Privacy Policy
Mar 11, 2025
1. Introduction
Welcome to TwinMind (“TwinMind,” “we,” “us,” or “our”). We are committed to protecting your privacy and safeguarding your personal information. This Privacy Policy outlines our practices regarding the collection, use, disclosure, and protection of personal information when you use our website (www.twinmind.com), mobile applications (including our iPhone app), Chrome extension, and any other products or services offered by TwinMind (collectively, the “Services”).
TwinMind (ThirdEar AI, Inc.) is a Delaware C Corporation with its principal place of business located at 745 Waverley St, Palo Alto, CA 94301, United States.
By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, you must not use our Services.
2. Key Terms
Personal Information: Any information relating to an identified or identifiable individual.
Processing: Any operation or set of operations performed on Personal Information, whether or not by automated means.
Data Controller: The entity that determines the purposes and means of processing Personal Information.
Data Processor: The entity that processes Personal Information on behalf of the Data Controller.
User (“you” or “your”): Individuals who use our Services.
Sensitive Personal Information: Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, data concerning a person’s sex life or sexual orientation, or data relating to criminal convictions and offenses.
Extension Data: Information collected through our Chrome extension, including browsing data, extension settings, and browser-specific information.
Browser Integration: The process by which our Chrome extension interacts with your web browser and our other Services.
3. Information We Collect
3.1 Information You Provide to Us
Account Information: When you create an account, we collect information such as your name, email address, phone number, username, and password. Additional optional information may include date of birth, gender, and profile picture.
Profile Information: Additional information for your user profile, such as job title, company name, industry, professional background, education, and social media profiles.
Payment Information: If you make a purchase or subscribe to our paid services, we collect payment card details and billing information. This information is processed by our third-party payment processors and is not stored directly on our servers.
Authentication Information Security: We use a third-party identity provider to manage user authentication that handles all password-related processes, multi-factor authentication (if enabled), and login activity logs. We receive only the necessary authentication tokens and user identifiers to secure your account and track session events. Access to these authentication records is strictly limited to essential security operations.We do not store passwords on our servers.
User Content: We collect and store the content you create, upload, or receive from others when using our Services, including:
Audio Recordings: Our app can detect ambient conversations (on-device) to provide AI-driven summaries and proactive information. Please note that we never store raw audio recordings anywhere; only the resulting text transcripts are stored (unless you enable Private Mode—see Section 4.6).
Transcripts: Transcriptions of audio recordings. By default, these transcripts are stored securely on our cloud servers to allow retrieval and syncing across devices unless you opt for Private Mode.
Notes and Annotations: Any notes or comments you add.
Documents and Files: Any files you upload to our Services are processed only to provide the requested functionality, and we do not permanently store the raw files on our servers. After processing, any original file data is discarded.
Messages and Communications: Communications within our Services.
Google Calendar Data: With your explicit consent, we access your Google Calendar data, including event titles, descriptions, dates, times, attendees, and other related information, to personalize your experience.
Communication Information: If you contact us directly, we may receive additional information such as your name, email address, phone number, and the contents of any message or attachments you send.
Survey Responses: We may collect your responses to surveys for research, product development, or marketing purposes.
Job Application Information: If you apply for a job with us, we collect information you provide in your application.
Feedback and Reviews: If you provide feedback or leave a review, we collect that information along with any additional information you provide.
Marketing and Communications Preferences: We collect your preferences for receiving marketing communications from us and our third-party partners.
3.2 Information We Collect Automatically
When you use our Services, we automatically collect certain information, including:
Device Information: Information about the devices you use to access our Services.
Log Data: Our servers automatically record information such as IP address, browser type, operating system, and usage patterns.
Location Information: We may collect information about your actual or approximate location.
Usage Data: Information about how you use our Services, including interactions with features and content. Our extension processes webpage content necessary for providing our services, including text, structural elements, and metadata from websites you visit while using our extension. This processing may include temporary access to webpage elements such as text, metadata, and document structure. Any content processing is performed primarily on your device, with only necessary data transmitted to our servers for feature functionality. We cache processed content temporarily and only retain it for the duration necessary to provide our services, typically no longer than 24 hours. You can clear cached content at any time through your browser settings.
