Enterprise Privacy Policy
Last updated: February 5, 2025
At Tweelin Inc., we are committed to protecting your organization’s data and ensuring compliance with global privacy regulations. As an ISO 27001:2022 and SOC 2 compliant SaaS provider, we prioritize data security, transparency, and user control. Our privacy practices adhere to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy frameworks to support enterprise organizations in meeting their regulatory obligations.
This Privacy Policy describes how we collect, use, and disclose information when you or your organization uses Tweelin services. It also outlines your privacy rights and how we safeguard your data.
1. Table of Contents
- Introduction
- Data Categories We Collect
- How We Use Your Data
- Data Processing Lifecycle
- Data Sharing and Subprocessors
- Data Security Measures
- International Data Transfers and Data Residency
- Your Privacy Rights
- Enterprise Compliance Support
- Changes to This Policy
- Contact Information
2. Data Categories We Collect
We collect and process different categories of data to provide and improve our services. These include:
Personal Data
Information that can identify you, such as:
- Name and email address
- Contact information (phone number, organization name)
Usage Data
Automatically collected data from service usage, such as:
- Device details (IP address, browser type, OS)
- Activity logs (page visits, session duration)
- Telemetry snapshots to determine user availability
Third-Party Data
Data obtained through integrations with third-party services (e.g., Google Calendar, Microsoft Graph API), which may include basic event details for availability assessment.
3. How We Use Your Data
We use data for the following purposes:
- Service Delivery: To provide, maintain, and improve Tweelin’s services.
- Account Management: To manage user registration, authentication, and access control.
- Communication: To send important updates and respond to inquiries.
- Security: To monitor and secure our infrastructure against unauthorized access or attacks.
- Analytics: To analyze service usage trends and optimize features.
We adhere to the principle of data minimization by collecting and retaining only the data necessary for these purposes.
4. Data Processing Lifecycle
Our data processing lifecycle consists of the following stages:
1. Collection:
Data is collected through direct user input, telemetry snapshots, and third-party integrations.
2. Processing:
Data is processed using secure AWS services such as Lambda, DynamoDB, and NeptuneDB. Telemetry data is used to enhance productivity features without tracking detailed historical activity.
3. Storage:
Data is encrypted at rest using AWS Key Management Service (KMS) and stored in AWS regions such as US East (N. Virginia) or other regions based on customer requirements.
4. Access Control:
Strict IAM policies and multi-factor authentication (MFA) limit data access to authorized personnel only. Access logs are continuously monitored.
5. Retention and Deletion:
Data retention is governed by default policies and customizable enterprise options. User-initiated deletions trigger automated processes that remove data within 30 days, ensuring compliance with the GDPR’s “Right to be Forgotten.”
5. Data Sharing and Subprocessors
We only share data with trusted subprocessors and partners necessary to deliver and maintain our services.
Subprocessors and Vendors
Our key subprocessors include:
- Amazon Web Services (AWS): Cloud infrastructure
- Google: Analytics and calendar integrations
- Microsoft: Calendar and identity services
All subprocessors adhere to industry-leading security and privacy standards, including SOC 2 and ISO 27001 compliance.
Data Sharing Scenarios
We may share data under the following circumstances:
- With service providers for infrastructure, security, and analytics.
- As required by law (e.g., in response to legal requests).
- During business transfers (e.g., mergers or acquisitions), with prior notice to affected users.
We do not sell personal data to third parties.
6. Data Security Measures
We implement stringent security measures to protect your data:
- Encryption: All data is encrypted both in transit (TLS) and at rest (AWS KMS).
- Access Controls: Role-based access control (RBAC), IAM policies, and MFA.
- Threat Detection: Continuous monitoring through AWS GuardDuty, CloudTrail, and CloudWatch.
- Incident Response: Procedures are in place to detect, contain, and resolve security incidents promptly.
These practices align with the AWS Well-Architected Framework Security Pillar and are regularly audited for compliance.
7. International Data Transfers and Data Residency
We process and store data primarily in the United States but offer region-specific storage options for customers with data residency requirements.
Cross-Border Transfers
For international data transfers, we comply with applicable regulations, including Standard Contractual Clauses (SCCs) under GDPR.
Data Residency Customization
Enterprise customers may request localized data storage within specific regions (e.g., EU-based servers) to meet sovereignty requirements.
8. Your Privacy Rights
Depending on your location, you have the following rights:
Under GDPR
- Right to Access: Obtain a copy of your data.
- Right to Rectification: Request corrections to your data.
- Right to Erasure: Request deletion of your data.
- Right to Data Portability: Receive your data in a machine-readable format.
- Right to Object: Object to data processing under certain conditions.
Under CCPA
- Right to Know: Understand what data we collect and how it is used.
- Right to Delete: Request data deletion.
- Right to Opt-Out: Opt-out of data sales (though Tweelin does not sell data).
To exercise your rights, contact us using the details in the Contact Information section.
