Privacy
Policy
We prioritize your privacy and strictly limit our data collection.
We don't use advertising cookies (Google, Meta, etc.) and never collect personal data unless voluntarily provided by you.
Your data is yours, not ours, and we pledge never to sell it.
Twenty, Inc. aligns with GDPR, CCPA, PECR.
Twenty is not PCI or HIPAA certified
In this policy, we explain our data collection and handling practices, and your rights pertaining to your data.
Visitors to our website can browse freely, with minimal data collection or tracking:
We don't collect personal information unless you become a "subscriber" and voluntarily provide it.
Basic cookies are used to ensure a good browsing experience (e.g. keeping you logged in to the app) but not for tracking or advertising purposes.
We do not share or sell any information to third-party services.
We use Sentry, an Open Source bug-tracking service, which uses third-party cookies in a privacy-friendly manner. We might use other privacy-compliant services, for example Plausible.io or the built-in option in Framer to get statistics on website visits. We’re a young company and iterate with different tools, we try to come back to this page and keep the list up-to-date. If you ever notice it’s not, please let us know, and we will quickly update it.
We do not use services such as Google Analytics, Facebook pixel, Linkedin pixel, Clearbit, etc.
We collect anonymous data for statistical purposes, which helps us to understand trends in website traffic. Personal data is not part of this collection.
As a subscriber, your name, your email or your phone number will be collected to send you updates and communications, subject to your approval.
As a user, we collect the necessary data to provide our services:
Required details include your full name, an email address, and, possibly, billing information.
Data is shared with select third-party services, such as AWS for hosting, and Sentry for bug tracking, who are not permitted to use the data for their purposes.
We are committed to high-level security measures and will work towards getting certification for these in the future
Users can access, change or delete their personal data by reaching out to us directly.
If you opt to connect your Google Workspace or Microsoft 365 account, we will also collect the following information:
Email Address: Your primary email address.
Full Name: The full name associated with your account.
Email Content: The content of your emails, including subject lines, body text, and attachments.
Calendar Event Content: Details of your calendar events, such as event titles, descriptions, attendees, and times.
Email Alias: Any email aliases linked to your account.
We retain your data for as long as your account is active or as necessary for providing you with the services. This data is also used to comply with our legal obligations, resolve disputes, enforce our agreements, and protect Twenty's legal rights.
We plan to implement a system to automate data cleanup. Since the company is rather young, it would have nothing to delete if we built it now. But it’s definitely something we want to prioritize in the future.
We are committed to respecting and upholding the standards set forth by the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Privacy and Electronic Communications Regulations (PECR).
Twenty is not certified by the Payment Card Industry (PCI) or Health Insurance Portability and Accountability Act (HIPAA) standards. As such, we do not claim to comply with PCI and HIPAA requirements for the protection of financial and medical data.
Our privacy policy may be updated as our business evolves and to stay compliant with regulations. Significant changes will be communicated to users via email.
Please reach us at contact [at] twenty.com for any queries, comments, or concerns about this privacy policy, your data, or your rights related to your information.