Cookies and Similar Technologies: We use cookies and similar technologies to collect information about your browsing activities.
Error Reports and Performance Data: We collect data about errors or crashes that occur while you’re using our Services.
3.3 Information We Receive from Third Parties
Third-Party Services: If you choose to link our Services to a third-party account (such as Google), we may receive information from that service. Specifically, with your explicit consent, we access your Google Calendar data to enhance your experience.
Partners and Affiliates: We may receive information about you from our business partners and affiliates.
Public Sources: We may collect information about you from publicly available sources.
Advertisers and Ad Networks: We may receive information from advertisers and ad networks about your interactions with their advertisements.
Data Providers: We may acquire additional information about you from third-party data providers.
Referrals: If someone refers you to our Services, we may receive information about you from that person.
Note on Chrome Extension Permissions
The Chrome extension requires specific permissions to function, including access to browser tabs, navigation data, and local storage access for settings and preferences. Each permission is strictly limited to essential functionality, and users can review and modify these permissions through their browser settings.
4. How We Use Your Information
We do not sell personal information to external parties. Data sharing with third-party service providers is limited to enhancing or enabling our services and is conducted in compliance with our privacy standards. We do use certain data processors (such as hosting, analytics, and cloud service providers), but we do not share or trade user data with unrelated third parties.
4.1 Providing and Improving Our Services
Personalization with Google Calendar Data: We use your Google Calendar data to personalize your experience by providing AI-driven scheduling suggestions, reminders, and event recommendations that align with your preferences and availability.
Audio Analysis and Summarization: Our app can detect ambient conversations on-device (with your consent) to provide summaries and proactive information through our AI assistant. We never save raw audio; only text transcripts may be uploaded to the cloud if you are in the default (non-Private) Mode.
Service Delivery: To provide, operate, maintain, improve, and promote our Services.
Development of New Features: To develop new products, services, features, and functionality.
Transaction Processing: To process and complete transactions and send you related information.
Communication: To send transactional messages, respond to your comments, and provide customer support.
Analytics: To monitor and analyze trends, usage, and activities to better understand how users access and use our Services.
Security: To investigate and prevent fraudulent transactions, unauthorized access, and other illegal activities.
4.2 Research and Development
AI Model Improvement: To create de-identified and/or aggregated data sets used to improve our AI models and algorithms (excluding Google user data).
Feature Testing: To test, analyze, and research new features and functionality.
User Research: To conduct surveys and other research activities to better understand our users.
4.3 Marketing and Advertising
Communications: To send you marketing and promotional communications in accordance with your preferences.
Personalized Advertising: We do not use your Google Calendar data or recorded audio for advertising purposes.
4.4 Legal and Safety
Compliance: To comply with legal obligations and respond to lawful requests.
Enforcement: To enforce our Terms of Service and other legal terms and policies.
Protection: To protect our rights, privacy, safety, or property, and that of our affiliates, you, or others.
4.5 Other Purposes
Consent-Based Uses: With your consent or at your direction.
Disclosed Purposes: For any other purpose disclosed by us when you provide the information.
4.6 Default Cloud Storage vs. Private Mode
Important: Private Mode is currently available only in our iOS app. The Chrome extension does not offer a Private Mode and operates via cloud-based processing.
Default (Cloud) Mode
By default, transcripts of your conversations are stored in our cloud servers. This enables features such as cross-device syncing, retrieval of past conversations, and backup.
Data Storage: Transcripts are encrypted at rest on our servers and in transit. However, if you remain in the default mode, your conversation history is accessible across your logged-in devices.
Deletion: You may request permanent deletion of transcripts by emailing us at support@twinmind.com. Please note that data may persist in backups for a limited time.
Private Mode
Opt-In: You can enable Private Mode at any time in your profile settings. Private Mode ensures that transcripts of your conversations are not stored in the cloud (i.e., they remain on your device).
