TWELLIE Preview
Sign in Get report

Twellie policy

Privacy Policy

Plain-English terms for using Twellie's buyer-side property reports, valuation logic, privacy controls, and support policies.

Twellie — Privacy Policy

Last Updated: April 19, 2026 Effective Date: April 19, 2026 Version: 2.0

Plain English summary: We collect the information you give us (account, addresses, photos, payment method) and basic technical data about how you use the Service. We use it to produce Reports, bill you, improve the Service, and send transactional email. We do NOT sell your personal information. You can download your data or delete your Account at any time from https://twellie.com/dashboard. Details below.

This Privacy Policy describes how Twellie, Inc. ("Twellie," "we," "us," or "our") collects, uses, shares, and protects personal information when you use our Service. This Policy applies to the Twellie website, mobile apps, and any other feature or product we offer. It is incorporated into our Terms of Service.

If you do not agree with this Policy, do not use the Service.

Table of Contents

  1. Information We Collect
  2. How We Collect Information
  3. How and Why We Use Information
  4. How We Share Information
  5. AI Model Providers and Your Data
  6. International Data Transfers
  7. Retention
  8. Your Rights
  9. California Privacy Rights (CCPA / CPRA)
  10. European and UK Privacy Rights (GDPR / UK GDPR)
  11. Other U.S. State Privacy Rights
  12. Cookies, Pixels, and Tracking Technologies
  13. Advertising and Analytics
  14. Security
  15. Children's Privacy
  16. Do Not Track and Global Privacy Control
  17. Third-Party Links and Services
  18. Automated Decision-Making
  19. Changes to This Policy
  20. Contact Us

1. Information We Collect

1.1 Information You Provide to Us

Account information: name (if provided), email address, password (hashed, never stored in plaintext), profile picture, phone number (optional).

Transaction and billing information: billing name, billing address, plan selected, purchase history. Credit card and bank-account details are collected and processed by our payment processor (Stripe) and are never stored on our servers.

Property information: addresses of properties you submit for analysis, property-specific photographs you upload, documents you upload (disclosures, inspection reports, titles), known issues or renovations you describe, notes.

Buyer-profile information (optional): maximum budget, down-payment amount, loan type and term, interest rate, purchase purpose (primary / investment / second home), first-time-buyer status, target rent (for investment properties), life-event context if you share it (e.g. relocation, marriage, retirement).

Support and feedback: questions, support messages, bug reports, survey responses, testimonials.

Communications: email replies, chat messages, SMS, phone calls if recorded (with notice).

1.2 Information Collected Automatically

Device and technical: IP address, browser type and version, operating system, device type, mobile advertising identifiers (IDFA, AAID) where available, device language and region, time-zone, network carrier, screen size.

Usage: pages visited, features used, clicks, taps, scroll position, session duration, referring/exiting URLs, timestamps, actions performed, error events.

Logs: server logs of API calls, authentication events, billing events, and security events.

Cookies and similar: see Section 12.

Approximate location: derived from IP address. We do NOT collect precise GPS location unless you explicitly opt in.

1.3 Information from Third Parties

Public records: county assessor data, tax records, recorder of deeds, permit databases, court records — all retrieved based on addresses you submit.

MLS / listing feeds: where we license MLS data, we receive listing details for properties you analyze.

Federal / state data: FEMA flood zones, USGS seismic maps, Census demographics, Federal Reserve mortgage rates, EPA environmental records.

Payment data: Stripe shares the last-four digits of your card, expiration, brand, and billing address for your subscription records. Stripe does not share the full card number with us.

Authentication providers: if you sign in with Google/Apple (when enabled), we receive your email and profile picture from that provider per their policies.

Advertising partners: attribution events from Meta / Facebook, Google Ads (conversions), TikTok (if enabled).

1.4 Sensitive Personal Information

We do not intentionally collect sensitive personal information (racial/ethnic origin, religious beliefs, political opinions, trade-union membership, genetic/biometric data, health data, sex-life or sexual-orientation data, precise geolocation, or government identifiers). If you voluntarily include such information in a document or note, you acknowledge you have submitted it of your own volition, and we will process it only to the extent necessary to deliver the Service.

1.5 Third-Party Personal Information

Addresses you submit may relate to properties owned by third parties. Photographs may contain images of other people or their property. You represent that you have the right to submit this information and that doing so does not violate anyone's privacy rights. We treat third-party information subject to the same protections as your own.

