Twintro Privacy Policy

Twintro is provided by Twintro, LLC, a Colorado limited liability company (“Twintro,” “we,” “us,” or “our”). This Privacy Policy (“Policy”) explains how we collect, use, disclose, and protect Personal Information in connection with the Twintro website at https://twintro.com, the user dashboard at https://twintro.com/dashboard, public profile pages at vanity URLs (for example, https://twintro.com/<handle>), the AI Concierge, the Knowledge Base, the Digital Card system, the Messages feature, the Workforce Orbits and Handshake networking features, and any associated applications, APIs, or services that link to this Policy (collectively, the “Service”). This Policy is incorporated into our Terms of Service by reference. Capitalized terms not defined here have the meanings given in the Terms of Service.

Please read this Policy carefully. By accessing or using the Service, you acknowledge that you have read and understood this Policy. If you do not agree, do not access or use the Service.

1. Scope and Who This Policy Covers

This Policy applies to Personal Information collected when you:

• create or use an Account, including when you upload a resume or CV, populate your Knowledge Base, or generate Outputs;
• publish, share, or distribute a Digital Card or interact through a vanity URL of the form https://twintro.com/<handle>;
• use the AI Concierge, the Messages feature, Handshake, Workforce Orbits, Deep Dives, or Job Fit Analysis;
• visit our website, public pages, or any other surface that links to this Policy, even if you do not have an Account; or
• interact with another User's Concierge or Digital Card as a visitor or recipient of a shared link.

If you are an employer or organization using the Service in connection with recruiting, hiring, or talent discovery, additional terms apply under our Terms of Service. You are independently responsible for your own privacy obligations to your candidates, employees, or other data subjects.

2. Definitions

“Personal Information” information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified or identifiable individual or household. “Personal Data” under EU/UK law is treated equivalently.

“Sensitive Personal Information” the categories of data designated as “sensitive” under applicable law (for example, the California Privacy Rights Act, the Colorado Privacy Act, and the EU/UK GDPR), including government identifiers, precise geolocation, racial or ethnic origin, religious or philosophical beliefs, biometric data used for unique identification, health information, sexual orientation, and account credentials. Twintro does not require Sensitive Personal Information to provide the Service and asks you not to upload it. See Section 4.6.

“User Content” any resume, CV, work history, text, image, photograph, voice sample, link, document, credential, or other material you upload, type, transmit, or otherwise inject into the Service, including everything that populates your Knowledge Base.

“Outputs” content generated by the Service from User Content, including Top Traits, My Essence, Expertise, Value, Key Competencies, Job Fit reports, Deep Dive analyses, Workforce Orbits placement, and Concierge responses.

“Public Profile” any portion of your Digital Card (including your handle, vanity URL, profile photo, summary text, contact links, and AI Concierge chat surface) that you have configured to be visible to the public or to non-authenticated visitors.

“Third-Party Services” third-party websites, applicant tracking systems, social networks, identity providers, payment processors, AI/model providers, or other platforms that may be linked from, integrated with, or used in connection with the Service.

“Process” any operation performed on Personal Information, including collection, recording, storage, alteration, retrieval, use, disclosure, transmission, restriction, erasure, or destruction.

3. Information We Collect

3.1 Information You Provide Directly

Depending on how you use the Service, you may provide:

• Account and Identity Data: your name, email address, password (hashed), authentication identifiers, vanity handle, profile photo, and any single-sign-on identifier you use to register.
• Resume, CV, and Professional Data: employment history, education, certifications, licenses, projects, publications, skills, and any other information contained in materials you upload or type into your Knowledge Base.
• Contact and Outreach Data: phone numbers, email addresses, LinkedIn URLs, repository links, portfolio URLs, or other contact methods you choose to publish on your Digital Card.
• Persona / Multiple Twintro Data: the alternative Personas you create, including separate handles, photos, and Knowledge Base entries associated with each.
• Messages and Communications: the content of messages you send through the Messages feature, Concierge conversations you initiate or receive, support requests, feedback, and your communications with us.
• Networking Data: Handshakes you send or receive, Workforce Orbits you join, events you opt into, and Deep Dive requests you initiate or approve.
• Payment Data (if you purchase a Paid Service): billing name, billing address, and partial payment-card details retained by our payment processor; we do not store full card numbers on our systems.

