Twine Privacy Policy

Last updated: 11 June 2026

Twine is operated by Nikky Amresh, an individual developer based in Bangalore, India ("we", "us", "the developer"). This policy explains what data the Twine mobile apps (iOS and Android) and the Twine website collect, why, who it is shared with, and the choices and rights you have. It is written to satisfy the Apple App Store and Google Play requirements, the EU/UK GDPR, India's Digital Personal Data Protection Act 2023 (DPDP), and the California privacy laws.

Contact and grievance officer: [email protected]

In one paragraph

Twine is a private space for two people. Almost everything you put into Twine — your notes, dates, wishes, journal photos, watchlist, and any location tags — is end-to-end encrypted on your device before it is uploaded. Our servers store only unreadable ciphertext; the keys never leave your and your partner's devices. We can see your account email, the fact that your account is paired with your partner's, and basic operational metadata needed to run the service. We do not sell your data, we do not show ads, and we do not run third-party analytics or tracking.

1. Who this applies to

Twine is intended for adults. You must be 18 or older to use Twine. Twine is not directed at children, and we do not knowingly collect personal data from anyone under 18. If we learn we have, we will delete it. (We use 18 because India's DPDP Act treats anyone under 18 as a child; this single age limit also satisfies COPPA and GDPR digital-consent rules.)

2. What we collect

2a. Data we can read

Account identity. Your email address and a Firebase user ID. If you sign in with Google or Apple, we receive the basic identity those services return (name and email; Apple lets you hide your email behind a relay).
Pairing metadata. The fact that your account is linked to your partner's account.
Operational metadata. Timestamps of when you sync or change something, the type of item changed (for example "a date was updated") used only to route a content-free notification to your partner, ciphertext object sizes and counts, and a per-couple activity cursor. Secret wishes and surprise dates never generate any notification.
Push token. A Firebase Cloud Messaging device token so we can deliver notifications. Notification payloads never contain your content.
Network and device data. Your IP address, app version, and request logs, held transiently for security, abuse prevention, and operating the service.
TMDB search text. When you search for a movie or show, your search text passes through our proxy to TMDB so we can return results. We do not store it alongside your identity; your saved watchlist entries are stored encrypted.

2b. Data we cannot read (end-to-end encrypted)

The content of your notes, dates, wishes, journal entries, photos, and location tags is encrypted on your device using modern end-to-end encryption (X25519 key exchange with XChaCha20-Poly1305). The encryption keys and your 12-word recovery phrase never leave your and your partner's devices. Our servers, our database, and our file storage only ever hold ciphertext. We cannot read this content, moderate it, hand it to anyone in readable form, or recover it for you.

Important consequence: if you lose access to all of your devices and your 12-word recovery phrase, we cannot recover your content. There is no backdoor.

2c. The one exception: the AI "date from a picture" feature

If, and only if, you choose to use the optional "create a date from a picture" feature, the single photo you pick is sent once, unencrypted, to Groq, Inc. to generate a date suggestion. This happens only with your explicit per-use action. The photo is not stored by us, and per Groq's API terms it is not retained by Groq or used to train models. This is the only time your content leaves your device in a form a server can read.

2d. What we do NOT collect

We do not use advertising identifiers, we do not run third-party analytics SDKs, we do not access your contacts, and we do not track you across other apps or websites. We do not sell or "share" your personal information (as those terms are defined under California law). There is no automated decision-making or profiling.

3. Why we use your data (purposes and legal bases)

Purpose	Data used	GDPR legal basis
Create and run your account, sync, deliver notifications	Email, user ID, push token, ciphertext, metadata	Performance of a contract (Art. 6(1)(b))
Optional location tags on memories	Location (encrypted)	Consent (Art. 6(1)(a))
Optional "date from a picture" AI feature	The photo you pick	Consent (Art. 6(1)(a))
Security, abuse prevention, debugging	IP, logs, device/app version	Legitimate interests (Art. 6(1)(f))

You can withdraw consent for the location and AI features at any time using the in-app toggles; withdrawing is as easy as granting.

4. Who we share data with

We use the following processors and service providers. Each receives only what is listed; none receives your readable content (except Groq, only as described in §2c).

Provider	Receives	Role
Google LLC (Firebase Authentication, Cloud Messaging)	Email / sign-in identity, user ID, push token, IP	Identity and push delivery
Cloudflare, Inc. (Workers, D1, R2, KV)	Ciphertext, routing metadata, IP, request logs	Hosting and encrypted storage
Groq, Inc.	One chosen photo per opt-in use of the AI feature	AI date suggestion; not stored, not used for training
TMDB	Movie/TV search text via our proxy; no account data	Movie and show metadata
Mapbox, Inc. (when maps are enabled)	Map tile requests (IP, device metadata), SDK telemetry	Maps; you can opt out of Mapbox telemetry in the map's info control

We do not sell your personal information and we do not share it for advertising. We may disclose data if required by law, but because your content is end-to-end encrypted, the most we can ever produce is account data, metadata, and unreadable ciphertext.

International transfers. Our providers operate globally, including in the United States. Where applicable, transfers rely on Standard Contractual Clauses and the providers' Data Privacy Framework certifications.

TMDB attribution. This product uses the TMDB API but is not endorsed or certified by TMDB.

5. How long we keep data, and deletion

We keep your data for as long as your account exists.
You can delete your account at any time from within the app (Profile → Delete account) or by requesting deletion at our deletion page without reinstalling the app.
When you delete your account, we delete your account record (Firebase Auth), email, and push tokens, and the ciphertext we hold for you, from production systems within 30 days.
What happens to the shared space: when one partner deletes their account, the couple space is dissolved and the deleting user's server-side ciphertext is deleted. Your partner's device-local copy of shared memories may remain on their device.
Backups and logs. Deleted data may persist in encrypted backups and transient logs for up to 35 days before automatic purge, and our infrastructure providers retain limited operational logs per their own policies. Anything in backups remains ciphertext that no one holds the keys to once your devices are gone.

6. Your rights

Everyone: you can access, correct, export, or delete your account data, and withdraw consent for optional features. Email [email protected]. Because content is end-to-end encrypted, an access/export request can only return what we hold: your account data, metadata, and ciphertext.

EEA/UK (GDPR): you also have the rights to restriction, objection, and portability, and the right to lodge a complaint with your local supervisory authority. Because your content is end-to-end encrypted, we do not process readable special-category data.

India (DPDP Act 2023): you have the rights to access, correction, erasure, grievance redressal, and nomination, and the right to complain to the Data Protection Board of India. Our grievance contact is [email protected]. We will notify affected users and the Board of a personal-data breach as required.

California (CCPA/CPRA, CalOPPA): we do not sell or share personal information and do not use it for cross-context behavioural advertising. Categories of personal information we collect (identifiers such as email and user ID, internet activity such as logs, and the content you store, encrypted) and the categories of third parties we disclose to (the processors in §4) are described above. We honour Global Privacy Control / Do Not Track signals to the extent they apply; we do not track users for advertising in any case.

7. Security

Content is end-to-end encrypted on your device before upload. All network traffic uses TLS. Encryption keys live in your device's secure keystore, and account recovery uses a 12-word phrase you alone control. We never log plaintext content or keys.

8. Changes to this policy

If we make material changes, we will update the "Last updated" date and, where appropriate, notify you in the app. Continued use after an update means you accept the revised policy.

9. Contact

Nikky Amresh — Bangalore, India
Email / grievance officer: [email protected]