2. How We Collect Information

We collect information in three ways:

  • Directly from you, when you create an Account, submit a property, upload a photo or document, make a payment, contact support, or fill out a form.
  • Automatically, when you interact with the Service, via cookies, pixels, SDKs, log files, and device identifiers.
  • From third parties, as described in Section 1.3.

3. How and Why We Use Information

We use your information to:

3.1 Provide and Operate the Service

  • Create and maintain your Account;
  • Authenticate and authorize you;
  • Generate Reports (combining your address + third-party data + AI analysis);
  • Save your Report history and allow you to revisit past Reports;
  • Process payments, issue receipts, and manage your Subscription;
  • Send transactional email (report-ready notifications, receipts, security alerts, password-reset links);
  • Provide customer support;
  • Enforce quotas, rate-limits, and billing.

3.2 Improve and Develop the Service

  • Analyze usage patterns, popular features, and drop-off points;
  • Debug issues, monitor errors, and identify performance bottlenecks;
  • Train and fine-tune our own models on de-identified and aggregated data only;
  • Measure the accuracy of Reports against known outcomes (e.g., actual sale prices) to improve the model;
  • Develop new features, products, and services.

We do NOT use your identifiable personal information to train general-purpose AI models, and we do NOT train models on photographs of your home without your explicit consent.

3.3 Communicate with You

  • Transactional: receipts, report-ready, security alerts, password reset, subscription changes;
  • Service announcements: feature releases, pricing changes, scheduled maintenance, security advisories;
  • Marketing (opt-out any time): newsletters, promotional offers, product tips. We do not send marketing SMS unless you separately opt in.

3.4 Security, Fraud Prevention, and Compliance

  • Detect, prevent, and investigate fraud, abuse, scraping, and security incidents;
  • Enforce our Terms and Acceptable Use Policy;
  • Comply with legal obligations (subpoenas, court orders, tax and accounting rules, anti-money-laundering, sanctions screening);
  • Defend legal claims.

3.5 Analytics and Attribution

  • Measure ad performance via Meta Pixel / Facebook Conversions API, Google Ads, and Google Analytics 4;
  • Understand how users find us (referrers, UTM parameters);
  • Track conversion from marketing to signup to subscription to retention;
  • Run A/B experiments.

3.6 Business Operations

  • Financial reporting, tax, and accounting;
  • Auditing and compliance reviews;
  • Risk management;
  • Corporate transactions (diligence in a potential financing, merger, acquisition, or sale of assets).

3.7 Legal Basis (for users in the EU, UK, and similar jurisdictions)

  • Contract performance (Art. 6(1)(b) GDPR): we need the information to deliver the Service you requested;
  • Legitimate interests (Art. 6(1)(f) GDPR): to improve the Service, secure our systems, prevent fraud, and conduct business operations — balanced against your rights;
  • Legal obligation (Art. 6(1)(c) GDPR): tax, accounting, court orders;
  • Consent (Art. 6(1)(a) GDPR): where you have explicitly opted in (e.g. marketing emails, precise geolocation if ever requested).

4. How We Share Information

We do not sell personal information in the colloquial sense of selling data for money. We share personal information only in the ways described below.

4.1 Service Providers (Sub-Processors)

We share information with vendors who help us run the Service under binding contracts requiring them to safeguard it. Current sub-processors include:

Provider Purpose Location
Supabase, Inc. Authentication, database, file storage United States
Stripe, Inc. Payment processing, tax calculation, fraud screening United States
Resend, Inc. Transactional and marketing email United States
Sentry Error monitoring, performance tracing United States
AI business API providers AI-assisted property photo analysis and report synthesis United States
Google LLC Google Analytics 4, Google Ads United States
Meta Platforms, Inc. Meta Pixel, Facebook App Events, Conversions API United States
Cloudflare, Inc. DNS, CDN, DDoS protection (if enabled) United States
Shorebird Over-the-air Flutter updates United States
Apple, Google Mobile app distribution + in-app-purchase (where applicable) United States

An updated list of sub-processors is maintained at https://twellie.com/sub-processors.

4.2 Professional Advisers

Lawyers, accountants, auditors, insurers, and similar professionals as needed to run our business, subject to confidentiality obligations.

4.3 Corporate Transactions

If Twellie is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred to the successor entity. We will notify you of such a transaction and any material change to this Policy.