If you are an employer or organization and upload information about candidates or other individuals, you represent and warrant that you have provided any required notices and obtained any required consents or other lawful basis to share that information with Twintro for Processing under this Policy.

3.2 Information Collected Automatically

• Usage Data: pages viewed, features used, buttons clicked, timestamps, referring URLs, search queries within the Service, time spent on pages, and similar interaction data.
• Device and Connection Data: IP address, browser type and version, operating system, device identifiers, screen size, language settings, and approximate location derived from IP (where permitted).
• Diagnostics and Security Data: log files, crash reports, error traces, and performance metrics.
• Cookies and Similar Technologies: see Section 13 (Cookies).

3.3 Information from Third Parties and Integrations

We may receive information about you from:

• single-sign-on providers and identity providers you use to log in (such as your name and email associated with the SSO account);
• Third-Party Services you connect to your Account (such as LinkedIn, professional networks, or applicant tracking systems), to the extent you authorize that connection;
• fraud-prevention, security, and analytics vendors that help us protect and operate the Service; and
• other Users who initiate a Handshake, Deep Dive, or Concierge interaction involving you.

3.4 Information About Third Parties Appearing in Your Knowledge Base

Your Knowledge Base, resume, or CV may contain references to other people — former employers, managers, colleagues, references, co-authors, or clients. By submitting that content, you confirm that you have the right to do so and that you will not include sensitive or confidential information about a third party without their consent. We Process this information solely to operate the Service for you. If a third party contacts us with a concern about such content, we may contact you to confirm or, where required by law, take steps to limit or remove the relevant data.

3.5 Information from Visitors and Concierge Recipients

If you visit a public Digital Card or interact with another User's AI Concierge without an Account, we may collect: (a) the content of your chat with that Concierge; (b) any contact details you choose to provide; (c) the limited automatic data described in Section 3.2. We use this information to operate the Service, to deliver your message to the User you are trying to reach, and to detect abuse. Conversations you have with another User's Concierge are also visible to that User.

3.6 Sensitive Personal Information

Twintro does not require Sensitive Personal Information to provide the Service. We ask that you not upload Sensitive Personal Information such as government identifiers (Social Security numbers, passport numbers), precise geolocation, health or medical data, biometric identifiers, sexual-orientation information, religious or philosophical beliefs, racial or ethnic origin, or financial-account credentials. If you nonetheless choose to include such information in User Content, you consent to our Processing it solely to provide the Service as you have configured it. You can remove this information from your Knowledge Base at any time.

Photographs and voice samples may, depending on jurisdiction, be considered biometric information. We do not use photographs or voice samples to generate biometric templates for unique identification, and we do not sell or share biometric information. Where biometric-privacy laws apply (such as the Illinois Biometric Information Privacy Act), we Process such information only as needed to operate the Service for you and retain it only as long as needed to provide the Service or as required by law.

3.7 Information We Receive From a Client or Partner About You

If a Client or Partner (such as a recruiting firm, employer, enterprise, or professional association) generates a Twintro on your behalf under Section 15 of the Terms of Service, we receive information about you from that Client or Partner, not directly from you. The categories of information we receive in this scenario are strictly limited to resumes, CVs, and equivalent written professional summaries that you voluntarily provided to the Client or Partner in connection with an existing or prospective professional relationship (for example, a job application, a current or prior employment, a contractor engagement, a conference registration, an alumni or association membership, or an opt-in talent-pool submission). We do not accept, through this Bulk-Upload channel, photographs, video, voice recordings, biometric identifiers, government identifiers, health information, financial-account information, or other categories of Sensitive Personal Information.