Feature Limitations: If you enable Private Mode, you will not be able to sync transcripts across multiple devices or retrieve any prior conversations if you switch devices or uninstall the app.
Storage of Some Metadata: Even in Private Mode, we may still collect certain usage analytics and minimal records (e.g., for billing or service diagnostics). However, your conversation transcripts will not be uploaded to our servers.
Reversion to Default: You can disable Private Mode at any time, but any transcripts that were never uploaded while Private Mode was active will not appear on other devices.
5. Legal Bases for Processing (for EEA and UK Users)
We process your personal information based on the following legal grounds:
Performance of a Contract: Processing is necessary to provide you with our Services.
Legitimate Interests: Processing is based on our legitimate interests, which are not overridden by your rights.
Consent: We rely on your consent to process certain personal information, such as accessing your Google Calendar data and detecting ambient conversations (for on-device transcription).
Legal Obligation: Processing is necessary to comply with legal obligations.
6. How We Share Your Information
6.1 With Service Providers and Business Partners
We may share your information with third-party data processors who perform services on our behalf, such as cloud storage providers, data analytics providers, customer support services, payment processors, and security and fraud prevention services. We do not consider such processors as “third parties” in the context of selling or renting data. They are contractually bound to use your data only for the services they provide to us.
6.2 With Affiliates
We may share your information with our affiliates, who are required to honor this Privacy Policy.
6.3 For Business Transfers
In the event of a merger, sale, or transfer of assets, your personal information may be transferred.
6.4 With Your Consent
We may share your personal information when we have your explicit consent.
6.5 For Legal Reasons
We may disclose your information to comply with legal obligations or protect the rights, property, or safety of TwinMind, our users, or others.
6.6 In Aggregated or De-identified Form
We may share aggregated or de-identified information that cannot reasonably be used to identify you.
7. Data Retention
We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy.
Account Information: Retained as long as your account is active and for a reasonable period thereafter. Website content processed by our extension is retained only temporarily for immediate service functionality, typically cleared when you close your browser or explicitly clear your cache. Authentication-related data is maintained for the duration of your account activity plus a security retention period of 30 days after account closure to protect against unauthorized access attempts.
User Content (Including Google Calendar Data and Transcripts): Retained as long as you maintain your account unless you delete such content or request its deletion. After account deletion, we may retain this content for a reasonable period for backup or legal purposes.
Usage Data: Retained typically no more than 14 months unless necessary for security or legal obligations.
Marketing Information: Retained until you opt-out or withdraw consent.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal information, including:
Encryption: We anonymize or de-identify stored data so it cannot be directly linked to your personal identity. Our security measures are periodically reviewed and updated to maintain a robust level of protection for your information.
Access Controls: Access to personal information is restricted to authorized personnel who require it to provide our Services.
Regular Security Audits: We conduct audits to ensure the effectiveness of our security measures.
Employee Training: Our employees are trained on data protection and security.
Incident Response Plan: We maintain a response plan to manage data security incidents.
Physical Security: We have implemented physical safeguards to protect data stored on our premises.
Third-Party Assessments: We conduct assessments to ensure that our third-party providers meet our security standards.
9. Your Rights and Choices
Access and Portability: You have the right to request access to the personal information we hold about you and to request it in a portable format.
Correction: You have the right to request that we correct any inaccurate personal information.
Deletion: You have the right to request that we delete your personal information, including transcripts and Google Calendar data (subject to backups and legal requirements).
Restriction: You have the right to request that we restrict the processing of your personal information.
Objection: You have the right to object to our processing of your personal information.
Withdraw Consent: You can withdraw your consent for us to access your Google Calendar data or detect ambient audio at any time.
Data Processing Opt-Out: You may opt-out of certain data processing activities.
Do Not Track: Our Services do not currently respond to “Do Not Track” signals.
Right to Lodge a Complaint: If you are in the EU, you have the right to lodge a complaint with a supervisory authority.
To exercise any of these rights, please contact us at support@twinmind.com.