4.4 Legal and Safety Disclosures

We may disclose information:

  • To comply with a subpoena, court order, or other legal process;
  • To respond to government requests (law-enforcement, regulatory, or administrative) where legally required;
  • To enforce our Terms;
  • To protect our rights, property, or safety, or those of our users or the public (including investigating fraud or abuse);
  • In connection with an insurance claim or litigation.

Where permitted and appropriate, we will push back against overly broad requests.

4.5 With Your Consent or Direction

We will share information in additional ways when you direct us to — for example, sharing a Report with a real-estate agent or financial advisor you specify.

4.6 Aggregated or De-Identified Information

We may share aggregated or de-identified data (which cannot reasonably be linked back to you) with third parties (e.g. published market insights, partner integrations, research).

4.7 No Sale of Personal Information

We do not "sell" personal information as defined by the California Consumer Privacy Act ("CCPA") or similar laws. We also do not "share" personal information for cross-context behavioral advertising, except that our use of the Meta Pixel and similar pixels may constitute "sharing" under these laws. See Section 9 for your right to opt out.

5. AI Model Providers and Your Data

We use third-party AI business API providers to analyze property photos, synthesize Reports, and generate recommendations. When we call these providers:

  • We send a structured prompt containing property attributes, photographs, and the data we've aggregated — generally without your name or email address unless you've explicitly included them;
  • Our AI business API providers have contractual commitments not to use business-API inputs to train their foundation models. We rely on those commitments but cannot independently verify them moment-to-moment;
  • Photographs of a property may contain identifying information (a visible address number, a person's face, a license plate). We process photos as submitted; if you are concerned about third-party identifiability, do not submit photos that contain such information.

If you prefer your data not be processed by third-party AI providers, do not use the Service — our core functionality depends on them.

6. International Data Transfers

Twellie is based in the United States. We process personal information in the United States and other countries where our sub-processors operate. Data-protection laws in the United States may be less protective than those in the EU, UK, Switzerland, or your home country.

For transfers from the EU/EEA, UK, and Switzerland:

  • We rely on the European Commission's Standard Contractual Clauses (Module 2: Controller-to-Processor) with our sub-processors;
  • Where applicable, we participate in the EU-U.S. Data Privacy Framework and UK extension (if and when Twellie self-certifies);
  • We implement supplemental technical and organizational measures (encryption in transit via TLS 1.2+, encryption at rest, access controls, audit logs).

By using the Service, you consent to transfer of your information to the United States.

7. Retention

We keep personal information only as long as needed for the purposes described in this Policy, after which we delete or anonymize it. Typical retention periods:

Data Retention
Account + profile Until you delete your Account + 30 days (then purged from backups within 90 days)
Reports Until you delete them, or 7 years after your last login (whichever is earlier)
Payment and billing records 7 years (tax / accounting / audit compliance)
Support tickets and correspondence 3 years
Server logs (containing IP, request data) 90 days
Analytics (GA4, Meta Pixel) Per those providers' default retention (typically 14-26 months)
Legal hold / litigation data Duration of the hold or matter

Where longer retention is required by law (e.g. tax records), we keep information only as long as that obligation requires.

8. Your Rights

Subject to applicable law, you have the right to:

  • Access: request a copy of the personal information we hold about you;
  • Correct: update inaccurate or incomplete information (most fields are editable from your Account settings);
  • Delete: request deletion of your personal information, subject to exceptions (legal hold, tax records, anti-fraud); see Section 8.5;
  • Portability: receive a machine-readable export of your personal information;
  • Restrict or object: limit or object to certain processing (for example, marketing);
  • Withdraw consent: where we process on the basis of consent, withdraw it (without affecting the lawfulness of processing before withdrawal);
  • Opt out of marketing: unsubscribe at any time;
  • Complain to a regulator: if you believe we have violated your rights (see Section 10.4 for EU/UK authorities).

8.1 How to Exercise Your Rights

Most rights can be exercised from your Account:

  • Data Export: https://twellie.com/dashboard → Privacy → Export My Data. We return a JSON file with your Account, Reports, and usage.
  • Account Deletion: https://twellie.com/dashboard → Privacy → Delete My Account. Deletion is permanent after a 7-day grace period.
  • Email marketing opt-out: click "unsubscribe" in any marketing email.