When we receive your information this way, we act as a Processor (or “service provider” under U.S. state privacy law) of the Client or Partner with respect to that information, and the Client or Partner is the Controller (or “business”). The Client or Partner is responsible for providing you with any privacy notice required by applicable law (including under GDPR Articles 13–14, the CPRA, and the Colorado Privacy Act) and for confirming that your resume was voluntarily provided to them and that they have a lawful basis to share it with us.

We will notify you that a Twintro has been generated for you, identify the Client or Partner that initiated the upload, and provide you with the ability to claim, review, edit, restrict the visibility of, decline, or delete the Twintro at any time, as described in Section 15.8 of the Terms of Service. Once you claim your Twintro, you become the direct User of the Service, and your relationship with Twintro is governed directly by the Terms and this Policy, with Twintro acting as Controller of the relationship between you and the Service.

4. How We Use Your Information (Purposes and Legal Bases)

We Process Personal Information for the purposes below. For Users in the EU, UK, or Switzerland, the legal basis (under GDPR Article 6) is indicated in brackets.

4.1 Provide the Service and Generate Outputs

• create and maintain your Account and authenticate you; [performance of contract]
• Process User Content to populate your Knowledge Base and generate Outputs (Top Traits, My Essence, Expertise, Value, Key Competencies, Digital Card sections, Job Fit Analysis, Deep Dive results, and Workforce Orbits placement); [performance of contract]
• operate the AI Concierge to respond to inquiries on your behalf grounded in your Knowledge Base; [performance of contract]
• operate Handshake, Messages, real-time and event-based discovery, and other networking features; [performance of contract]
• deliver Paid Services you purchase and process related payments through our payment processor. [performance of contract]

4.2 Operate, Secure, and Improve Service Functionality

• monitor performance, fix bugs, and improve reliability and user experience; [legitimate interests]
• detect, prevent, investigate, and respond to fraud, abuse, harassment, prompt-injection, scraping, and security incidents; [legitimate interests]
• conduct analytics using aggregated or de-identified information where practicable; [legitimate interests]
• test and develop new features, including limited internal red-team testing of our own Models. [legitimate interests]

4.3 No Training of Foundation Models on Your Content

We do not use User Content or Outputs to train general-purpose AI foundation models, and we do not sell your Personal Information. We Process User Content and Outputs only to provide and operate the Service for you, to deliver content to the recipients you direct, to maintain and secure the Service, and to comply with applicable law. We may use de-identified or aggregated data derived from the Service to operate, evaluate, secure, debug, monitor for abuse, and improve the Service.

4.4 Communications

• send transactional and administrative communications (security alerts, policy updates, billing notices); [performance of contract / legal obligation]
• respond to inquiries and provide support; [legitimate interests]
• send product updates and educational content you may opt out of at any time. [legitimate interests / consent where required]

4.5 Compliance, Enforcement, and Safety

• comply with legal obligations and lawful government, regulatory, or judicial requests; [legal obligation / legitimate interests]
• establish, exercise, or defend legal claims; [legal obligation / legitimate interests]
• enforce our Terms of Service and protect the rights, safety, and security of Twintro, our Users, and others. [legal obligation / legitimate interests]

4.6 Automated Processing, Profiling, and Meaningful Information About the Logic

The Service relies on automated Processing, including generative-AI analysis of your User Content, to produce Outputs. Twintro uses pattern-recognition and language-model techniques to extract, summarize, and categorize information from your Knowledge Base into the structured sections of the Digital Card. Outputs are intended for informational, drafting, and reference purposes only; they do not replace your review, manual verification, or professional due diligence. Where required by law, you may have the right to obtain meaningful information about the logic involved, to challenge an automated decision, or to request human review. Contact privacy@twintro.com to exercise those rights.

