We do not use automated decision-making to produce legal or similarly significant effects about you, without ensuring that such processing is carried out in accordance with applicable law (including any required safeguards and rights). Where local law grants you specific rights in relation to automated decision-making (e.g., to obtain human review), those rights are described in the jurisdiction-specific sections of this Policy.

5. HOW WE SHARE YOUR INFORMATION

5.1. Overview

5.1.1. We do not sell your personal data in the ordinary sense of the word (for example, we do not sell lists of users with names and phone numbers for money).

5.1.2. We do share information with selected third parties in order to operate the Services, enable core functionality (such as showing your profile to others), improve safety and comply with the law.

5.1.3. In some jurisdictions (for example, certain U.S. states), the legal definitions of “sale” or “sharing” of personal information are broad and may treat certain analytics or advertising uses as a “sale” or “sharing”. Where such laws apply, we will provide additional disclosures and choices (for example, “Your Privacy Choices” links or opt-out mechanisms), as required by those laws.

5.1.4. When we share personal data, we do so:

only for the purposes described in this Policy and our Terms of Use;
with entities that are subject to appropriate confidentiality and data protection obligations;
where required, on the basis of data processing agreements or similar contracts.

5.2. With Other Users of the Services

5.2.1. Profile and discovery. The core purpose of Twinby is to show your profile to other users and to show you other users’ profiles. When you use the Services, the following information may be visible to other users, depending on your settings, your use of features, and our product design:

profile information (such as name or nickname, age, gender, preferences, description/“about me”, interests, prompts, photos and videos);
approximate location or distance (e.g., “5 km away”), where location features are enabled;
dating preferences (for example, age range, gender preferences) where these are displayed in the interface;
activity indicators (for example, “online”, “recently active”), where such features are enabled;
other information you choose to include in your profile or to share in the Services.

5.2.2. Matches and messages. When you like or interact with another user, we show that interaction to them as part of the matching and messaging experience. If you exchange messages with another user, the content of those messages is visible to that other user (and, in some cases, to us and our providers for safety and moderation purposes).

5.2.3. Shared content. Any content that you intentionally post or share in a way that is visible to others (for example, photos in your profile, text prompts, emojis, reactions) can be seen, copied, saved or re-shared by them. We cannot control what other users do with content they have received.

5.2.4. Public or semi-public features. In the future, the Services may offer features that are more public or semi-public (for example, visibility in certain lists, events, or discovery formats). If you choose to use such features, additional information may be visible to a wider audience within the Services, as described at the point of use.

5.3. Within the Twinby Group and Affiliates

5.3.1. We may share your information within the Twinby corporate group, which currently includes (at a minimum) Twinby Inc. and Twinby Global Limited, and may include future subsidiaries, parent companies or affiliates.

5.3.2. Such intra-group sharing is done for purposes including:

providing, maintaining and supporting the Services;
centralized hosting, infrastructure, security and anti-fraud operations;
internal reporting, analytics and product development;
legal, compliance and audit functions.

5.3.3. Where required by law, intra-group transfers will be subject to appropriate safeguards for international transfers (see the section on international data transfers below).

5.4. Service Providers and Processors

5.4.1. We engage third-party companies and individuals to perform functions on our behalf (“Service Providers”). These Service Providers may access your information only as necessary to perform their functions and are contractually obligated to handle personal data in line with this Policy and applicable law.

5.4.2. Categories of Service Providers may include:

Hosting and infrastructure providers (cloud hosting, data centers, content delivery networks);
App analytics and performance tools (measuring usage, crash diagnostics, performance metrics);
Customer support tools (ticketing systems, email management, in-app support);
Communication providers (SMS gateways, push notification services, email delivery);
Identity verification and safety providers (where used, for selfies, ID checks, fraud/risk scoring);
Payment and subscription management providers (where Twinby processes payments directly, rather than through App Stores);
Marketing and attribution tools (measuring installation sources and campaign performance, where applicable);
Storage and media processing providers (for photos, videos and other files uploaded to the Services);
Security and anti-abuse tools (DDoS protection, bot detection, fraud and spam prevention).

5.4.3. These Service Providers process data on our instructions and are not allowed to use your personal data for their own unrelated purposes.

5.5. App Store Providers and External Payment Platforms

5.5.1. When you download the App or make in-app purchases, certain data is shared directly between you and the relevant App Store Provider (e.g., Apple App Store, Google Play). This may include:

payment information;
purchase history;
device identifiers and system information.

5.5.2. We receive limited information from App Store Providers to enable us to:

verify that a purchase or subscription has been made;
provide the corresponding Paid Service or Virtual Item;
handle support requests related to subscriptions and purchases.

5.5.3. App Store Providers act as independent controllers of the data they collect. Their processing of your data is governed by their own privacy policies and terms, not by this Policy.

5.5.4. If we enable direct payments in the future (for example, via card payments or other external payment services), those payment processors will receive the information necessary to process your transaction (e.g., card details, billing address) and will process it according to their own privacy policies and applicable law.

5.6. Third-Party Sign-In and Integrations

5.6.1. If you choose to sign up or log in through a third-party Account (for example, Apple ID, Google), we may receive identifiers and limited profile information (such as a verified email address) from that provider, as allowed by their settings and your choices.

5.6.2. In such cases:

the third-party provider may know that you have created or accessed a Twinby Account;
the provider’s use of your data is governed by its own privacy policy;
we use the received data only for authentication, Account linking, fraud prevention and related purposes.

5.6.3. If the Services include other integrations (for example, links to external content or safety resources), any data you provide directly to those third parties is governed by their privacy policies, not by this Policy.

5.7. Advertising, Attribution and Measurement Partners

5.7.1. Where permitted by law and platform policies, we may share limited information with advertising, attribution and measurement partners to:

understand which marketing campaigns lead to installations, registrations or subscriptions;
measure and optimize the effectiveness of our advertising;
avoid showing you Twinby ads again after you have already installed the App (where technically possible).

5.7.2. The categories of data shared for these purposes may include:

advertising identifiers (e.g., IDFA, GAID), app instance IDs, cookies or similar identifiers;
events such as app installations, opens, registrations, subscriptions or purchases;
approximate location and device information;
campaign and channel information (for example, which ad or link you interacted with).

5.7.3. We do not provide your name, message content or detailed profile information to advertising partners for their own independent targeting of third-party ads, unless we clearly explain this and obtain required consents.

5.7.4. In jurisdictions where laws treat certain analytics or advertising as “sale” or “sharing” of personal information, we will provide appropriate notices and mechanisms to opt out or limit such activity, as required by those laws.

5.8. Safety, Protection of Rights and Legal Compliance

5.8.1. We may disclose information about you if we reasonably believe that such disclosure is necessary to:

comply with any applicable law, regulation, legal process or governmental request;
protect the safety, rights, property or security of you, other users, Twinby, our staff or the public;
investigate, prevent or respond to suspected or actual unlawful activity, fraud, abuse, High-Risk Categories or security incidents;
enforce our Terms of Use, Community Guidelines or other agreements;
handle and resolve disputes, claims or complaints.

