Privacy Policy
This policy explains what data OriginTwin ("we", "us") collects when you use the OriginTwin mobile application and the website at origintwin.com, why we collect it, who can see it, and how you can remove it.
1. Data we collect
- Account data — name and email address you provide at registration. Stored encrypted at rest.
- Authentication data — bcrypt-hashed password (we never see or store the plaintext) and device-bound refresh tokens for keeping you signed in.
- Twin training content — your free-text answers to the weekly questions and dilemmas you choose to respond to. These are personal and intentionally so; that's how the twin becomes yours.
- Twin conversations — messages you exchange with your own twin, plus any twin-of-you reflections that invited people contribute.
- Inferred personality data — embeddings derived from your answers, used to retrieve relevant context when your twin is generating a response. Stored as numeric vectors, not readable as text.
- Technical metadata — IP address, device type, and app version, used for security (rate limiting, abuse detection) and operational debugging.
We do not collect: precise location, contacts list, microphone audio, camera images outside the screenshots you choose to attach when reporting a bug, or behavioral data from outside the app.
2. Why we collect it
- Account data and authentication data — to give you a private, secure account.
- Twin training content and conversations — to build and operate your twin. This is the core product.
- Embeddings — to make your twin's responses reflect your own previous answers (retrieval-augmented generation).
- Technical metadata — for security and to keep the service running.
3. AI / model usage
Your twin's responses are generated by a third-party large language
model API (Google Gemini, model gemini-2.5-flash, as of
this writing). When you talk to your twin, the relevant excerpts of
your training answers are sent to the model along with your message
so it can respond in your voice. The same provider also generates
the numeric embeddings used to retrieve those excerpts. Google does
not retain this data for training their models on the API tier we
use, per their published API terms at the time of writing.
We may switch model providers in the future. If we do, this section will be updated and you'll be told before any pre-existing data is sent to a new provider.
4. Who can see your data
By default: only you and the people you explicitly invite. Specifically:
- You see your own twin and your own conversations.
- People you invite as "mirrors" can answer questions about you. Their answers are visible to you (in the form of a twin-of-you they shape) and to them (so they can edit). They cannot see your own training answers.
- Custodians you set up under Legacy never have access until and unless the verification process you configured is triggered. This is opt-in; legacy access is OFF by default.
- Our team can view operational logs (no message content) and can read the database to fix issues you've reported, but does not browse user content for any other reason.
5. Sharing with third parties
We use a small set of service providers to operate the product. None of them are given more data than they need:
- Cloud hosting — a single Frankfurt server (EU). Postgres, Redis, the API, and the web stay on the same host; no third-party data warehouse.
- Model + embedding API — Google Gemini, for both twin response generation and the numeric vector embeddings that power context retrieval. Google does not retain API content for model training on the tier we use.
- Email delivery — Resend, for transactional email (verification codes, password resets, legacy notifications).
- Push notifications — Google FCM via Expo's push relay, for sending alerts to your Android device. (We are Android-only as of this writing; iOS / APNs will be added later and this section updated.)
We do not sell your data, share it for advertising, or expose it to data brokers. We do not run analytics SDKs that profile users.
6. Where it lives, and how it's protected
Data is stored in an EU-region Postgres database. All transport is HTTPS with TLS 1.2+. Passwords are bcrypt-hashed. Verification and reset codes are bcrypt-hashed and single-use with a 15-minute expiry. Refresh tokens are SHA-256-hashed and rotated on each use.
7. Deleting your data
You can delete your OriginTwin account at any time, from inside the app: Settings → Delete My Account. Deletion is immediate and irreversible. It removes your account, your training answers, your twin conversations, your embeddings, and any mirrors you invited. Refresh tokens are revoked.
You can also export your data first via Settings → Export My Data, which gives you a JSON file with everything we have on you.
If you can't access the app for some reason and want to delete your account, email hello@origintwin.com from the address you registered with. Account deletion details are also at origintwin.com/account-deletion.
8. Children
OriginTwin is not directed at children under 13 (or under the equivalent minimum age in your jurisdiction) and we do not knowingly collect data from them. If you believe a child has registered, contact us and we'll delete the account.
9. Changes to this policy
We'll update this page when the data-handling story changes. The "Last updated" date at the top reflects when. For material changes (e.g., a new third-party processor receiving your content), we'll notify registered users by email before the change takes effect.
10. Contact
Questions, deletion requests, or data-portability requests: hello@origintwin.com.
This policy is the operator's plain-English description of what the product does with your data. It is intended to be accurate and complete; it is not a substitute for legal counsel under your local jurisdiction. If you have specific compliance needs (GDPR Article 15 requests, etc.), contact us and we'll handle them individually.