Privacy Policy

At Twilee (“we,” “our,” or “us”), your privacy is of utmost importance to us. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website and services (collectively, the "Service"). By using our Service, you agree to the terms outlined in this Privacy Policy.

1. Information We Collect

We collect and process the following categories of personal data:

• Account Information: When you register for an account, we collect your email address, which is also used for authentication.
• Billing Information: For paid subscription services, our payment processor Stripe collects your billing details (e.g., name, billing address) and payment method (e.g., credit card). We do not store this information on our systems.
• Service Data: Content and metadata of QR codes generated, stored, or managed via our Service.
• Technical Information: Basic technical data is automatically collected, including your IP address, browser type, device information, and access logs, to ensure proper functioning and security.
• Support Interactions: If you contact us, we may process the information you voluntarily provide (e.g., email content, attachments).

2. How We Use Your Information

Your personal data is used only for purposes that are legitimate and necessary, including:

• To provide and improve the Service.
• To authenticate and secure your account.
• To process payments securely via Stripe.
• To respond to your inquiries and provide support.
• To ensure security, prevent fraud, and maintain system performance.
• To comply with legal and regulatory obligations (e.g., accounting, tax laws).

We do not sell your personal data, use it for targeted advertising, or share it with third parties for marketing purposes.

3. Payment and Billing Information

All payment-related information is securely processed by our third-party provider Stripe. We only receive limited details (e.g., transaction status, last 4 digits of your card, expiration date) necessary to confirm and manage subscriptions.

For details on Stripe’s practices, please refer to Stripe Privacy Policy.

4. Cookies and Tracking

We use only the minimal cookies strictly necessary for the proper functioning of the Service, such as:

• Authentication cookies (to keep you logged in).
• Session management cookies (to ensure navigation consistency).

We do not use cookies for advertising, profiling, or third-party tracking.

For more information, please see our Cookies Policy.

5. Data Hosting and Storage

• All data is hosted in France (European Union) and remains subject to the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679) and relevant French laws.
• We implement industry-standard security measures (encryption, access controls, backups, monitoring) to protect your data against unauthorized access, alteration, disclosure, or destruction.
• Data retention periods are limited:
• Account data: kept until you delete your account.
• Billing data: kept for the legally required period (10 years under French law).
• Technical logs: retained for a maximum of 90 days for security and audit purposes.

6. Data Sharing and Third Parties

We limit sharing of your personal data strictly to:

• Service providers required for Service operation (e.g., hosting provider, payment processor).
• Authorities if required by law, court order, or to protect our legal rights.

All third parties we work with are required to comply with GDPR standards.

7. International Data Transfers

We do not transfer your personal data outside the European Economic Area (EEA). If a transfer becomes necessary in the future, we will ensure appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions) in accordance with GDPR.

8. Your Rights under GDPR

You have the following rights regarding your personal data:

• Right of access – to know what data we hold about you.
• Right to rectification – to correct inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”) – to request deletion of your data.
• Right to restriction of processing – to limit how your data is used.
• Right to data portability – to receive your data in a structured, machine-readable format.
• Right to object – to oppose processing in certain situations (e.g., direct marketing, which we do not use).
• Right to lodge a complaint – with the French data protection authority CNIL (www.cnil.fr).

To exercise your rights, contact us at support@twilee.com. We will respond within the one-month period required by GDPR.

9. Data Security

We use technical and organizational measures to protect your personal data, including encryption (in transit and at rest), firewalls, monitoring, and restricted access controls. However, no system can be 100% secure, and you acknowledge that risks inherent to Internet-based services remain.

10. Data Retention

We retain your personal data only as long as necessary:

• Account data: until account deletion or 3 years after last activity.
• Billing data: 10 years (legal obligation).
• Technical logs: up to 90 days.

After these periods, your data will be deleted or anonymized.

11. Changes to this Policy

We may update this Privacy Policy from time to time to reflect legal or technical changes. We will notify you by email or on our website before significant changes take effect.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

• Email: support@twilee.com