For all other requests (or if the above tools are unavailable for any reason), email privacy@twellie.com from the address associated with your Account. We respond within 30 days (45 for complex requests) as required by CCPA/GDPR.

8.2 Identity Verification for Sensitive Requests

To prevent unauthorized disclosure, we will verify your identity before honoring a deletion or access request. Verification may include confirming you control the email on file, answering security questions, or providing a government-issued ID (redacting sensitive fields). We delete verification materials after the request is fulfilled.

8.3 Authorized Agents

You may designate an authorized agent to make a request on your behalf. We may require proof that the agent has your written authorization.

8.4 No Discrimination

We will not deny, charge different prices, or provide a different level of service because you exercised your privacy rights.

8.5 Deletion — What Actually Happens

When you delete your Account:

  • Your profile, Reports, and uploaded files are marked for deletion within 24 hours;
  • Hard deletion from primary databases within 7 days (to allow recovery from accidental clicks);
  • Removal from backups within 90 days as backup cycles roll over;
  • We retain minimum billing records, legal-hold data, and anti-fraud signals as required by law (e.g. tax records);
  • De-identified aggregate data (not linkable to you) may be retained indefinitely.

Your email may also remain on a suppression list to honor your deletion (i.e., to prevent accidental re-enrollment).

9. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

9.1 Categories Collected (Past 12 Months)

CCPA Category Examples Collected?
Identifiers email, account ID, IP, device ID
Personal information (Cal. Civ. Code § 1798.80) name, address, phone ✅ (when you provide)
Protected classifications race, religion, etc.
Commercial information purchase history, subscription tier
Biometric information fingerprints, iris scans
Internet/network activity pages visited, search terms
Geolocation approximate (city-level from IP)
Sensory audio/visual recordings Photos you upload
Professional/employment job, employer
Education information school records
Inferences buyer profile, preferences
Sensitive personal info SSN, health, precise geo

9.2 Sources, Purposes, and Sharing

  • Sources: directly from you; automatic collection; third-party data providers (public records, MLS); advertising partners (attribution).
  • Purposes: operating the Service (Section 3).
  • Shared with: sub-processors in Section 4.1; legal/safety recipients in Section 4.4; corporate-transaction recipients in Section 4.3.

9.3 "Sale" and "Sharing"

  • We do not sell personal information for money.
  • We "share" personal information for cross-context behavioral advertising only via the Meta Pixel and Google Analytics (when Advertising Features are enabled). California residents may opt out at https://twellie.com/privacy/opt-out or by emailing privacy@twellie.com. We also honor the Global Privacy Control ("GPC") signal (see Section 16).

9.4 Your CCPA/CPRA Rights

  • Right to Know what we collect;
  • Right to Access and receive a copy of your personal information;
  • Right to Delete your personal information;
  • Right to Correct inaccurate information;
  • Right to Opt Out of sale or sharing;
  • Right to Limit use of sensitive personal information (we don't use any in ways that would require this);
  • Right to Non-Discrimination for exercising the above;
  • Right to Portability of your information.

Submit a verifiable consumer request via https://twellie.com/dashboard or by emailing privacy@twellie.com.

9.5 "Shine the Light" (Cal. Civ. Code § 1798.83)

California residents may request information about our disclosure of personal information to third parties for direct-marketing purposes. Send a request to privacy@twellie.com.

10. European and UK Privacy Rights (GDPR / UK GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation ("GDPR") or UK GDPR.

10.1 Legal Basis

See Section 3.7 for the legal bases we rely on.

10.2 Your GDPR Rights

  • Access (Art. 15);
  • Rectification (Art. 16);
  • Erasure / "right to be forgotten" (Art. 17);
  • Restriction (Art. 18);
  • Portability (Art. 20);
  • Objection (Art. 21), including to direct marketing and profiling;
  • Not to be subject to solely automated decision-making with legal or similarly significant effects (Art. 22);
  • Withdraw consent where processing is based on consent (Art. 7);
  • Lodge a complaint with a supervisory authority (see 10.4).

10.3 Controller

Twellie, Inc. is the data controller for personal information collected through the Service. Sub-processors listed in Section 4.1 act as processors.