5.8.2. This may include sharing information with:

law enforcement authorities or regulatory bodies (where legally permitted or required);
courts, lawyers and external advisors (for example, in the context of litigation or legal advice);
third parties who report misuse, infringement or unlawful content, to the extent necessary to address their complaint and comply with law.

5.8.3. Where we receive a request from authorities for user information, we will assess it in accordance with applicable law and our internal policies. We may challenge or narrow requests that we consider overly broad or not properly grounded in law, where we are permitted to do so.

5.9. Business Transfers

5.9.1. We may share your information with third parties in connection with a corporate transaction or reorganization involving Twinby, including:

a merger, acquisition or sale of all or part of our business or assets;
a corporate restructuring, financing or reorganization;
insolvency, bankruptcy or receivership proceedings.

5.9.2. In such cases, your information may be transferred as part of the transaction, subject to confidentiality obligations and, where required by law, subject to notifying you and providing appropriate choices.

5.9.3. Any successor entity will be required to handle your personal data in accordance with this Policy (or a policy that, at minimum, offers comparable protections), unless and until you are informed otherwise.

5.10. With Your Consent or at Your Direction

5.10.1. We may share your information with third parties when you ask us to, or where you have clearly consented to such sharing. Examples include:

when you choose to share a Twinby profile or content externally (for example, via a share link, screenshot or social media integration);
when you participate in a promotion, survey, research initiative or event that involves third-party sponsors or partners, and you are informed that data sharing will occur;
when you explicitly request us to contact or work with another service provider on your behalf.

5.10.2. In these cases, we will generally explain at the time what information will be shared and with whom, and will rely on your consent or explicit direction as the legal basis for the sharing.

5.11. Aggregated or De-Identified Information

5.11.1. As described in Section 4.9, we may also share aggregated, de-identified or otherwise anonymized information with:

service providers and partners for analytics, research and product improvement;
current or potential business partners, investors and other stakeholders;
the public, for example, in the form of statistics or reports about how the Services are used.

6. HOW LONG WE KEEP YOUR INFORMATION

6.1. General principle

6.1.1. We keep your information only for as long as it is reasonably necessary for the purposes described in this Policy or as required by applicable law, regulation, legal process or law enforcement requests.

6.1.2. When deciding how long to keep information, we consider, among other things:

(a) the type of information and the sensitivity of the data;

(b) the purpose for which the information was collected and whether that purpose is still relevant;

(d) security, fraud prevention and abuse detection needs;

(e) the existence of actual or potential disputes, complaints, investigations or claims.

6.2. Main retention scenarios (high-level overview)

Subject to the principles in Section 6.1 and any longer periods required or permitted by law, we generally apply the following approach:

6.2.1. Account and profile data

(a) Basic Account information (such as email, phone number, username, date of birth, Account settings and profile fields) is kept for as long as you maintain an active Account.

(b) If you delete your Account, we will either delete or irreversibly de-identify most associated profile data within a reasonable period, subject to Sections 6.3-6.6.

6.2.2. User Content and interactions

(a) Content you share (photos, videos, prompts, likes, matches, messages and other interactions) is generally kept for as long as it is needed to operate the Services (for example, to show your profile, your chats and your matches), to maintain a consistent user experience and to support safety features (such as reporting, blocking and investigations).

(b) Where content is reported, flagged by our systems, or associated with a violation of our Terms or Community Guidelines (including High-Risk Categories), we may retain relevant copies for a longer period as evidence and for safety, fraud prevention, abuse detection and legal purposes.

6.2.3. Usage, device and technical logs

(a) Technical logs (such as IP addresses, device identifiers, login and security events, crash logs and in-app event logs) are retained for time-limited periods that we define in our internal retention schedules, in order to support security, troubleshooting, analytics and abuse detection.

(b) Aggregated or anonymized analytics data (that can no longer reasonably be linked to an identified or identifiable person) may be kept for longer periods to help us understand and improve the Services.

6.2.4. Payment and transaction data

(a) Records related to purchases, subscriptions and payments (including timestamps, amounts, payment method identifiers and related metadata) are retained for periods required by applicable tax, accounting, anti-fraud and financial-recordkeeping laws.

(b) Where permitted, we may keep limited transaction-level data for longer in order to prevent fraud, enforce our Terms and respond to disputes or chargebacks.

6.2.5. Communications with us

(a) If you contact support or our legal team, we may keep copies of your communications (including emails, support tickets and attachments) for a period necessary to handle your request, monitor service quality and, where relevant, to establish, exercise or defend legal claims.

(b) Where the communication relates to safety incidents, High-Risk Categories, potential legal claims or regulatory matters, we may retain relevant records for longer in line with Section 6.4.

6.3. Criteria we use to set retention periods

When setting and reviewing our internal retention schedules, we typically consider:

(a) whether the data is necessary to keep your Account active and functional;

(b) whether the data is needed to maintain the integrity and security of the Services (including prevention of spam, fraud, scams, harassment and other abuse);

(d) sector-specific guidance or regulatory expectations for online dating and social services, where applicable;

(e) reasonable expectations of users regarding how long different types of information are kept.

6.4. Retention for legal, safety and enforcement purposes

6.4.1. Even after you delete your Account or specific content, we may retain certain information where we reasonably believe it is necessary to:

(a) comply with legal, regulatory, tax, accounting or reporting obligations;

(b) respond to lawful requests from courts, regulators or law enforcement (including preservation requests);

(d) investigate, detect, prevent or address fraud, abuse, High-Risk Categories, security incidents or other harm;

(e) establish, exercise or defend legal claims.

6.4.2. In such cases, we will restrict access to the retained information to those who need it for the purposes above and will delete or de-identify it once it is no longer required.

6.5. Backups and system copies

6.5.1. Information you provide may appear in encrypted backups and system logs that we maintain for business continuity, disaster recovery and security purposes.

6.5.2. These backups are kept only for limited retention windows defined in our internal policies and are automatically overwritten on a rolling basis. We do not use backup data for active profiling or product decisions except where needed to restore systems after an incident or as required by law.

6.6. Account deletion and de-identification

6.6.1. When you delete your Account, we will take reasonable steps to:

(a) remove your profile from being visible to other users in the ordinary operation of the Services; and

(b) delete or irreversibly de-identify personal data that is no longer needed for the purposes described in this Policy.

6.6.2. De-identification or anonymization means that we remove or modify identifiers so that the information can no longer reasonably be linked to you as an identified or identifiable individual, taking into account available technology and the context of processing.

6.6.3. Where we rely on de-identified or anonymized data (for example, for statistics or product analytics), we will not attempt to re-identify you from that data, except as permitted by law and only where strictly necessary for security or compliance purposes.

6.7. Children’s data

6.7.1. Because the Services are not intended for individuals under 18 and we do not knowingly collect data from children (see Section 2), we do not maintain separate retention schedules for children’s data.

6.7.2. If we become aware that we have collected personal data from someone we reasonably believe to be under 18, we will take appropriate steps to delete that data as soon as reasonably practicable, subject to any limited retention needed to comply with legal obligations or to support safety investigations (for example, where the data is relevant to reporting child sexual abuse material or exploitation).

