TwinMind Privacy Policy

1. Introduction

Welcome to TwinMind ("TwinMind," "we," "us," or "our"). We build AI-powered tools that help you record, transcribe, search, and summarize meetings and conversations.

This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use:

• Our website (www.twinmind.com and www.twinmind.ai)

• Our mobile applications (iOS and Android)

• Our Chrome extension and desktop integrations

• Any other products or services that link to this Policy

(collectively, the "Services").

TwinMind (Legal name: ThirdEar AI, Inc.,) is a Delaware corporation with its registered address at 251 Little Falls Drive Wilmington DE 19808

By using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

Our Core Privacy Commitments

2. Recording Consent and Your Legal Responsibilities

⚠️ CRITICAL NOTICE — READ THIS SECTION CAREFULLY

Our Services enable you to record, transcribe, and process audio content, including conversations with other individuals. You are solely responsible for ensuring that your use of our recording and transcription features complies with all applicable federal, state, local, and international laws, including laws governing the recording of communications ("Recording Laws").

2.1 Two-Party and All-Party Consent Jurisdictions

Many jurisdictions require the consent of ALL parties to a conversation before recording. These include, but are not limited to:

United States Two-Party Consent States: California, Connecticut, Delaware, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Oregon, Pennsylvania, Vermont, and Washington.

International Jurisdictions: United Kingdom, Germany, France, Spain, Italy, Netherlands, Australia, Canada (varies by province), Japan, South Korea, Brazil, India (varies by context), and many others.

2.2 Your Obligations

Before using ANY recording or transcription feature, YOU MUST:

1. Determine Legality: Ensure recording is lawful in your jurisdiction AND the jurisdictions of all participants.
   
   
   

2. Obtain Consent: Obtain all required consents, permissions, and authorizations from ALL participants BEFORE initiating recording.
   
   
   

3. Provide Notice: Give clear and conspicuous notice to all parties that the conversation is being recorded.
   
   
   

4. Maintain Records: Keep records of consent where appropriate.
   
   
   

5. Comply with Third-Party Terms: Follow the terms of any third-party platforms (Zoom, Google Meet, Teams, etc.).

2.3 TwinMind's Role

• TwinMind provides tools. We do NOT monitor or verify your compliance.

• TwinMind does NOT automatically notify participants that they are being recorded.

• TwinMind is NOT responsible for your violations of Recording Laws.

• We reserve the right to terminate accounts that violate Recording Laws.

2.4 Consequences of Non-Compliance

Violations of Recording Laws may result in:

• Significant civil liability (damages, injunctions, statutory penalties)

• Criminal penalties (fines, imprisonment in some jurisdictions)

• Account termination

• Required indemnification of TwinMind (see Terms of Service)

If you are uncertain about legal requirements, consult a qualified attorney before using recording features.

3. Key Terms

4. Information We Collect

4.1 Information You Provide

Account & Contact Information

• Email address (required for login and security)

• Name and profile details (optional)

• Job title, company, industry (optional)

We use third-party authentication (e.g., Auth0/Firebase). We do not store your password.

Payment Information

• Billing details processed by our payment processor (Stripe)

• We do NOT store full credit card numbers

User Content

Connected Accounts (with your explicit consent)

• Google Calendar: Event titles, descriptions, times, attendees, meeting links

• Other integrations as you authorize

Communications

• Support requests, feedback, survey responses

4.2 Information Collected Automatically

Device & Log Information

• IP address and approximate location (derived from IP)

• Device identifiers, OS version, browser type, app version

• Time zone, language, crash reports

Usage Analytics

• Feature usage, session data, performance metrics

• We use analytics services (Amplitude / similar) to understand and improve the Services

• We do NOT use this to serve behavioral ads based on your meeting content

Location Information

• Approximate location via IP (for compliance and analytics)

• GPS-level location ONLY with explicit device permission, ONLY for context-aware features

• We do NOT create continuous location history or share location with advertisers

Chrome Extension Data

• URLs and metadata of tabs where you invoke the extension

• Page content necessary for contextual features

• Processed as much as possible on-device; cached temporarily (typically ≤24 hours)

Cookies & Similar Technologies

• Essential cookies (security, login, load balancing)

• Functional cookies (preferences)

• Analytics cookies (usage metrics)

• We obtain consent where required by law (EU/UK)

4.3 Biometric Information

⚠️ IMPORTANT NOTICE FOR USERS IN ILLINOIS AND OTHER JURISDICTIONS WITH BIOMETRIC PRIVACY LAWS (INCLUDING BIPA, TEXAS CUBI, WASHINGTON MHMDA)

To provide features such as Speaker Diarization (identifying "Speaker A" vs. "Speaker B"), our systems analyze voice characteristics. This analysis may constitute Biometric Data under applicable laws.

