What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They help the site remember your preferences, keep you logged in, and understand how you interact with the service. This policy also covers similar storage technologies we use (including localStorage,sessionStorage, and IndexedDB) which are treated identically to cookies under the EU ePrivacy Directive (Art. 5(3)). Throughout this policy, “cookies” refers to all of these technologies unless stated otherwise. This policy explains what we use, why, and how you can control it.
Cookies We Use
Strictly Necessary Cookies
Required for the Service to function. These handle authentication (session tokens, keeping you logged in), locale/language preferences, CSRF protection, and security tokens. These cookies are essential and cannot be disabled without breaking the Service.
Legal basis: Legitimate interest / contract performance. No consent required under GDPR Art. 5(3) of the ePrivacy Directive.
Analytics Cookies
Help us understand how visitors use the site (pages visited, session duration, general geographic region) and how the product is used by signed-in users. Used solely to improve service performance and user experience.
Providers and what they do:
- Firebase Analytics (Google) — aggregate site usage and event counts. Anonymized at collection.
- Mixpanel — product analytics tied to your account. When you are signed in, Mixpanel receives an identified profile including your account email and display name, used solely to analyze in-product behavior. Not used for advertising; not sold; not shared with third parties beyond Mixpanel itself.
- Vercel Analytics and Vercel Speed Insights — privacy-friendly page-level performance and traffic metrics.
- Sentry session replay — when an error occurs, a small percentage of error sessions are recorded as a privacy-masked replay (text masked, media blocked) so we can reproduce and fix the bug. Not enabled for error-free sessions.
All of the above are loaded only after you consent via our cookie banner. No analytics tools run before consent.
Legal basis: Consent (where required by applicable law) or legitimate interest.
Cookies We Do NOT Use
We do not use advertising or marketing cookies, third-party tracking cookies, social media cookies, or cross-site tracking pixels. We do not sell cookie data to advertisers. We do not participate in ad networks, real-time bidding, or behavioral advertising of any kind.
Third-Party Cookies
Our payment processor (Stripe) may set its own cookies during the checkout process to prevent fraud and process your payment securely. These cookies are governed by Stripe's own privacy and cookie policies. We do not control third-party cookies.
Managing Cookies
When you first visit TwinPhone, a consent banner appears at the bottom of the page. You can choose to accept all cookies or allow only essential ones. Analytics cookies are never set before you give explicit consent (opt-in model). Your preference is stored locally and remembered for future visits, and a receipt of your decision (timestamp, choice, anonymized identifier) is logged on our servers so we can demonstrate consent under GDPR Art. 7(1).
You can change or withdraw your consent at any timeby clicking “Cookie Settings” in the site footer. Withdrawal is as easy as the original choice and does not affect the lawfulness of processing performed before withdrawal.
You can also control cookies through your browser settings. Most browsers allow you to: view what cookies are set, delete individual or all cookies, block cookies from specific or all sites, and set preferences for first-party vs. third-party cookies.
Note that disabling strictly necessary cookies will prevent you from logging into your TwinPhone account and using the Service. If you disable analytics cookies, we will not be able to improve your experience based on usage patterns, but the Service will continue to function normally.
Do Not Track & Global Privacy Control
We honor Do Not Track ("DNT") browser signals. When we detect a DNT signal, non-essential analytics cookies are not set for that session.
We also honor Global Privacy Control ("GPC") signals as required by the California Consumer Privacy Act (CCPA/CPRA), the Colorado Privacy Act, the Connecticut Data Privacy Act, and other applicable US state privacy laws. When we detect a GPC signal, we treat it as a legally binding opt-out of the sale or sharing of personal information and disable analytics tracking for that session.
Changes to This Policy
We may update this Cookie Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Material changes may also be communicated via a notice on the Service.
Contact
Questions about cookies? Email support@twin-phone.com.