6.8. Updates to retention practices

6.8.1. We may update our internal retention schedules and the examples in this Section 6 from time to time (for example, if laws change, we introduce new features or we adjust how long we need data for security and fraud-prevention purposes).

6.8.2. Where such changes materially affect how long we keep your personal data, we will reflect this in an updated version of this Policy and, where required by law, inform you through the Services or other appropriate channels.

7. INTERNATIONAL DATA TRANSFERS

7.1. General principle

7.1.1. Twinby operates globally. This means your personal data may be processed in countries other than the country where you live, including the United States, Hong Kong and other jurisdictions where we or our service providers are located.

7.1.2. Those countries may have different data protection laws from those in your country. Where we transfer personal data across borders, we do so in compliance with applicable data protection laws and with appropriate safeguards in place.

7.2. Where your data may be processed

7.2.1. Depending on how you use the Services and where you are located, your personal data may be processed in:

(a) the United States (for example, where Twinby Inc. and certain hosting or analytics providers are located);

(b) Hong Kong (for example, where Twinby Global Limited or certain support/operational functions are based);

(c) the European Union/European Economic Area (EU/EEA) or the United Kingdom, where we or some of our providers host or mirror certain services;

(d) other countries where our carefully selected service providers, support or security vendors operate.

7.2.2. We limit access to your personal data to those locations and entities that need it for the purposes described in this Policy (see Sections 3-5) and subject to appropriate contractual and security safeguards.

7.3. Transfers from the EU/EEA, United Kingdom and Switzerland

7.3.1. If you are located in the EU/EEA, the United Kingdom or Switzerland, and we transfer your personal data to countries that are not recognized by your jurisdiction as providing an “adequate” level of data protection, we will implement appropriate safeguards as required by applicable law, such as:

(a) using standard contractual clauses adopted or approved by the European Commission (EU SCCs) under Article 46 GDPR;

(b) using the UK’s International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs, where required under UK GDPR;

(c) relying on any applicable adequacy decision or similar mechanism adopted by the European Commission, the UK government or Swiss authorities, where available;

(d) applying additional technical and organizational measures (for example, encryption, strict access controls, data minimization) where needed to address specific risks identified in transfer impact assessments.

7.3.2. These safeguards are designed to ensure that your personal data remains protected to a standard substantially equivalent to that in the EU/EEA, the UK or Switzerland, as applicable.

7.3.3. In limited cases, and only where permitted by law, we may also rely on specific derogations for international transfers (for example, where the transfer is necessary for the performance of our contract with you, for the establishment, exercise or defense of legal claims, or where you have explicitly consented after being informed of the risks).

7.4. Transfers under other regional laws

7.4.1. In countries with their own cross-border transfer rules (for example, certain U.S. states, Brazil, other jurisdictions with comprehensive privacy laws), we will comply with the applicable requirements when transferring personal data abroad. This may include:

(a) providing you with additional notices about international transfers;

(b) entering into specific contractual arrangements with recipients;

7.5. Transfers to service providers and partners

7.5.1. As described in Section 5, we use third-party service providers and partners who may be located outside your country of residence. When we transfer personal data to those providers, we:

(a) limit the data to what is necessary for the services they perform;

(b) require them to process personal data only on our documented instructions and for the purposes described in this Policy;

(d) put in place, where required, valid cross-border transfer mechanisms (such as SCCs, UK IDTA/Addendum or equivalent).

7.6. Your rights in relation to international transfers

7.6.1. Where required by law (for example, under the GDPR or UK GDPR), you have the right to request more information about:

(a) the international transfers of your personal data that we carry out; and

(b) the appropriate safeguards we use to protect your personal data in connection with those transfers.

7.6.2. You may contact us using the details in Section 16 to request a copy of the key contractual safeguards (for example, standard contractual clauses) used for your data. We may redact parts of those documents where necessary to protect confidential information, business secrets or the privacy of others.

8. ACCOUNT DELETION

8.1. How you can delete your Account

8.1.1. You can delete your Account at any time using the in-app/Account settings (where this function is available) or by contacting us using the details in Section 16 of this Policy and clearly requesting Account deletion.

8.1.2. For security and verification purposes, we may ask you to complete certain steps (for example, log in or confirm your request from the email/phone number associated with your Account) before we process the deletion.

8.2. What happens when you delete your Account

8.2.1. Once we have processed your deletion request:

(a) your Account will be closed and you will no longer be able to log in or use it;

(b) your profile will no longer be shown to other users in the ordinary operation of the Services (for example, in recommendations, discovery, search or matching); and

(c) you will stop receiving in-app activity related to that Account (for example, new matches or messages), except for limited service or legal communications that may still be necessary (for example, confirmations or legal notices).

8.2.2. Content that you have already shared with other users (for example, messages, images and other communications in existing chats) may continue to be available to those users for a period of time, in order to preserve the integrity of their experience and our safety records, even after your Account has been deleted. Such content will no longer be associated with an active, discoverable profile.

8.3. Data deletion, retention and de-identification

8.3.1. After Account deletion, we will delete or irreversibly de-identify personal data that is no longer needed for the purposes described in this Policy, in line with our retention rules and Section 6 (How Long We Keep Your Information).

8.3.2. We may continue to retain certain limited information after Account deletion where we reasonably need it, for example to:

(a) comply with legal, regulatory, tax, accounting or reporting obligations;

(b) respond to lawful requests from courts or authorities;

(c) prevent, detect or address fraud, abuse, High-Risk Categories, security incidents or other violations of our Terms or Community Guidelines;

(d) establish, exercise or defend legal claims.

8.3.3. Where information is retained after Account deletion for these purposes, access to it is restricted to those persons and Service Providers who reasonably need it for the purposes above, and it will be deleted or de-identified once it is no longer required.

8.4. Deleting specific content without deleting your Account

8.4.1. In many cases you can remove specific content (for example, photos, profile fields or other User Content) without deleting your entire Account, by using the tools provided in the Services.

8.4.2. Removing specific content generally means that it will no longer be visible to other users in the ordinary operation of the Services, subject to technical limitations, caching and the retention rules described in Section 6 and this Section 8.

9. YOUR RIGHTS AND CHOICES

9.1. Overview

9.1.1. Depending on your place of residence and applicable law, you may have certain rights in relation to your personal data. These may include, for example, rights to:

(a) access your personal data;

(b) correct or update inaccurate data;

(d) restrict or object to certain processing;

(e) receive a copy of your data in a portable format;

(f) withdraw consent where processing is based on consent;

(g) opt out of certain uses of your data for targeted advertising or sale/sharing, where applicable.

9.1.2. This Section 9 explains:

(a) how you can exercise rights directly through the Services; and

(b) what additional statutory rights may be available to you under GDPR/UK GDPR and certain U.S. state laws or other local laws.

9.2. Managing your information in the Services

9.2.1. Profile and Account settings. You can usually access, edit and update key Account and profile information (such as photos, prompts, interests, bio, preferences) directly via the App or website.

9.2.2. Deleting content. You may remove certain User Content (for example, photos, profile fields) using the tools provided in the Services. Removed content will generally no longer be visible to other Users, subject to our retention rules (see Section 8) and technical limitations.