By using features that process voice data, you expressly consent to the following:

1. Purpose: We collect and process Biometric Data solely to provide the Services, including speaker identification, transcription accuracy improvement, and personalization.
   
   
   

2. Retention: Biometric Data is retained only as long as necessary to provide Services, or for three (3) years from your last interaction with the Services, whichever is shorter. Upon account deletion, Biometric Data is permanently destroyed within thirty (30) days.
   
   
   

3. No Sale or Profit: We do NOT sell, lease, trade, or otherwise profit from your Biometric Data.
   
   
   

4. Disclosure: Biometric Data may be shared with service providers solely to provide Services, under contractual obligations requiring equivalent protection.
   
   
   

5. Security: We employ industry-standard security measures including encryption at rest and in transit.
   
   
   

6. Your Rights: You may request deletion of your Biometric Data at any time by contacting privacy@twinmind.com.
   
   
   

7. Third-Party Consent: If you record or process the voices of other individuals, YOU represent that you have obtained all necessary written releases or consents from those individuals to process their voice data.
   
   
   

This data is processed transiently to label transcripts and is NOT stored as a standalone voiceprint for identification against external databases.

4.4 Information from Third Parties

We may receive information from:

• Identity providers (Google Sign-In, Apple): email and basic profile

• Integrated services (calendar, conferencing tools)

• Enterprise customers (if your employer provisions your account)

• Public sources (business contact information)

5. How We Use Your Information

5.1 What We Do NOT Do

5.2 How We Use Your Information

To Provide the Services:

• Record, transcribe, summarize, and organize your meetings

• Provide search, recall, and recommendation features

• Sync data across devices (in Cloud Mode)

• Connect with third-party services you authorize

• Process payments and manage subscriptions

To Improve the Services:

• Monitor performance, reliability, and security

• Develop new features and test changes

• Analyze usage patterns (in aggregate/de-identified form)

To Communicate with You:

• Send transactional emails (security alerts, receipts)

• Send product updates and onboarding (opt-out available)

• Respond to support requests

For Legal, Security, and Compliance:

• Enforce our Terms of Service

• Detect and prevent fraud, abuse, and security incidents

• Comply with legal obligations

• Protect rights and safety

5.3 AI Models and Training

Third-Party AI Providers:

We use third-party AI and speech-to-text providers including OpenAI, Anthropic (Claude), Google (Gemini), Groq, and Fireworks AI.

Where available, we use Zero Data Retention (ZDR) or enterprise API agreements to enforce these requirements.

TwinMind's Own Models:

• We do NOT use your specific transcripts, recordings, or audio to train our proprietary AI models by default.

• We may use aggregated, de-identified usage data (e.g., "average meeting duration") to improve system performance.

• You can control model training preferences in your account settings.

Exceptions: Even if you opt out, we may use content that has been:

• Flagged for safety, security, or policy review

• Explicitly reported through feedback mechanisms

Google User Data: We do NOT use Google user data (such as Calendar information obtained via OAuth) for any model training.

5.4 Storage Modes

6. How We Share Your Information

We do NOT sell your Personal Information.

6.1 Service Providers (Processors)

We use third‑party companies and individuals to help us provide, operate, and improve the Services (“Service Providers” or “Processors”). These Service Providers process Personal Information on our behalf and only in accordance with our instructions.

We use Service Providers in categories such as:

• Cloud hosting and infrastructure (for example, providers that host our servers and databases)

• AI, speech‑to‑text, and other machine‑learning services (to transcribe audio and generate summaries and other outputs)

• Payment processing and billing

• Analytics, product usage, and crash reporting

• Email, notifications, and in‑app messaging

• Customer support tools

• Security, logging, and fraud‑prevention services

We require all Service Providers, by contract, to:

• use Personal Information only to provide services to us and not for their own purposes (such as selling data or advertising),

• protect Personal Information with appropriate technical and organisational measures, and

• process Personal Information in accordance with applicable data‑protection laws.

For enterprise customers, a more detailed list of current subprocessors is available in our Data Processing Agreement (DPA) or on request.

6.2 Affiliates

We may share data with corporate affiliates who must handle it per this Policy.

6.3 Enterprise Customers

If your employer provisions your account, administrators may have access to your account and content per their policies and our agreements.

6.4 Business Transfers

In a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of material changes.

6.5 Legal and Safety

We may disclose information to:

• Comply with laws, regulations, legal process, or governmental requests

• Enforce our Terms of Service

• Protect security and integrity of the Services

• Protect rights, property, or safety of TwinMind, users, or others

We will resist overbroad requests where legally possible and notify you where permitted.

6.6 Aggregated and De-Identified Data

We may share data that cannot reasonably identify you for analytics or research. We will not attempt to re-identify such data.

