TwinPhoneTwinPhone

Privacy Policy

Last updated: March 30, 2026

1. Introduction

TwinPhone ("we," "our," "us") operates the twin-phone.com website and browser-based international calling service (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal data when you use our Service. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Data Controller

For the purposes of the EU General Data Protection Regulation ("GDPR"), the UK GDPR, and other applicable data protection laws, TwinPhone is the data controller responsible for your personal data. For any privacy-related inquiries, contact us at support@twin-phone.com.

3. Legal Bases for Processing

We process your personal data only when we have a valid legal basis under applicable law, including:

  • Contract performance: Processing necessary to provide the Service you requested (account management, call routing, billing).
  • Legitimate interests:Fraud prevention, service security, analytics to improve performance — balanced against your rights and freedoms.
  • Legal obligation: Compliance with applicable laws, tax regulations, and lawful government requests.
  • Consent: Where required (e.g., optional analytics cookies, marketing communications). You may withdraw consent at any time without affecting the lawfulness of prior processing.

4. Information We Collect

Account Information: Email address and optional display name provided during registration.

Call Metadata: Numbers dialed, call duration, timestamps, and call status. Required for billing and your call history. We do not record or store call audio unless you explicitly enable the call recording feature.

Payment Information: Payment transactions are processed by our third-party payment processor (Stripe). We receive a transaction reference and amount. We do not store credit card numbers, CVVs, or full card details on our servers.

Technical Data: IP address, browser type and version, device type, operating system, referring URL, pages visited, and session duration. Collected automatically via server logs and analytics.

Communications: If you contact us for support, we retain the content of your messages to resolve your inquiry and improve our service.

5. How We Use Your Information

  • Provide, operate, and maintain the calling Service
  • Process payments, manage your account balance, and generate invoices
  • Send transactional communications (receipts, password resets, service alerts)
  • Detect, prevent, and address fraud, abuse, and security threats
  • Analyze usage patterns to improve service quality (in aggregate and anonymized form)
  • Comply with legal obligations and respond to lawful requests
  • Enforce our Terms of Service

We do not sell, rent, or trade your personal data to third parties for marketing or advertising purposes. We do not use your data for targeted advertising.

6. Call Encryption & Security

Every call made through TwinPhone is encrypted using TLS (Transport Layer Security) for signaling and SRTP (Secure Real-Time Transport Protocol) for audio. This encryption is automatic, always-on, and cannot be disabled. TwinPhone employees cannot listen to or access the audio content of your calls. We implement industry-standard technical and organizational measures to protect your data, including encrypted data storage, access controls, and regular security audits. However, no system is 100% secure, and we cannot guarantee absolute security of data transmitted over the Internet.

7. Data Sharing & Third-Party Processors

We share personal data only with the following categories of service providers, solely to the extent necessary for the Service to function:

  • Telecom infrastructure: Call routing via third-party carriers (Twilio). Call metadata is shared to connect your calls.
  • Payment processing: Stripe processes your payments. We share only the minimum data required for transactions.
  • Hosting & infrastructure: Cloud hosting providers (Vercel, Supabase) that store and serve our application data.
  • Analytics: Anonymized, aggregate usage data for service improvement. No personally identifiable information is shared with analytics providers.
  • Error monitoring: Sentry receives anonymized error reports to help us fix bugs.

All third-party processors are bound by data processing agreements and are required to handle your data in compliance with applicable privacy laws. We do not sell personal data to any third party.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. Where required by law (e.g., transfers from the EEA, UK, or Switzerland), we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, data processing agreements with our sub-processors, or other legally recognized transfer mechanisms. By using the Service, you acknowledge this transfer. If you are located in the EEA, UK, or Switzerland, you have the right to request a copy of the applicable safeguards by contacting us.

9. Data Retention

  • Account data: Retained while your account is active and for 90 days after deletion to process pending transactions and comply with legal obligations.
  • Call metadata: Retained for the duration of your account plus 90 days after deletion.
  • Call recordings: If enabled by you, retained until you delete them or close your account.
  • Payment records:Retained as required by applicable tax and financial regulations (typically 5–7 years).
  • Server logs: Automatically purged after 90 days.