9.2.3. Account deletion. You can delete your Account via the in-app functionality or by contacting us (see Section 16). After deletion, we will handle your data as described in Section 8.

9.2.4. Location, notifications and device settings.

(a) You can manage permissions for location services, push notifications, contacts access and similar via your device operating system and/or App settings.

(b) If you disable location services, some features may not work or may be limited (for example, distance indicators or nearby profiles).

9.2.5. Marketing communications.

(a) You can opt out of marketing emails by using the “unsubscribe” link in those emails.

(b) You can manage certain marketing and notification preferences in the App (where available) or by contacting us.

(c) Even if you opt out of marketing, we may still send you service and transactional communications (for example, security alerts, legal notices, subscription information).

9.3. Rights under GDPR / UK GDPR and similar laws

This subsection applies to you if you are in the European Economic Area (EEA), Switzerland, the United Kingdom or another jurisdiction with similar data protection laws.

9.3.1. Controller. The “controller” of your personal data is the Twinby entity identified in Section 1 (Who We Are).

9.3.2. Your statutory rights. Subject to conditions and exceptions in applicable law, you may have the following rights:

(a) Right of access. To obtain confirmation whether we process your personal data and, if so, to receive a copy and certain information about the processing.

(b) Right to rectification. To request correction of inaccurate personal data and completion of incomplete data.

(c) Right to erasure (“right to be forgotten”). To request deletion of your personal data in certain circumstances, for example where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent and there is no other legal basis.

(d) Right to restriction of processing. To request that we limit processing of your data in certain cases (for example, while we verify accuracy or assess an objection).

(e) Right to object.

You may object at any time, on grounds relating to your particular situation, to processing based on our legitimate interests (including certain profiling).
You also have an absolute right to object to processing of your personal data for direct marketing, including profiling related to such marketing.

(f) Right to data portability. To receive certain personal data that you provided to us, in a structured, commonly used and machine-readable format, and to have it transmitted to another controller where technically feasible.

(g) Right to withdraw consent. Where processing is based on your consent, you may withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

9.3.3. How to exercise these rights.

(a) Many actions (access, correction, deletion of content, Account deletion) can be performed directly in the App or website.

(b) For other requests, you can contact us using the details in the Section 16. To help us respond, please clearly state:

which right you want to exercise;
what data or processing your request relates to;
your country of residence.

(c) We may need to verify your identity (for example, by asking you to log in or provide additional information) before acting on your request, to protect your data and other Users.

9.3.4. Response times and limitations.

(a) We aim to respond within the time limits set by applicable law (for example, generally one month, with possible extension for complex requests).

(b) Your rights are not absolute. We may decline or limit a request where:

we cannot reliably verify your identity;

the request is manifestly unfounded or excessive;

processing is necessary for compliance with legal obligations, for the establishment, exercise or defense of legal claims, or for certain legitimate interests that override your interests or rights, as permitted by law.

(c) Where we decline or limit a request, we will explain the main reasons, unless we are legally prevented from doing so.

9.3.5. Right to lodge a complaint.

If you believe that our processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with a supervisory authority, in particular in the EEA/UK country or Swiss canton where you live, work or where the alleged infringement took place. You may also contact us first; we will try to resolve any concerns.

9.4. Rights under certain U.S. state privacy laws

This subsection applies to you if you are a resident of a U.S. state with a comprehensive consumer privacy law in force that grants similar rights (for example, California, Colorado, Connecticut, Virginia and others), to the extent those laws apply to Twinby.

9.4.1. Categories of rights. Subject to statutory conditions and exceptions, you may have some or all of the following rights:

(a) Right to know/access. To request that we disclose:

the categories of personal information we collect, use, disclose and (where applicable) “sell” or “share”;
the categories of sources from which we collect it;
the purposes for which we use it;
the categories of third parties with whom we disclose it; and
in some cases, specific pieces of personal information we hold about you.

(b) Right to deletion. To request deletion of certain personal information we collected from you, subject to statutory exceptions (for example, where retention is required for security, fraud prevention, legal compliance or internal uses reasonably aligned with your expectations).

(d) Right to data portability. To request a copy of certain personal information in a portable format, where feasible.

(e) Right to opt out of “sale” or “sharing” and targeted advertising.

If we “sell” or “share” personal information (as defined by applicable state law) or use it for “targeted advertising” / “cross-context behavioral advertising”, you may have the right to opt out of such uses.

(f) Right to limit use of sensitive personal information. In some states, you may have the right to limit certain uses or disclosures of “sensitive” personal information, where applicable.

(g) Right to be free from discrimination. We will not unlawfully discriminate against you for exercising any privacy right granted by applicable law.

9.4.2. How to exercise state privacy rights.

(a) You may submit a request using the channels described in the Contact / Data Protection section, indicating that you are exercising a state privacy right and specifying your state of residence.

(b) Where required by law, we will provide at least one method for submitting requests (for example, an email address or web form).

(c) For opt-outs of “sale”, “sharing” or targeted advertising, we may additionally provide in-product controls or links labelled as “Do Not Sell or Share My Personal Information”, “Your Privacy Choices” or similar, where required.

9.4.3. Verification and authorized agents.

(a) We may need to verify your identity before acting on your request, which can include matching information you provide with information we already hold.

(b) If you use an authorized agent (where permitted by law), we may require proof that the agent is validly authorized and may still ask you to verify your identity directly with us.

9.4.4. Appealing a decision.

In some states, you may have the right to appeal our decision if we refuse or partially refuse your request. Where applicable, we will inform you of appeal options and deadlines in our response.

9.5. Other local rights and how to contact us

9.5.1. You may have additional rights under the laws of your country or state (for example, rights relating to consumer health data, electronic communications or specific sectoral regulations). Where these rights apply, we will respect them and provide mechanisms to exercise them, as required by law and described in this Policy or in separate notices.

9.5.2. All privacy-related requests, questions or complaints can be submitted using the contact details indicated in the Section 16. When contacting us, please provide enough information to identify your Account and your request so we can process it efficiently.

10. SECURITY OF YOUR DATA

10.1. No system is perfectly secure

10.1.1. We use reasonable technical and organizational measures to protect your personal data against unauthorized access, loss, misuse, alteration or destruction.

10.1.2. However, no online service, mobile application, database or transmission over the internet or other network can be guaranteed to be 100% secure.

10.1.3. By using the Services, you understand that there is always some level of risk that your data may be compromised despite our efforts.

10.2. Technical and organizational measures

Subject to the state of the art, implementation costs and the nature, scope, context and purposes of processing, we may use, among other things, the following categories of measures:

10.2.1. Access control and authentication

(a) logical access controls to limit access to personal data to authorized personnel only, based on role and need-to-know;

(b) authentication and authorization mechanisms for internal tools and systems;

10.2.2. Encryption and data segregation

(a) encryption of data in transit using industry-standard protocols (for example, HTTPS/TLS) when your data is transmitted between your device and our servers;

(b) separation of environments and data where appropriate (for example, testing vs production), to reduce the impact of potential incidents.