7. Data Retention

We may retain de-identified or aggregated data indefinitely.

8. Data Security

We implement comprehensive technical and organizational measures:

9. International Data Transfers

TwinMind is based in the United States. Your information may be transferred to and processed in the US and other countries.

For transfers from the EEA, UK, or Switzerland, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission or UK authorities

• Supplementary technical and organizational measures (encryption, access controls)

• Adequacy decisions where applicable

By using the Services, you acknowledge that your information may be transferred internationally as described in this Policy.

10. Your Rights and Choices

Depending on your location and applicable law, you may have:

To exercise rights: Use in-app settings or contact privacy@twinmind.com

Response time: Within 30 days (or shorter where required by law)

We may verify your identity before processing requests and may deny requests where permitted by law (with explanation).

11. Regional Privacy Rights

11.1 California (CCPA/CPRA)

California residents have rights to:

• Know what Personal Information is collected, used, and disclosed

• Delete Personal Information

• Correct inaccurate Personal Information

• Opt-out of "sale" or "sharing" (we do NOT sell or share)

• Limit use of Sensitive Personal Information

• Non-discrimination for exercising rights

We use Sensitive Personal Information only for permitted purposes (providing services, security, or as you authorize).

11.2 European Economic Area & United Kingdom (GDPR/UK GDPR)

Legal Bases for Processing:

Data Protection Officer: Manohar Devarapalli — privacy@twinmind.com

You may lodge complaints with your local supervisory authority.

11.3 Brazil (LGPD)

Brazilian users have rights to: confirmation of processing, access, correction, anonymization, portability, deletion, information about sharing, consent withdrawal, and to petition the ANPD.

11.4 India (DPDP Act)

Indian users have rights to access, correct, and erase personal data, and to grievance redressal. Data is processed based on consent or legitimate uses permitted under applicable law.

11.5 Other Jurisdictions

We comply with applicable data protection laws in jurisdictions where we operate. Contact privacy@twinmind.com for jurisdiction-specific inquiries.

12. Children's Privacy

The Services are NOT intended for and may NOT be used by anyone under 18.

We do not knowingly collect Personal Information from children under 18. If we learn a child under 18 has used the Services or provided Personal Information, we will delete that information as required by law.

If you believe this has happened, contact privacy@twinmind.com.

13. Chrome Extension Privacy

Sensitive Data Filtering: We employ commercially reasonable efforts to detect and ignore sensitive input fields (passwords, credit card forms) within the browser extension.

Active Tab Only: The extension processes data from the active tab where you invoke the service. It does NOT monitor your browsing history or passive activity across other tabs.

Data Minimization: We send only necessary data to our servers or AI providers, and cache content temporarily (typically ≤24 hours).

14. Automated Decision-Making

We use AI to generate summaries, suggestions, and outputs. These may be considered "automated decision-making" in some jurisdictions.

We do NOT use automated systems to make legal, employment, credit, or similarly significant decisions about you without human involvement.

You can always:

• Choose whether to use AI features

• Provide feedback on outputs

• Stop using the Services at any time

15. Sensitive Personal Information

We do not intentionally seek Sensitive Personal Information. If you include such information in recordings or notes, you consent to processing as described in this Policy.

Please avoid using the Services to store or process:

• Government-issued identifiers (SSN, passport numbers)

• Full payment card numbers

• Protected health information (PHI) subject to HIPAA

We do NOT currently offer HIPAA-compliant services by default. Enterprise customers requiring HIPAA compliance should contact us about Business Associate Agreements.

16. Changes to This Privacy Policy

We may update this Policy from time to time. When we do, we will:

• Update the "Effective Date" at the top

• Provide notice of material changes (email, in-app notification) where required

Your continued use after changes take effect means you accept the updated Policy.

17. Third-Party Links and Services

The Services may link to third-party websites, apps, and services. We are not responsible for their privacy practices. Review their policies before using them.

18. Additional Disclosures for Google API Services

To comply with Google's API Services User Data Policy:

• We access Google data (Calendar, etc.) only with your explicit OAuth consent

• We use Google data solely to connect meetings/events with TwinMind features

• We do NOT use Google user data for advertising, resale, or AI model training

• We store Google data securely with limited personnel access

• Revoke access anytime: https://myaccount.google.com/permissions or within TwinMind

19. User Research

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

20. Contact Us

Privacy Inquiries: privacy@twinmind.com

Data Protection Officer: Manohar Devarapalli

• Email: privacy@twinmind.com

• Phone: +1 (341) 204-2230

Mailing Address: ThirdEar AI, Inc. 251 Little Falls Drive Wilmington DE 19808 USA

EU/UK users: You may also contact your local data protection authority.