10. Your Rights

For All Users

Regardless of your location, you may: access and download your personal data through your account dashboard, request correction of inaccurate data, request deletion of your account and associated data, and opt out of non-essential communications at any time.

European Economic Area, United Kingdom & Switzerland (GDPR / UK GDPR)

If you are located in the EEA, UK, or Switzerland, you additionally have the right to: restrict or object to certain processing, request data portability in a machine-readable format, withdraw consent at any time (without affecting prior processing), and lodge a complaint with your local data protection authority (e.g., the ICO in the UK, CNIL in France, BfDI in Germany).

California Residents (CCPA / CPRA)

Under the California Consumer Privacy Act and the California Privacy Rights Act, you have the right to: know what personal information we collect, request deletion, opt out of the sale or sharing of personal information (we do not sell your data), and not be discriminated against for exercising your rights. To submit a verifiable consumer request, email us at support@twin-phone.com. We will respond within 45 days. In the preceding 12 months, we have not sold any personal information.

Brazil (LGPD)

If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados, including the right to access, correct, delete, anonymize, or port your data, and to revoke consent.

Other Jurisdictions

If your jurisdiction provides additional privacy rights (e.g., Canada PIPEDA, Australia Privacy Act, Japan APPI, South Korea PIPA), we will honor those rights in accordance with applicable law. Contact us to exercise them.

To exercise any of these rights, email support@twin-phone.com. We will verify your identity and respond within the timeframes required by applicable law. We do not charge a fee for rights requests unless they are manifestly unfounded or excessive.

11. Children's Privacy

The Service is not directed at children under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without verified parental consent, we will promptly delete it. If you believe a child has provided us with personal data, please contact us at support@twin-phone.com.

12. Automated Decision-Making

We may use automated systems for fraud detection and abuse prevention. These systems may flag or suspend accounts based on usage patterns. You have the right to request human review of any automated decision that significantly affects you.

13. Do Not Track Signals

We honor Do Not Track ("DNT") browser signals. When we detect a DNT signal, we disable non-essential analytics tracking for that session. We do not engage in cross-site tracking regardless of DNT settings.

14. Disclaimer & Limitation of Liability

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE." TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, TWINPHONE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL TWINPHONE, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, OR AFFILIATES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR RELATED TO YOUR USE OF OR INABILITY TO USE THE SERVICE, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE), EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

OUR TOTAL AGGREGATE LIABILITY TO YOU FOR ALL CLAIMS ARISING OUT OF OR RELATED TO THE SERVICE SHALL NOT EXCEED THE AMOUNT YOU HAVE PAID TO TWINPHONE IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR TEN US DOLLARS (USD $10), WHICHEVER IS GREATER. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF CERTAIN DAMAGES; IN SUCH CASES, OUR LIABILITY WILL BE LIMITED TO THE FULLEST EXTENT PERMITTED BY LAW.

15. Indemnification

You agree to indemnify, defend, and hold harmless TwinPhone and its officers, directors, employees, agents, and affiliates from and against any claims, liabilities, damages, losses, costs, and expenses (including reasonable legal fees) arising from your use of the Service, your violation of this Privacy Policy or applicable law, or your infringement of any third-party rights.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via email to registered users or via a prominent notice on the Service at least 30 days before taking effect. Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes. We encourage you to periodically review this page.

17. Governing Law & Dispute Resolution

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of laws principles. Any disputes arising out of or related to this Privacy Policy or the Service shall be resolved through binding arbitration administered by a recognized arbitration body, conducted in the English language. You agree to waive any right to participate in a class action lawsuit or class-wide arbitration.

Nothing in this section limits your right to bring complaints before your local data protection authority, or any rights that cannot be waived under applicable consumer protection law in your jurisdiction.

18. Contact

For any privacy-related questions, data requests, or complaints, contact us at: support@twin-phone.com. We aim to respond to all inquiries within 30 days, or sooner where required by applicable law.