If you are an employer or organization, you remain solely responsible for compliance with employment, anti-discrimination, and AI-in-hiring laws (including the Colorado AI Act, NYC Local Law 144, the Illinois AI Video Interview Act, and analogous laws) and for ensuring appropriate human oversight, bias audits, candidate notices, and consents in connection with any decision informed by the Service.

5. Sharing and Disclosure

We do not sell your Personal Information, and we do not share Personal Information for cross-context behavioral advertising (also known as targeted advertising). We disclose Personal Information only as described below.

5.1 With Other Users at Your Direction

The core function of the Service is to let you share information about yourself with other people. When you publish a Digital Card, accept a Handshake, approve a Deep Dive, send a Message, or allow your Concierge to interact with a third party, the information you have configured to be shared becomes visible to those recipients. You control what to publish and to whom. Conversations you have through the Service may be visible both to you and to the User on the other side.

5.2 Service Providers / Sub-processors

We share information with vendors that help us operate the Service, including cloud hosting, database, security, email, analytics, customer support, payment processing, and AI/model-inference providers. These vendors are contractually required to protect information and to Process it only on our instructions. A list of categories of sub-processors is available on request.

5.3 Legal and Safety

We may disclose information to comply with applicable law, valid legal process (subpoenas, court orders, search warrants), governmental or regulatory requests, or to protect the rights, property, or safety of Twintro, our Users, or others, including in connection with fraud prevention or investigation of suspected violations of our Terms.

5.4 Business Transfers

If Twintro, LLC is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to appropriate safeguards. You will be notified, where required, of any change in controller.

5.5 Aggregated and De-Identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you (for example, aggregated usage statistics or trends about professional skills) without restriction.

5.6 With Your Consent

We may share information for any other purpose with your consent or at your direction.

6. Public Profile, Search Indexing, and Information You Choose to Make Public

Your Digital Card and Personas are designed to be user-controlled. They are not broadly discoverable unless you take an action that makes them visible, such as publishing a public Digital Card, sharing your Twintro link, joining a Workforce Orbit, accepting or initiating a Handshake, participating in an event or networking context, or otherwise enabling visibility settings within the Service.

When you make your Digital Card or Persona visible, the information you have configured for display may become available to other Users, Orbit participants, event participants, recipients of your shared link, visitors to your public page, or other people depending on the visibility context you selected.

If you publish a Digital Card to a public vanity URL, such as https://twintro.com/<handle>, that page may be indexed by search engines, fetched by third-party crawlers, previewed through social-sharing metadata, shared, screenshotted, cached, archived, or copied by third parties in ways Twintro cannot fully control or reverse.

You may hide, unpublish, restrict, leave an Orbit, retract, or delete your Digital Card or Persona from your dashboard at any time. When you do so, we will stop displaying the content through the Service according to your selected settings. However, copies, caches, screenshots, messages, links, or excerpts that were already accessed, shared, saved, or retrieved by others may persist outside Twintro's control.

You are responsible for choosing what information to share, what contact methods to expose, which Orbits to join, and when to hide, restrict, unpublish, or delete your Digital Card or Persona.

7. International Data Transfers

Twintro is operated from the United States. By using the Service, you understand that your information will be transferred to, stored, and Processed in the United States and in other countries where we or our service providers operate. Privacy laws in those countries may differ from those in your country of residence.

For transfers of Personal Data from the European Economic Area, the United Kingdom, or Switzerland to the United States or other third countries, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, the EU-U.S. Data Privacy Framework where applicable, and supplementary measures. You may request a copy of the safeguards by contacting privacy@twintro.com.