9. Enterprise Compliance Support
For enterprise customers, we offer:
- Data Processing Agreements (DPAs): Formal agreements detailing privacy and security obligations.
- Privacy and Security Support: A dedicated team for compliance inquiries.
- Auditing Support: Access to documentation and reports for internal compliance audits.
10. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or regulatory requirements. Significant updates will be communicated through email and in-app notifications at least 30 days in advance.
The “Last updated” date at the top of this policy indicates when the latest changes were made.
11. Contact Information
If you have any questions or wish to exercise your privacy rights, please contact us:
- Website: https://tweelin.com/contact-us
- European Representative (GDPR Article 27): EDPO, Avenue Huart Hamoir 71, 1030 Brussels, Belgium
EDPO Request Form - UK Representative: EDPO UK Ltd, 8 Northumberland Avenue, London WC2N 5BY, United Kingdom
EDPO UK Request Form
Tweelin.com Privacy Policy
Last updated: February 5, 2025
At Tweelin Inc., your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your personal information when you visit our website (Tweelin.com), interact with our content, or use any services offered through the website.
If you are a customer or user of our enterprise solution, please refer to the Enterprise Privacy Policy for details on how we handle product-specific data.
1. Table of Contents
- Introduction
- Information We Collect
- How We Use Your Information
- Cookies and Tracking Technologies
- Sharing Your Information
- Your Privacy Rights
- Data Security
- Third-Party Services
- Changes to This Policy
- Contact Information
2. Information We Collect
We collect information to improve your experience on our website and ensure the functionality of our services. This may include:
Personal Information:
- Name, email address, phone number (when you submit forms or sign up for newsletters).
Usage Data:
- Information automatically collected through cookies and similar technologies, such as:
- IP address, browser type, operating system
- Pages visited, time spent on pages, and referral sources
- Information automatically collected through cookies and similar technologies, such as:
Marketing and Communication Data:
- Preferences for receiving marketing materials
- Responses to surveys, forms, or promotions
3. How We Use Your Information
We use the information collected for the following purposes:
- Service and Website Functionality: To provide, operate, and improve Tweelin.com’s services.
- Communication: To respond to your inquiries or requests, and to send updates about our services.
- Marketing: To provide you with relevant content, newsletters, and promotional offers (with your consent).
- Analytics: To analyze website traffic, performance, and user engagement to enhance user experience.
You can manage your communication preferences and opt out of marketing communications at any time.
4. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to collect and store information about your interaction with our website.
Types of Cookies We Use:
- Essential Cookies: Necessary for the functionality of the website (e.g., login authentication).
- Analytics Cookies: Help us understand how users engage with the site.
- Marketing Cookies: Enable personalized content and advertising.
You can control or disable cookies through your browser settings.
5. Sharing Your Information
We do not sell your personal information. However, we may share data with trusted third parties for the following purposes:
- Service Providers: Vendors who assist us with website hosting, analytics, marketing, or customer support (e.g., Google Analytics, Mailchimp).
- Legal Compliance: If required to comply with legal obligations, enforce agreements, or protect the rights and safety of our users.
All third parties are contractually obligated to protect your data and use it only for the purposes outlined in this policy.
6. Your Privacy Rights
Depending on your location, you may have certain rights under privacy laws such as the General Data Protection Regulation (GDPR) or California Consumer Privacy Act (CCPA). These rights may include:
Under GDPR:
- Right to Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Correct inaccurate or incomplete data.
- Right to Erasure: Request the deletion of your personal data.
- Right to Object: Object to data processing in certain situations.
Under CCPA:
- Right to Know: Understand what data we collect and how we use it.
- Right to Delete: Request the deletion of your data.
- Right to Opt-Out: Opt out of the sale of personal data (Tweelin does not sell personal data).
To exercise your rights, please contact us using the details provided in the Contact Information section.
7. Data Security
We take data security seriously and implement the following measures to protect your information:
- Encryption: Data transmitted through our website is encrypted using TLS (Transport Layer Security).
- Access Controls: Restricted access to personal data for authorized personnel only.
- Monitoring: Continuous monitoring of our infrastructure to detect and prevent unauthorized access.
While we strive to protect your data, please note that no method of transmission over the internet is 100% secure.
8. Third-Party Services
We use third-party services to enhance our website’s functionality and performance. These services may collect information based on their own privacy policies.
Examples:
- Google Analytics: Tracks and reports website traffic and usage patterns.
- Mailchimp: Manages our email marketing and newsletters.
For more information on how these services handle your data, refer to their respective privacy policies.
9. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or applicable regulations. We will notify you of significant changes through prominent notices on our website.
The “Last updated” date at the top of this policy indicates when the latest changes were made.
10. Contact Information
If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:
- Website: https://tweelin.com/contact-us
- European Representative (GDPR Article 27): EDPO, Avenue Huart Hamoir 71, 1030 Brussels, Belgium
EDPO Request Form - UK Representative: EDPO UK Ltd, 8 Northumberland Avenue, London WC2N 5BY, United Kingdom
EDPO UK Request Form