10. Data Transfers
We process and store information in the United States and other countries. We implement appropriate safeguards for international data transfers, such as:
Standard Contractual Clauses (SCCs)
Binding Corporate Rules (BCRs)
Data Processing Agreements (DPAs)
Technical Measures: Including encryption and pseudonymization
All data is primarily stored and processed in the United States. By using our Services, you consent to the transfer of your personal information to countries outside of your country of residence.
11. Children’s Privacy
Our Services are not directed to children under 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from children under these ages.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by updating the “Effective Date” at the top of this Privacy Policy and, where appropriate, provide additional notice.
13. Third-Party Links and Services
Our Services may contain links to third-party websites and services. We are not responsible for their content or privacy practices.
14. California Privacy Rights
If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know, delete, correct, opt-out, and limit the use of sensitive personal information.
To exercise your California privacy rights, please contact us at support@twinmind.com
15. Automated Decision Making
We may use automated decision-making in operating our Services. When we do so, we implement suitable measures to safeguard your rights, including:
Information Provision: Explaining the logic involved in the automated decision.
User Control: Allowing you to express your point of view, request human intervention, or contest the decision.
16. Sensitive Personal Information
We do not intentionally collect or process sensitive personal information without your explicit consent unless permitted by applicable law.
17. Consent and Age Restrictions
You must be at least 18 years old to use our Services. By using our Services, you represent that you are at least 18 years old.
18. Compliance with Global Privacy Regulations
This Privacy Policy is designed to comply with various global privacy regulations, including:
General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA)
Personal Information Protection and Electronic Documents Act (PIPEDA)
Privacy Act 1988 in Australia
Protection of Personal Information Act (POPIA) in South Africa
19. Accountability and Governance
We have implemented a comprehensive privacy governance framework, including:
Privacy Office Led by Our Data Protection Officer
Regular Privacy Impact Assessments (PIAs)
Employee Training
Internal Audits
Data Protection Steering Committee
20. Data Protection Officer
Name: Manohar Devarapalli
Email: support@twinmind.com
Phone: +1 (341) 204-2230
21. Contact Us
If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at:
ThirdEar AI, Inc.
251 Little Falls Drive, Wilmington DE 19808
United States
For users in the European Union, you have the right to lodge a complaint with your local data protection authority.
Additional Disclosures for Google API Services
To comply with Google’s API Services User Data Policy and Google’s verification requirements, we provide the following additional disclosures:
Scope of Access: With your explicit consent, we access your Google Calendar data, including event titles, descriptions, dates, times, attendees, and other related information.
Purpose of Access: We use your Google Calendar data to:
Provide AI-driven scheduling suggestions.
Offer reminders and proactive information.
Enhance your experience by integrating calendar events with our AI assistant’s functionalities.
Limited Use: In compliance with Google’s Limited Use requirements, we use your Google Calendar data solely to provide or improve user-facing features that are prominent in our app’s user interface. We do not use this data for any other purposes.
No Targeted Advertising or Resale: We do not use Google user data for targeted advertising, nor do we sell, rent, or otherwise provide it to data brokers, information resellers, or other third parties.
No Credit or Lending Decisions: We do not use Google user data to determine credit-worthiness, for lending purposes, or for any other financial eligibility assessments.
No AI Model Training or Databasing: We do not use Google user data to train AI models, build databases for unrelated analysis, or for any other purpose beyond providing and improving user-facing features within our application.
Data Storage and Security Specific to Google Data: Google Calendar data is encrypted both in transit and at rest using industry-standard encryption protocols. Access to this data is restricted to authorized personnel who require it to provide our Services.
Data Sharing: We do not share your Google Calendar data with any third parties except as necessary to provide our Services, comply with legal obligations, or as outlined in this policy.
User Consent and Control: You will be prompted to grant permission for us to access your Google Calendar data during the account setup process via Google’s OAuth 2.0 consent screen.
Revoking Access: You can revoke our access to your Google Calendar data at any time through your Google account settings at https://myaccount.google.com/permissions.
By providing this comprehensive Privacy Policy, we aim to be transparent about our data practices and ensure compliance with all applicable laws and third-party requirements, including Google’s API Services User Data Policy.