Privacy Policy

# last updated: 2026-05-15

# this policy explains what twin collects, how twin uses it, and the controls you have. plain english on purpose.

who we are

Twin is operated by Arsh Singh (sole proprietor), reachable at [email protected]. The hosted service runs at twin.arshsingh.net.

what we collect

Twin collects only what you give it, plus the minimum needed to run the service.

account data: name and email address you provide at sign-up (via Clerk authentication). Used for sign-in and account communication only.
content you ingest: notes you type, emails forwarded to your Twin alias, git repositories you point Twin at, content from connectors you explicitly authorize (Google Mail, Google Calendar, others added in the future). Stored in your isolated tenant in Twin's database.
extracted entities and facts: Twin processes the content above to identify people, projects, and decisions, and stores them in your personal knowledge graph.
operational metadata: request logs (truncated, retained 30 days for debugging), audit-log entries describing every automatic action Twin took (entity merges, fact extractions, etc.) — these are visible to you in your account.

google user data — limited use

+--- google api services user data policy ---+

If you connect Google Mail or Google Calendar, Twin's use of Google user data follows the Google API Services User Data Policy, including the Limited Use requirements.

Twin requests gmail.readonly only when you authorize the Gmail connector. Twin reads message metadata + body to build your personal graph; Twin does not send mail, modify mail, or delete mail.
Twin requests calendar.readonly only when you authorize the Calendar connector. Twin reads upcoming events to assemble pre-meeting briefs; Twin does not modify your calendar.
Twin does not sell Google user data, use it for advertising, or use it to train or improve any general-purpose AI model. Twin uses Google user data only to provide and improve the user-facing features of Twin for you, the signed-in user.
No humans read your Google data except (a) yourself, (b) automated systems described in this policy, or (c) a Twin operator with your explicit written permission for support purposes.

how we use it

Content you ingest is processed by Twin's workers to build your personal knowledge graph — extracting people, projects, decisions, and relationships. The graph powers retrieval surfaces you've enabled (web app, MCP server, browser extension, email/iMessage briefs).

third-party processors

Twin relies on a small number of third-party services to operate. Each is invoked with the minimum data needed.

Clerk — authentication. Receives your name + email at sign-up.
Anthropic Claude API — entity extraction and chat. Called with the anthropic-beta: zero-retention flag so prompts and completions are not retained by Anthropic.
OpenAI API — embeddings + fallback extraction. Called with zero-retention flags where supported.
Ollama (local) — when self-hosting, runs entirely on your machine; no data leaves your environment for LLM calls.
Resend — transactional email (digests, account email).
Cloudflare + Oracle Cloud (Coolify) — hosting infrastructure.

retention

Your ingested content, extracted facts, and audit log persist for the lifetime of your account.
Request logs are truncated and retained 30 days.
LLM API calls are made with zero-retention flags where supported, so prompts and completions are not retained by the provider.
You can delete any node, any fact, or your entire account at any time. Account deletion removes all your data from Twin's primary database within 7 days.

export / edit / delete — the controls you have

export: the export endpoint produces an Obsidian-compatible Markdown vault of your entire graph on demand.
edit: the audit log shows every automatic decision Twin made (every entity merge, every fact assertion). Each is reversible with an undo button.
delete: individual nodes/facts via the app or API; full account deletion via account settings or email request to [email protected].
disconnect: revoking a connector (e.g., Gmail) stops new ingestion but does not delete past content; use delete controls above to remove it.

security

OAuth tokens for connectors are encrypted at rest.
Tenant isolation: every query is scoped to your tenant; cross-tenant access is impossible at the data layer.
Transport: TLS for all API + web traffic.
Twin does not yet hold a SOC 2 attestation. The self-hosted OSS edition is the recommended path for users with strict compliance needs.

cookies + analytics

Twin uses functional cookies for authentication (set by Clerk). The waitlist form stores submitted name + email in Cloudflare KV with no tracking cookies. Twin does not use third-party analytics that profile users.

international users

Twin is operated from the United States. By using Twin, you consent to your data being processed in the United States. If you are subject to GDPR or similar regimes and need a Data Processing Agreement, email [email protected].

children

Twin is not directed to children under 13 and does not knowingly collect their data.

changes to this policy

Material changes will be announced via the email on your account at least 14 days before taking effect. The "last updated" date at the top of this page reflects the most recent revision.

contact

Questions, complaints, or data requests: [email protected].