10.2.3. Infrastructure and network security

(a) use of reputable hosting and infrastructure providers with their own security controls;

(b) technical safeguards to reduce common attack vectors (for example, basic firewalls, network-level protections, restrictions on administrative access);

10.2.4. Application-level safeguards

(a) use of secure development practices and basic input validation to reduce common vulnerabilities where reasonably possible;

(b) limited logging and auditing of access to critical systems and administrative interfaces;

10.2.5. Organizational and procedural safeguards

(a) internal rules and guidance for staff on handling personal data and responding to security events;

(b) restricting access to personal data only to those personnel and service providers who need it for the purposes described in this Policy;

(c) regular review, on a reasonable basis, of key controls and configurations, especially after relevant incidents or material product changes.

10.3. What you should do to help protect your data

10.3.1. Security is partly dependent on how you use the Services. To help protect your data, you should:

(a) use strong, unique passwords for your Account and for the email address or phone number linked to it;

(b) keep your login credentials confidential and do not share them with anyone;

(d) install updates of your operating system and of our Services when they are made available, because updates may include important security fixes;

(e) be cautious when using public or shared devices or networks and log out when finished;

(f) be careful with links and files sent by other users and avoid sharing sensitive information (for example, passwords, codes, financial data, identity document images) in chats.

10.3.2. If you believe that your Account, your device or your credentials have been compromised, you should:

(a) change your password immediately; and

(b) contact us without undue delay using the details in Section 16.

10.4. Security incidents and our response

10.4.1. We maintain internal processes for detecting and assessing suspected security incidents involving personal data.

10.4.2. If we become aware of a security incident that has actually compromised personal data, we will:

(a) take steps to contain and investigate the incident;

(b) assess the risks to affected individuals; and

(c) take reasonable steps to mitigate adverse effects where possible (for example, forcing password resets where appropriate).

10.4.3. Where required by applicable law, we will notify:

(a) the competent supervisory or regulatory authority; and

(b) you, if the incident is likely to result in a high risk to your rights and freedoms,

as soon as reasonably practicable, taking into account the need to conduct an initial assessment and to avoid increasing the risk by premature disclosure.

10.5. Security and third-party service providers

10.5.1. Where we engage third-party service providers that process personal data on our behalf (for example, hosting providers, analytics providers, payment processors), we require them by contract to implement appropriate security measures consistent with applicable law and the nature of their services.

10.5.2. However, we do not control the detailed technical and organizational measures of each third party. Their own security practices are also described in their privacy notices and policies, which you can review on their websites.

10.6. Retention, minimization and security

10.6.1. As described in Section 6, we keep personal data only for as long as reasonably necessary for the purposes set out in this Policy, including legal, accounting and reporting requirements.

10.6.2. Limiting how long we keep data, and reducing the volume of data we store where possible, is part of our overall approach to data protection and security.

11. COOKIES AND SIMILAR TECHNOLOGIES

11.1. What we mean by “cookies and similar technologies”

11.1.1. When we refer to “cookies and similar technologies” in this Policy, we mean:

(a) browser cookies;

(b) mobile SDKs;

(d) local storage and similar technologies built into browsers and devices;

(e) device identifiers and advertising identifiers (for example, IDFA, GAID), where available.

11.2. Where we use these technologies

11.2.1. We may use cookies and similar technologies in connection with:

(a) the twinby.com website and any related websites we operate;

(b) the Twinby mobile application, via SDKs and device identifiers;

(c) emails, push notifications or in-app messages (for example, to understand whether a message has been opened or a link has been clicked).

11.3. Purposes for using cookies and similar technologies

We use cookies and similar technologies for the following categories of purposes:

11.3.1. Strictly necessary / essential

Used to provide core functionality of the Services, such as:

(a) keeping you logged in and maintaining your session;

(b) enabling security features and detecting misuse;

These technologies are essential for the Services to work. You cannot switch them off via our interfaces, but you may block them at browser/device level (which may break core functionality).

11.3.2. Functionality

Used to remember choices you make and improve your experience, for example:

(a) remembering certain settings or preferences;

(b) helping us show you relevant in-product tips or flows;

11.3.3. Performance and analytics

Used to understand how the Services are used and to improve them, for example:

(a) measuring which screens, features and flows are most or least used;

(b) detecting technical issues, crashes and performance problems;

11.3.4. Security and abuse prevention

Used to help protect Users and the platform, for example:

(a) detecting unusual login patterns and possible Account takeover;

(b) identifying automated behavior (bots, scraping);

11.3.5. Advertising and marketing (where applicable)

Where permitted by law and subject to your choices, we may use cookies and similar technologies to:

(a) measure the effectiveness of our own marketing campaigns (for example, whether an ad for Twinby led to an installation or registration);

(b) understand, in aggregate, which types of Users respond to certain campaigns;

11.4. First-party and third-party cookies / technologies

11.4.1. Some cookies and similar technologies are set or controlled directly by us (“first-party”).

11.4.2. Others are set or controlled by third parties (“third-party”), such as:

(a) analytics providers;

(b) security and fraud-prevention providers;

11.4.3. These third parties process data in accordance with their own privacy policies. We require them, by contract, to process data in a way that is consistent with applicable law and with the purposes described in this Policy.

11.5. Your choices and controls

11.5.1. Browser and device settings

In many cases, you can control cookies and similar technologies through your browser or device settings by:

(a) blocking cookies;

(b) deleting cookies;

If you block or delete cookies, some parts of the Services may not function correctly.

11.5.2. In-product controls (where available)

Where required by law (for example, in the European Economic Area, the United Kingdom or certain U.S. states), we may provide in-product controls, banners or preference centers that allow you to:

(a) give or withdraw consent for non-essential cookies and similar technologies;

(b) manage certain categories of cookies (for example, analytics, advertising).

11.5.3. “Do Not Track” and similar signals

At this time, we do not respond to all “Do Not Track” (DNT) signals or similar mechanisms from browsers, because there is no widely accepted industry standard for how to interpret them.

Where applicable laws require us to honor specific browser or platform signals (for example, certain “opt-out preference” signals in some U.S. states), we will follow those legal requirements and will update our practices as standards evolve.

11.5.4. Opt-out of interest-based advertising

11.5.4.1. Where we participate in interest-based advertising or cross-context behavioral advertising, you may have the right to opt out of “sale” or “sharing” of personal information or targeted advertising under certain laws (for example, California, Colorado). These rights are described in Section 12 and may be exercised through:

(a) in-product privacy settings or “Your Privacy Choices / Do Not Sell or Share” links, where available; and/or

(b) browser- or device-level preference signals that applicable law requires us to honor.

11.5.4.2. Opting out does not mean you will see no ads at all; it means that ads may be less tailored using certain types of data or partners.

11.6. Cookie Policy

11.6.1. We may maintain a separate Cookie Policy or cookie table that:

(a) lists main types or categories of cookies and similar technologies we use;

(b) explains their purposes and typical lifetimes;

11.6.2. Where such a Cookie Policy is available, it is incorporated by reference into this Privacy Policy. In case of inconsistencies, the more specific or recently updated explanation in the Cookie Policy will usually prevail for cookie-related details, while this Privacy Policy governs overall data protection practices.