8. Data Retention

We retain Personal Information only as long as necessary to provide and maintain the Service, comply with legal obligations, resolve disputes, and enforce agreements. Typical retention practices include:

• Account, Knowledge Base, and Digital Card content: for the life of your Account, plus a reasonable wind-down period after Account closure (typically up to 90 days) during which content may be restored on request.
• Concierge conversations and Messages: retained as part of your Account so that you (and the User on the other side, as applicable) can review prior exchanges, subject to deletion on request consistent with applicable law.
• Diagnostics, logs, and security data: typically retained for up to 24 months for security and audit purposes.
• Payment records and tax documentation: retained for the period required by applicable financial and tax laws.
• Aggregated or de-identified information: may be retained for longer where permitted by law.

Even after deletion from your Account, copies of public information that you previously shared (including cached copies of Public Profiles or content forwarded through the Concierge or Messages) may persist outside our control.

9. Security

We maintain administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, alteration, disclosure, or destruction, including encryption in transit, access controls, logging, and personnel training. No system is 100% secure, and we cannot guarantee absolute protection. If we become aware of a security incident affecting your Personal Information, we will notify you and applicable regulators where required by law.

You are responsible for the security of your credentials and devices. Notify us at support@twintro.com if you suspect unauthorized access to your Account or believe you have discovered a security vulnerability.

10. Your Rights and Choices

Depending on your jurisdiction, you may have rights to:

• Access: obtain confirmation that we Process your Personal Information and a copy of that information.
• Correction: request that we correct inaccurate or incomplete Personal Information.
• Deletion: request deletion of your Personal Information, subject to certain exceptions (for example, where retention is required by law).
• Portability: request a copy of your Personal Information in a portable, machine-readable format.
• Restriction or Objection: object to or restrict certain Processing, including Processing based on legitimate interests, profiling, or direct marketing.
• Withdraw Consent: where Processing is based on consent, withdraw your consent at any time without affecting the lawfulness of Processing before withdrawal.
• Appeal: appeal our decision on a rights request (see Section 11.2 for the Colorado-specific appeal process).
• Complain to a Supervisory Authority: lodge a complaint with your local data-protection authority.

To exercise rights, email privacy@twintro.com. We may need to verify your identity before fulfilling a request and may decline requests where permitted by law (for example, where complying would infringe another person's rights). We will respond within the timeframes required by applicable law (generally 45 days under CCPA/CPA and one month under GDPR). We will not discriminate against you for exercising your privacy rights.

You can also exercise basic choices directly in the Service: edit or remove Knowledge Base entries, unpublish or delete your Digital Card, manage Persona visibility, opt out of marketing emails, manage cookies, and close your Account from the dashboard.

11. Region-Specific Privacy Notices

11.1 California Residents (CCPA / CPRA)

This section supplements this Policy and applies to California residents. Twintro does not sell Personal Information and does not share Personal Information for cross-context behavioral advertising. In the preceding 12 months, we have collected and disclosed the following categories of Personal Information (categories as defined under Cal. Civ. Code §§1798.140):

As a California resident, you have the rights to know, access, correct, delete, port, and limit the use of Sensitive Personal Information, and the right not to be discriminated against for exercising your rights. To exercise these rights, contact privacy@twintro.com. You may also designate an authorized agent to act on your behalf. We honor opt-out preference signals such as the Global Privacy Control (GPC) where required by law. We do not engage in sales or sharing for cross-context behavioral advertising, so a “Do Not Sell or Share My Personal Information” link is not applicable; you may still submit a request to confirm this.

11.2 Colorado Residents (CPA)

Colorado residents have rights to access, correction, deletion, portability, and to opt out of (a) sales, (b) targeted advertising, and (c) profiling in furtherance of decisions producing legal or similarly significant effects. We do not sell Personal Information, do not engage in targeted advertising, and do not use the Service to make legal or similarly significant decisions about Colorado consumers without human involvement; if you believe an Output has produced such an effect, you may request human review.

If we deny a rights request, you may appeal by replying to our response or emailing privacy@twintro.com with the subject line “Privacy Appeal.” We will respond within 45 days. If your appeal is denied, you may contact the Colorado Attorney General at coag.gov/file-complaint.