10.4 EU / UK Supervisory Authority

You have the right to complain to a supervisory authority. Contacts:

  • Ireland (Lead EU Supervisory Authority for Twellie): Data Protection Commission, https://www.dataprotection.ie
  • United Kingdom: Information Commissioner's Office, https://ico.org.uk
  • Switzerland: Federal Data Protection and Information Commissioner, https://www.edoeb.admin.ch
  • Your home supervisory authority: list at https://edpb.europa.eu/about-edpb/board/members_en

10.5 EU Representative

If we require an EU representative under GDPR Art. 27, contact details will be published here. As of the Effective Date we rely on the cross-border exemption for occasional and non-large-scale processing; we will appoint an Art. 27 representative if/when required.

10.6 International Transfers

Processed per Standard Contractual Clauses (Section 6). You can request a copy of the SCCs at privacy@twellie.com.

11. Other U.S. State Privacy Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MTCDPA), Iowa (ICDPA), Tennessee (TIPA), Delaware (DPDPA), New Hampshire (NHPA), New Jersey (NJDPA), Indiana (INCDPA), Nebraska (NEDPA), and any other state with a comprehensive privacy law have rights similar to (but sometimes narrower than) California's:

  • Access;
  • Deletion;
  • Correction (in most);
  • Portability;
  • Opt-out of sale (where applicable);
  • Opt-out of targeted advertising;
  • Opt-out of profiling with legally significant effects;
  • Appeal of a denied request.

Exercise these rights via https://twellie.com/dashboard or privacy@twellie.com. We respond within 45 days (with one 45-day extension where permitted).

12. Cookies, Pixels, and Tracking Technologies

12.1 What We Use

Cookies: small text files stored on your device. Local storage: similar to cookies, stored in your browser. Mobile SDKs: device identifiers used by Meta App Events and similar. Pixels / web beacons: transparent images used by Meta Pixel, Google Analytics.

12.2 Categories

  • Strictly necessary: session authentication, CSRF tokens, load balancing. Cannot be disabled.
  • Functional: preferences (plan tier, display mode, recent addresses).
  • Analytics: GA4, PostHog (when enabled), Sentry session replays (not enabled by default).
  • Advertising / targeting: Meta Pixel, Google Ads conversion tags.

12.3 Your Choices

  • Cookie banner at first visit lets you accept, reject, or customize categories.
  • Browser settings allow blocking or clearing cookies.
  • Mobile settings allow resetting or limiting advertising IDs.
  • Opt-out of specific networks: Meta (https://www.facebook.com/help/568137493302217), Google Analytics (https://tools.google.com/dlpage/gaoptout).

Full list of cookies and their purposes is maintained at https://twellie.com/cookie-policy.

13. Advertising and Analytics

13.1 Meta Pixel / Facebook Conversions API

We use Meta Pixel on web and the Facebook App Events SDK in the mobile app to measure the effectiveness of Facebook and Instagram ads, attribute signups and subscriptions, and (where enabled) show you relevant ads on Meta platforms. Events we send include PageView, CompleteRegistration, InitiateCheckout, and Purchase.

iOS 14+ users: We honor App Tracking Transparency. If you deny tracking, we disable conversion signals that require the IDFA.

13.2 Google Analytics 4 + Google Ads

Used for product analytics and ad attribution. IP addresses are anonymized server-side.

13.3 Opt Out

  • EU/CA users: use the cookie banner.
  • Outside those regions: https://twellie.com/privacy/opt-out or GPC signal.

14. Security

We implement reasonable technical and organizational measures to protect personal information:

  • Encryption in transit via TLS 1.2+ for all web and app traffic;
  • Encryption at rest for database contents and stored files;
  • Access controls — engineers have least-privilege access, all database-level operations are logged;
  • Multi-factor authentication for internal tools;
  • Separate environments (prod / staging / dev) with no production data in dev;
  • Regular security reviews (including the one conducted April 2026);
  • Vulnerability management via dependency scanning and secret-detection pre-commit hooks;
  • Supabase provides row-level security isolating user data;
  • Stripe handles all payment card data (PCI-DSS Level 1 certified); we never touch raw card data;
  • Incident response — we will notify affected users and regulators of a data breach as required by law (e.g., within 72 hours for GDPR).

No system is perfectly secure. Keep your password confidential, use a strong unique password, enable any available MFA, and notify us immediately at security@twellie.com if you suspect unauthorized access.

15. Children's Privacy

15.1 Age Restriction

The Service is not directed to children under 18 and is not intended for anyone under the age of majority in their jurisdiction. We do not knowingly collect personal information from children under 13 ("Children" as defined in the Children's Online Privacy Protection Act, COPPA, 15 U.S.C. §§ 6501-6506).