12. ADDITIONAL PRIVACY RIGHTS FOR RESIDENTS OF CERTAIN U.S. STATES AND CONSUMER HEALTH DATA

12.1. Scope of this section

12.1.1. This section applies to you if you are a resident of a U.S. state that has a comprehensive consumer privacy law in force which applies to Twinby (for example, California, Colorado, Connecticut, Virginia and other similar laws as they come into effect).

12.1.2. It supplements the information in Sections 3-11 and in particular Section 9 (Your Rights and Choices). If there is any conflict between this Section 12 and the rest of this Policy for residents of these states, this Section 12 will prevail to the extent required by applicable state law.

12.2. California residents (CCPA / CPRA)

12.2.1. Categories of personal information we collect

For purposes of the California Consumer Privacy Act (as amended by the California Privacy Rights Act) (together, “CCPA”), in the last 12 months we have collected the following categories of “personal information” about California residents, as those terms are defined in the CCPA:

Identifiers (e.g., email address, username, device identifiers, advertising IDs, IP address).
Customer records information (e.g., Account registration details, limited billing information where applicable).
Characteristics of protected classifications under California or federal law, only to the extent you choose to disclose them in your profile or content (e.g., gender, sexual orientation).
Internet or other electronic network activity information (e.g., usage data, log data, app and website interactions, crash and performance data, cookies/SDK data).
Geolocation data (approximate location; precise location only where you grant device permission).
Audio, electronic or visual information (e.g., photos, videos, voice messages you upload; support recordings where applicable).
Inferences drawn from the above (e.g., internal segments or risk indicators used for personalization, safety and fraud-prevention).
Sensitive personal information, as defined by CCPA, only where you choose to provide it or where necessary for safety/verification (for example, sexual orientation, precise geolocation, limited ID verification data).

We describe these categories, the sources of this information and the purposes for which we use it in more detail in Sections 3-5 of this Policy.

12.2.2. “Selling” or “sharing” personal information; targeted advertising

12.2.2.1. Under CCPA/CPRA, certain uses of personal information (for example, involving cookies, advertising identifiers or analytics/advertising partners) may be treated as a “sale” or “sharing”, even if no money changes hands (see also Section 5.1).

12.2.2.2. To the extent our use of analytics and advertising technologies is considered a “sale” or “sharing” under CCPA, California residents have the right to opt out of such “sale” or “sharing”.

We will make available one or more mechanisms to exercise this right, which may include:

a “Do Not Sell or Share My Personal Information” or “Your Privacy Choices” link or equivalent in the Services; and/or
honoring valid opt-out preference signals where required by California law.

12.2.3. Use and disclosure of sensitive personal information

12.2.3.1. Where we collect “sensitive personal information” (as defined in CCPA), we do not use or disclose it for purposes that require an additional “Right to Limit” under CCPA.

12.2.3.2. Instead, we use sensitive personal information only for the limited purposes allowed by CCPA, such as:

to perform services reasonably expected by an average user of a dating app (e.g., using your sexual orientation or preferences to show matches, using location to show nearby users);
to ensure security and integrity, prevent fraud and abuse;
to verify your identity and age where necessary;
to comply with law and to exercise or defend legal claims.

Because of this, California residents do not currently have a separate “Right to Limit” our use of sensitive personal information under CCPA in relation to Twinby beyond the existing rights described in Sections 9 and 12.

12.2.4. California privacy rights

In addition to the rights described in Section 9.4, California residents may, subject to statutory conditions and exceptions:

Request to know: ask us to disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, purposes, and third parties to whom we disclose it.
Request deletion of personal information we collected from you, subject to statutory exceptions (for example, where we must keep data to detect security incidents, prevent fraud, comply with legal obligations, or for internal uses that are reasonably aligned with your expectations).
Request correction of inaccurate personal information.
Opt out of the “sale” or “sharing” of personal information or of cross-context behavioral advertising, as described above.
Be free from discrimination for exercising your CCPA rights.

How to exercise these rights and how we verify and respond to requests is described in Section 9.4.2-9.4.4. You may also contact us using the details in the Section 16.

12.3. Other U.S. states with comprehensive privacy laws

12.3.1. Applicability

This subsection applies, as relevant, to residents of U.S. states that have comprehensive consumer privacy laws similar to CCPA/CPRA (for example, Colorado, Connecticut, Virginia and others), to the extent such laws apply to Twinby.

12.3.2. Additional rights

Subject to statutory conditions and exceptions, residents of these states may have rights that are substantially similar to those described in Section 9.4, including:

the right to confirm whether we process your personal data and to access it;
the right to correct inaccuracies;
the right to delete certain personal data;
the right to data portability for certain data you provided to us;
the right to opt out of:
targeted advertising / cross-context behavioral advertising;
sale of personal data (as defined by state law);
certain profiling in furtherance of decisions that produce legal or similarly significant effects;
in some states, the right to limit certain uses of sensitive personal data.

12.3.3. Opt-out of targeted advertising and sale

Where required by state law, we will provide mechanisms (for example, in-product privacy settings, links such as “Your Privacy Choices”, and/or recognition of valid browser preference signals) that allow you to opt out of:

the use of your personal data for targeted advertising; and/or
any practices that are deemed a “sale” of personal data under the relevant state law.

12.3.4. Appeals

Where state law provides a right to appeal our decision on a privacy request (for example, if we refuse or partially refuse a request), we will inform you of how to submit an appeal and the applicable deadlines in our response.

12.3.5. Interaction with other sections

The practical steps to exercise these rights (methods of contact, verification, response times) are described in Section 9.4. This subsection is intended to clarify that we recognize and will honor applicable state-specific rights to the extent those laws apply to Twinby.

12.4. Consumer Health Data (Washington and similar laws)

12.4.1. Scope

12.4.1.1. This subsection applies where state “consumer health data” laws (such as Washington’s My Health My Data Act and similar or future laws in other U.S. states) apply to your use of the Services.

12.4.1.2. In addition to this Privacy Policy, Twinby maintains a separate Consumer Health Data Privacy Policy (the “Consumer Health Data Privacy Policy”), which is made available through the Services where such laws apply. The Consumer Health Data Privacy Policy provides more detailed information about how we collect, use, disclose and protect “consumer health data” as defined by those laws.

12.4.1.3. If there is any inconsistency between this Section 12.4 and the Consumer Health Data Privacy Policy for matters covered by those state laws, the Consumer Health Data Privacy Policy will prevail for the scope and jurisdictions to which it applies, to the extent required by law.

12.4.2. How we may encounter consumer health data

12.4.2.1. Twinby is not a medical or healthcare provider and does not offer diagnosis or treatment. However, because users can share free-text, photos and other content, some users may choose to disclose information that may qualify as “consumer health data” under applicable state law, for example:

information about mental or emotional well-being;
information about sexual health, safer sex preferences or boundaries;
other health-related experiences you voluntarily describe in your profile or messages.

12.4.2.2. We do not require you to provide such information to use the Services. If you choose to disclose it, it will be handled as described in this Privacy Policy and, where applicable, in the Consumer Health Data Privacy Policy.