11.3 Other U.S. State Residents

Residents of Virginia, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, New Hampshire, New Jersey, Tennessee, Minnesota, and other U.S. states with comprehensive consumer-privacy laws have rights substantially similar to those described above. Submit requests to privacy@twintro.com, and we will respond in accordance with applicable law.

11.4 European Economic Area, United Kingdom, and Switzerland

If you are located in the EEA, the UK, or Switzerland, the controller of your Personal Data is Twintro, LLC. Our legal bases for Processing are described inline in Section 4. You have the rights set out in Section 10, including the right to lodge a complaint with your local supervisory authority (for example, the Irish DPC, the UK ICO, or your national data-protection authority). For transfers of Personal Data outside the EEA, the UK, or Switzerland, we rely on the safeguards described in Section 7.

11.5 Brazil (LGPD)

If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD) substantially similar to those described in Section 10, including the right to obtain information about public and private entities with which we have shared your data. Submit requests to privacy@twintro.com.

12. Children's Privacy

The Service is intended only for individuals 18 years of age or older, as required by our Terms of Service. We do not knowingly collect Personal Information from individuals under 18. If we learn that we have collected Personal Information from an individual under 18, we will delete it consistent with applicable law. If you believe a person under 18 has provided us with Personal Information, contact privacy@twintro.com and we will take appropriate steps.

13. Cookies and Similar Technologies

Twintro uses only cookies, local storage, and similar technologies that are necessary to operate, secure, authenticate, and provide the Service. These technologies help us maintain user sessions, remember basic preferences, prevent fraud and abuse, and provide core platform functionality.

Twintro does not currently use cookies for targeted advertising, cross-context behavioral advertising, or non-essential tracking.

Because these technologies are necessary for the Service to function, they cannot be disabled through Twintro. You may control cookies through your browser settings, but blocking or deleting cookies may cause parts of the Service to stop working correctly.

If Twintro later introduces non-essential analytics, performance, advertising, or tracking technologies that require consent under applicable law, Twintro will update this Policy and implement an appropriate consent mechanism before those technologies are used.

14. Communications, Marketing, and Auto-Generated Messages

We will send you transactional messages necessary to operate your Account (security alerts, billing receipts, policy updates). These messages are part of the Service and cannot be opted out of without closing your Account. We may also send product updates, surveys, or educational content; you may unsubscribe from those at any time via the link in the message or in your dashboard.

If you allow your Concierge to send messages on your behalf, or if you initiate Messages with another User, you are responsible for ensuring those communications comply with applicable anti-spam, telemarketing, and telecommunications laws (including the U.S. CAN-SPAM Act, the U.S. Telephone Consumer Protection Act, Canada's Anti-Spam Legislation, and the EU ePrivacy framework), including obtaining any required consents and honoring opt-out requests.

15. Third-Party Sites and Services

The Service may contain links to, or integrate with, Third-Party Services (for example, your published LinkedIn URL, code repositories, ATS platforms, or social networks). We are not responsible for the privacy practices or content of Third-Party Services. Review their privacy policies before providing them with information.

16. Changes to This Policy

We may update this Policy from time to time. We will update the “Last Updated” date at the top and, where required by law or where the changes are material, provide additional notice (for example, by email or in-product notice) before the changes take effect. Your continued use of the Service after the effective date of a revised Policy constitutes your acceptance of the revised Policy.

17. Contact Us

For privacy questions, requests, or complaints, contact us:

Twintro, LLC — Privacy Team

• General: support@twintro.com
• Privacy: privacy@twintro.com
• Legal: legal@twintro.com

© 2026 Twintro, LLC. All rights reserved. “Twintro,” the Twintro logo, “Workforce Orbits,” “Handshake,” “Deep Dive,” “Digital Card,” and “Concierge” are trademarks of Twintro, LLC.