15.2 COPPA Compliance

Consistent with COPPA:

  • We do not market to Children;
  • We do not request personal information from users who self-identify as under 18;
  • If we discover that a user is a Child, we promptly delete their account and any collected information.

15.3 How to Report

If you are a parent or guardian and believe a child has submitted personal information to Twellie, email privacy@twellie.com with the child's email address (or any identifier you know) and a brief description. We will:

  • Investigate within five (5) business days;
  • Delete any confirmed Child's data within the following five (5) business days;
  • Confirm completion to you by reply email.

15.4 Under-18 Teen Protections (California)

California Business and Professions Code § 22581 grants minors aged 13-17 the right to request removal of content they posted. Teens in California may email privacy@twellie.com to request removal. Some content may be retained in anonymised form or for law-enforcement compliance, per statute.

15.5 Sensitive-Data Declaration

  • We do not knowingly collect: biometric identifiers, health information (HIPAA PHI), precise geolocation (GPS), government ID numbers, or financial-account numbers (Stripe handles card data; we see only last 4 + brand).
  • We do not use personal information in a way that would require a "right to limit sensitive personal information" request under CPRA.
  • If you voluntarily submit any of the above in User Content, we process it only as necessary to deliver the Service. Please do not submit sensitive data you would not want retained.

15.6 Detailed Retention Schedule

Data Category Retention Period Rationale
Account profile (email, name, auth record) Life of account + 30-day soft delete Service continuity + accidental-click recovery
Reports (report_json) Life of account, or 7 years after last login User access to their own history
Usage counters (monthly report count) 7 years Billing audit + tax
Subscription records (Stripe data, invoices) 7 years Tax, accounting, audit
Payment transactions 7 years Tax, accounting, audit
Consent acceptances 10 years GDPR Art. 7 burden-of-proof
Deletion requests 10 years Compliance audit trail
Support tickets 3 years Product learning, dispute resolution
Server access logs (IP, request path) 90 days Security investigation, debugging
Sentry events 30-90 days (varies by plan) Error monitoring
GA4 events 14 months Analytics retention default
Meta Pixel events 180 days (Meta default) Ad attribution
Email deliverability logs (Resend) 30 days + 6 months archive Anti-abuse, bounce handling
Cookie banner choice 12 months CCPA re-prompting requirement
Backups (all categories) Rolling 90 days Disaster recovery
Legal-hold / investigation data Duration of hold + 2 years after closure Litigation, regulatory

Where longer retention is required by law (e.g., 7-year tax records), we retain only what the law requires and delete the rest.

16. Do Not Track and Global Privacy Control

Do Not Track ("DNT"): Most browsers send DNT signals but industry has not standardized interpretation. We do not currently respond to DNT signals.

Global Privacy Control ("GPC"): We do honor GPC signals. When your browser sends GPC headers, we treat it as an opt-out of sale/sharing for that browser session and persist the preference if you are signed in.

17. Third-Party Links and Services

Reports and the Service may link to third-party websites (GreatSchools, FEMA, Zillow listings, etc.). Those sites' privacy practices are governed by their own policies. We are not responsible for third-party content or privacy practices.

18. Automated Decision-Making

Reports rely on automated processing (the AI analysis is the product). Reports are informational only and do not produce legal or similarly significant effects on you by themselves — you are the sole decision-maker about whether to act on a Report. Because Reports do not produce legal or similarly significant effects solely from the automated processing, GDPR Art. 22 restrictions on automated decision-making do not apply. We nonetheless honor all other GDPR rights, including access, deletion, and objection.

19. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced at https://twellie.com/privacy with a new "Last Updated" date and, where feasible, by email to the address associated with your Account at least 30 days before the change takes effect. Continued use after the effective date constitutes acceptance. For changes that materially reduce your rights, we will seek affirmative re-consent where required by law.

20. Contact Us

Twellie, Inc. [ADDRESS — INSERT BEFORE LAUNCH] United States

  • Privacy inquiries / data requests: privacy@twellie.com
  • Data Protection Officer (for EU/UK requests): dpo@twellie.com
  • Security issues: security@twellie.com
  • Legal notices: legal@twellie.com
  • General support: help@twellie.com

Email is the primary channel; we do not accept privacy requests by postal mail unless you require a specific accessible format.

© 2026 Twellie, Inc. All rights reserved.