12.4.3. Use and disclosure of consumer health data

12.4.3.1. Where a state consumer health data law applies, we will handle consumer health data in line with that law and the Consumer Health Data Privacy Policy. In particular, as further described in the Consumer Health Data Privacy Policy, we:

collect, use and disclose consumer health data only as reasonably necessary to provide and maintain the Services you request (for example, to display the content you choose to share, to operate safety features and to enforce our policies) or as otherwise permitted or required by law;
do not sell consumer health data as that term is defined in applicable state law;
do not publish or disclose consumer health data for advertising or marketing of third-party products or services unrelated to the Services, except where permitted by law and with any required consents;
implement reasonable technical and organizational safeguards designed to protect consumer health data against unauthorized access and disclosure.

12.4.4. Your choices regarding health-related information

12.4.4.1. You can always choose not to disclose health-related information in your profile or communications. If you previously disclosed such information and no longer want us to process it:

you can edit or delete the relevant profile fields, photos or content directly in the Services; and/or
you can request deletion or restriction under the rights described in Sections 9 and 12 of this Privacy Policy and in the Consumer Health Data Privacy Policy, subject to any statutory exceptions (for example, where we must retain limited data for safety, fraud-prevention or legal reasons).

12.4.5. Additional rights under consumer health data laws

12.4.5.1. Where consumer health data laws apply to Twinby and to your use of the Services, you may have additional rights specifically in relation to consumer health data (for example, rights to access, delete, withdraw consent for certain uses, or obtain details of disclosures).

12.4.5.2. The scope and exercise of those rights are described in the Consumer Health Data Privacy Policy and may also be exercised using the privacy contact channels set out in Section 9 and 16.

13. ADDITIONAL INFORMATION FOR USERS IN THE EEA, UNITED KINGDOM AND SWITZERLAND

13.1. Applicability of this section

13.1.1. This Section 13 applies to you if, at the time of using the Services, you are located in:

(a) a member state of the European Economic Area (EEA);

(b) the United Kingdom; or

13.1.2. In such cases, your personal data is subject to the EU General Data Protection Regulation (GDPR), the UK GDPR and/or the Swiss Federal Data Protection Act, as applicable, in addition to the rest of this Privacy Policy.

13.2. Controller and contact details

13.2.1. The controller of your personal data is the Twinby entity identified in Section 1.

13.2.2. You can contact us for any questions or requests relating to your personal data using the contact details set out in Section 16.

13.2.3. We currently do not list in this Privacy Policy any specific data protection officer or local representative in the EEA/UK. If we are required by law to appoint such a person or entity for the Services, we will update this Privacy Policy and/or provide additional notices in the Services to identify them.

13.3. Legal bases for processing

13.3.1. Where GDPR/UK GDPR/Swiss law applies, we rely on the following main legal bases for processing your personal data (as already reflected in Section 4 of this Privacy Policy):

(a) Performance of a contract

To provide and operate the Services and to take steps at your request prior to entering into a contract (for example, creating and maintaining your Account, enabling matches and messaging, processing subscriptions and paid features).

(b) Legitimate interests

To pursue our legitimate interests, provided that they are not overridden by your interests or fundamental rights and freedoms. These legitimate interests include, for example:

(i) operating, maintaining and improving the Services;

(ii) ensuring safety, security, fraud prevention and abuse prevention;

(iii) handling user support, complaints and disputes;

(iv) internal analytics, product development and business reporting;

(v) protection of our rights, our users and the public.

Where required by law, we rely on your consent, for example for:

(i) certain cookies, SDKs and similar technologies that are not strictly necessary;

(ii) certain forms of marketing or electronic communications;

(iii) processing of specific categories of sensitive data (for example, precise location or certain health-related information), where local law requires consent.

You can withdraw consent at any time as described in Sections 9 and 11, without affecting the lawfulness of processing before withdrawal.

(d) Compliance with legal obligations

To comply with legal and regulatory requirements, including those relating to consumer protection, data protection, electronic communications, tax, accounting, law enforcement requests and court orders.

(e) Protection of vital interests

In rare situations where processing is necessary to protect your vital interests or those of another person (for example, in connection with serious and immediate risks to life or physical safety).

13.3.2. If you would like more detail on how a specific processing operation relates to a particular legal basis, you can contact us using the details in Section 16.

13.4. Legitimate interests balancing

13.4.1. For processing that we carry out on the basis of our legitimate interests, we have considered and weighed:

(a) our interest in operating a safe, reliable and commercially viable dating and social discovery service;

(b) your reasonable expectations as a user of such a service; and

13.4.2. We apply safeguards intended to ensure that your interests and rights are not overridden, for example:

(a) data minimization and limited retention;

(b) technical and organizational security measures;

(d) providing you with clear information and practical controls (for example, Account settings, opt-outs and rights described in Section 9).

13.4.3. You have the right to object, on grounds relating to your particular situation, to processing based on legitimate interests, as described in Section 9.3 (Rights under GDPR / UK GDPR and similar laws).

13.5. Automated decision-making and profiling under GDPR/UK GDPR

13.5.1. As described in Section 4.10 (Automated Decision-Making and Profiling), we use profiling and automated processing, in particular to:

(a) recommend which profiles you see and which users see your profile;

(b) support fraud and abuse detection;

13.5.2. We do not carry out automated decision-making that produces legal effects concerning you or similarly significantly affects you, in the sense of Article 22 GDPR / UK GDPR, without ensuring that such processing is permitted by law and that appropriate safeguards (including human review) are in place.

13.5.3. If, in the future, we introduce automated decision-making that falls within Article 22 GDPR / UK GDPR and is relevant to you, we will provide additional information required by law, including your rights in relation to such decisions.

13.6. International data transfers for EEA/UK/Swiss users

13.6.1. Section 7 (International Data Transfers) describes how and where your personal data may be transferred and processed. For users in the EEA, UK and Switzerland, we:

(a) use applicable European Commission standard contractual clauses, the UK International Data Transfer Agreement or Addendum, or other recognized mechanisms where required;

(b) implement additional technical and organizational measures where appropriate, based on transfer risk assessments;

(c) rely, where available, on adequacy decisions adopted by the European Commission, the UK government or Swiss authorities.

13.6.2. You may request more information about the mechanisms used for international transfers of your personal data, including a copy of the key contractual safeguards (subject to redactions for confidential information and the privacy of others), by contacting us as described in Section 16.

13.7. Right to lodge a complaint with a supervisory authority

13.7.1. If you are in the EEA, UK or Switzerland and you believe that our processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with a competent supervisory authority.

13.7.2. You can usually choose to complain to the authority in:

(a) the country or (for Switzerland) canton of your habitual residence;

(b) the place where you work; or

13.7.3. You can also contact us first using the details in Section 16. We will try to address your concerns, but you always retain the right to contact a supervisory authority directly.

14. THIRD-PARTY SERVICES AND LINKS

14.1. General rule

14.1.1. The Services may contain links to, or integrations with, websites, applications, services or tools that are operated by third parties and not by Twinby (“Third-Party Services”).

14.1.2. This includes, for example:

(a) App Store and mobile platform providers;

(b) external payment providers (where used);

(d) social networks or other platforms that you choose to connect;

(e) websites, profiles or content linked by other users in their profiles or messages;

(f) third-party resources or information pages we may reference (for example, safety resources).

14.1.3. Third-Party Services are governed by their own terms and privacy policies. This Privacy Policy does not apply to any processing carried out solely by those third parties for their own purposes.

14.2. Third-Party Services that are independent controllers

14.2.1. In many cases, Third-Party Services act as independent controllers of your personal data, not as processors on our instructions. This typically includes:

(a) App Store and platform providers (such as Apple App Store and Google Play);

(b) external payment providers that process your payments directly;

(d) external websites and apps you visit via links in profiles, ads or messages.

14.2.2. When you interact with these Third-Party Services, they may collect and process personal data about you under their own privacy policies. Twinby is not responsible for how they handle your data and does not control their privacy or security practices.

14.2.3. You should carefully review the applicable third-party terms and privacy policies before providing them with personal data or using their services.

14.3. Third-party sign-in, sharing and integrations

14.3.1. If you choose to sign up, log in or otherwise interact with the Services via a Third-Party Service (for example, a social login or platform account), that provider may share limited information with us (such as a verified email address or an identifier), as described earlier in this Policy.

14.3.2. That provider may also independently know that you have created or accessed an Account. Its use of your data is subject to its own privacy policy, not this Policy.

14.3.3. If you connect or share content from the Services to a Third-Party Service (for example, posting a link to your profile or screenshot on social media), any information you disclose in that context is handled by that third party. Twinby has no control over what they do with that data.

14.4. Links and content shared by users

14.4.1. Other users may share links or references to external websites, apps, profiles, messengers, payment services or other resources in their profiles or messages. These are Third-Party Services that are not controlled, operated or endorsed by Twinby.

14.4.2. We do not routinely review, approve or monitor all such external links. If you choose to follow a link or communicate with someone outside the Services (for example, via external messengers, social media, or payment platforms), you do so at your own risk.

14.4.3. Any personal data you provide directly to third parties in that context is subject to their privacy policies. Twinby is not responsible for:

(a) the content, security or practices of such external services;

(b) how those third parties collect, use, disclose or protect your data;

14.5. Third-party cookies, SDKs and similar technologies

14.5.1. As explained in the section on cookies and similar technologies, we may allow certain third-party providers to place or access cookies, mobile software development kits and similar technologies in connection with the Services (for example, analytics, security, attribution or measurement tools).

14.5.2. These third parties may collect information such as device identifiers, usage data and event data in order to provide their services to us (for example, measuring performance, detecting abuse or attributing installations).

14.5.3. Their use of such technologies and data is also subject to their own privacy policies. Where applicable law treats certain activities as “sale” or “sharing” of personal information or as targeted advertising, your additional rights and choices are described in the sections of this Policy dealing with state-specific privacy rights and cookies and similar technologies.

14.6. User responsibility and caution

14.6.1. You are responsible for deciding whether to use any Third-Party Services, follow links, or provide personal data to third parties. Twinby cannot guarantee the security or privacy practices of any third party.

14.6.2. We recommend that you:

(a) be cautious when leaving the Services via links in profiles, messages, ads or other content;

(b) review the terms and privacy policies of any Third-Party Service before using it or providing personal data;

(c) be especially careful when third parties request sensitive information such as passwords, identity documents, financial data or security codes.

14.6.3. If you believe that a link or interaction with a Third-Party Service in connection with the Services is unsafe, fraudulent or abusive, you should:

(a) avoid using that link or service; and

(b) report the issue to us through the in-app reporting tools or support channels so that we can review it and, where appropriate, take action under our Terms of Use and Community Guidelines.

15. CHANGES TO THIS POLICY

15.1. Why we may change this Policy

15.1.1. We may update or modify this Privacy Policy from time to time, for example when:

(a) we introduce new features, products or services;

(b) our data processing practices change;

(d) we adjust our corporate structure or the entities responsible for your data.

15.1.2. We will not retroactively reduce your privacy rights in a way that is inconsistent with applicable law. Any changes will apply on a going-forward basis from the effective date indicated in the “Last updated” line at the top of this Policy.

15.2. How we will inform you

15.2.1. When we make changes, we will revise the “Last updated” date and, where appropriate, the version number at the top of this Policy.

15.2.2. If we make changes that are material in the context of applicable law or that significantly affect how we process your personal data, we will take additional steps to inform you, which may include:

(a) displaying a notice in the App or on the website;

(b) sending you an email or in-app message;

15.2.3. Where applicable law requires it (for example, if the changes affect processing based on consent), we will seek your consent to the changes or to specific new processing activities.

15.3. When changes take effect

15.3.1. Unless otherwise stated in the notice, changes to this Policy take effect from the date indicated in the “Last updated” field at the top of the Policy.

15.3.2. If you continue to use the Services after the updated Policy takes effect, this will generally mean that you have read and understood the updated version, to the extent permitted by applicable law.

15.3.3. If you do not agree with the updated Policy, you must stop using the Services and delete your Account. You may also contact us if you have questions about specific changes.

16. CONTACT DETAILS AND COMPLAINTS

16.1. General contact channels

16.1.1. If you have general questions about the Services (that are not specifically about privacy or data protection), you can contact us via:

(a) in-app support tools or help centre (where available); or

(b) email to our general support address: support@twinby.com (or another support address indicated in the App or on the website).

16.1.2. These channels are intended for product, technical and account-related issues.

16.2. Privacy and data protection contact

16.2.1. For questions, requests or complaints specifically related to privacy, data protection or this Policy, you should contact us at email: (or any other dedicated privacy contact that we may indicate in the App or on the website for your jurisdiction).

16.2.2. When you contact us about privacy matters, please:

(a) clearly state that your request concerns “privacy” or “data protection”;

(b) describe your request or concern in sufficient detail; and

(c) provide information that allows us to identify your Account (for example, the email or phone number used to register and your country of residence).

16.2.3. We may ask you for additional information if reasonably necessary to verify your identity or to clarify your request, especially when you exercise statutory rights (for example, access, deletion, objection).

16.2.4. You may send written correspondence to the applicable entity listed in the Section 1. For faster handling of privacy-related requests, we recommend using the email contact in this Section.

16.3. Complaints to supervisory or regulatory authorities

16.3.1. If you believe that our processing of your personal data violates applicable data protection or privacy law, you have the right to lodge a complaint with the competent authority, where such a right is provided by law. This may include, for example:

(a) a data protection authority in the country or state where you live or work; or

(b) the authority in the place where the alleged infringement took place.

16.3.2. Nothing in this Policy limits your right to file such a complaint. You may use this right in addition to, or instead of, contacting us directly.

16.3.3. We encourage you to contact us first using the details in Section 16.2. We will review your request or complaint and attempt to resolve the issue in line with this Policy and applicable law.

16.4. Local representatives and specific contacts (where applicable)

16.4.1. If, in the future, any law requires us to designate:

(a) a data protection officer;

(b) a representative in a specific jurisdiction (for example, an EU or UK representative); or

we will identify the relevant details in this section or in a separate jurisdiction-specific notice.

16.4.2. Until such details are expressly provided, all privacy-related questions and requests should be directed to or to the postal address of the relevant Twinby entity as set out above.