Privacy Policy

1. Introduction

HELPERG LLC, a Wyoming limited liability company doing business as TwinPhone ("HELPERG," "TwinPhone," "we," "our," "us"), operates the twin-phone.com website and browser-based international calling service (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal data when you use our Service. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Data Controller

For the purposes of the EU General Data Protection Regulation ("GDPR"), the UK GDPR, and other applicable data protection laws, HELPERG LLC (d/b/a TwinPhone) is the data controller responsible for your personal data. For any privacy-related inquiries or to exercise your data subject rights, contact us at privacy@twin-phone.com or support@twin-phone.com.

3. Legal Bases for Processing

We process your personal data only when we have a valid legal basis under applicable law, including:

• Contract performance: Processing necessary to provide the Service you requested (account management, call routing, billing).
• Legitimate interests:Fraud prevention, service security, analytics to improve performance — balanced against your rights and freedoms.
• Legal obligation: Compliance with applicable laws, tax regulations, and lawful government requests.
• Consent: Where required (e.g., optional analytics cookies, marketing communications). You may withdraw consent at any time without affecting the lawfulness of prior processing.

4. Information We Collect

Account Information: Email address and optional display name provided during registration.

Call Metadata: Numbers dialed, call duration, timestamps, and call status. Required for billing and your call history. We do not record or store call audio unless you explicitly enable the call recording feature.

Payment Information: Payment transactions are processed by our third-party payment processor (Stripe). We receive a transaction reference and amount. We do not store credit card numbers, CVVs, or full card details on our servers.

Technical Data: IP address, browser type and version, device type, operating system, referring URL, pages visited, and session duration. Collected automatically via server logs and analytics.

Promotional fingerprints: To prevent abuse of one-time sign-up offers (e.g., the Welcome Credit), we store acryptographic hash (SHA-256 with a server-side secret) of the IP address used to claim the offer. The original IP address is not retained on this record; only the irreversible hash is, which lets us detect a second sign-up from the same network without keeping personally identifiable information. The same technique is used to record consent metadata for opt-in features such as auto-refill, where retaining proof-of-consent is required by FTC ROSCA and EU Consumer Rights Directive Article 22.

Communications: If you contact us for support, we retain the content of your messages to resolve your inquiry and improve our service.

5. How We Use Your Information

• Provide, operate, and maintain the calling Service
• Process payments, manage your account balance, and generate invoices
• Send transactional communications (receipts, password resets, service alerts)
• Detect, prevent, and address fraud, abuse, and security threats
• Analyze usage patterns to improve service quality (in aggregate and anonymized form)
• Comply with legal obligations and respond to lawful requests
• Enforce our Terms of Service

We do not sell, rent, or trade your personal data to third parties for marketing or advertising purposes. We do not use your data for targeted advertising.

6. Call Encryption & Security

Every call made through TwinPhone is encrypted using TLS (Transport Layer Security) for signaling and SRTP (Secure Real-Time Transport Protocol) for audio. This encryption is automatic, always-on, and cannot be disabled. TwinPhone employees cannot listen to or access the audio content of your calls. We implement industry-standard technical and organizational measures to protect your data, including encrypted data storage, access controls, and regular security audits. However, no system is 100% secure, and we cannot guarantee absolute security of data transmitted over the Internet.

7. Data Sharing & Third-Party Processors

We share personal data only with the following categories of service providers, solely to the extent necessary for the Service to function:

• Telecom infrastructure: Call routing via third-party carriers (Twilio). Call metadata is shared to connect your calls.
• Payment processing: Stripe processes your payments. We share only the minimum data required for transactions.
• Hosting & infrastructure: Cloud hosting providers (Vercel, Supabase) that store and serve our application data.
• Analytics: Loaded only after you consent via the cookie banner.
  • Firebase Analytics and Vercel Analytics / Speed Insights: aggregate, privacy-friendly usage and performance metrics. No PII.
  • Mixpanel: product analytics tied to your account. When you are signed in we send your account email and display name so we can analyze in-product behavior at the user level. Mixpanel is contractually bound by a Data Processing Agreement and does not use your data for advertising.
• Error monitoring & session replay: Sentry receives error reports with no default PII. When you have consented to analytics, a small percentage of sessions in which an error occurs are recorded as a privacy-masked replay (text content masked, media blocked) so we can reproduce and fix the issue. Replays are not collected for error-free sessions and are never collected before consent.

All third-party processors are bound by data processing agreements and are required to handle your data in compliance with applicable privacy laws. We do not sell personal data to any third party.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. Where required by law (e.g., transfers from the EEA, UK, or Switzerland), we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, data processing agreements with our sub-processors, or other legally recognized transfer mechanisms. By using the Service, you acknowledge this transfer. If you are located in the EEA, UK, or Switzerland, you have the right to request a copy of the applicable safeguards by contacting us.

9. Data Retention

• Account data: Retained while your account is active and for 90 days after deletion to process pending transactions and comply with legal obligations.
• Call metadata: Retained for the duration of your account plus 90 days after deletion.
• Call recordings: If enabled by you, retained until you delete them or close your account.
• Payment records:Retained as required by applicable tax and financial regulations (typically 5–7 years).
• Server logs: Automatically purged after 90 days.

10. Your Rights

For All Users

Regardless of your location, you may: access and download your personal data through your account dashboard, request correction of inaccurate data, request deletion of your account and associated data, and opt out of non-essential communications at any time.

European Economic Area, United Kingdom & Switzerland (GDPR / UK GDPR)

If you are located in the EEA, UK, or Switzerland, you additionally have the right to: restrict or object to certain processing, request data portability in a machine-readable format, withdraw consent at any time (without affecting prior processing), and lodge a complaint with your local data protection authority (e.g., the ICO in the UK, CNIL in France, BfDI in Germany).

California Residents (CCPA / CPRA)

Under the California Consumer Privacy Act and the California Privacy Rights Act, you have the right to: know what personal information we collect, request deletion, opt out of the sale or sharing of personal information (we do not sell your data), and not be discriminated against for exercising your rights. To submit a verifiable consumer request, email us at support@twin-phone.com. We will respond within 45 days. In the preceding 12 months, we have not sold any personal information.

Brazil (LGPD)

If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados, including the right to access, correct, delete, anonymize, or port your data, and to revoke consent.

Other Jurisdictions

If your jurisdiction provides additional privacy rights (e.g., Canada PIPEDA, Australia Privacy Act, Japan APPI, South Korea PIPA), we will honor those rights in accordance with applicable law. Contact us to exercise them.

To exercise any of these rights, email support@twin-phone.com. We will verify your identity and respond within the timeframes required by applicable law. We do not charge a fee for rights requests unless they are manifestly unfounded or excessive.

11. Children's Privacy

The Service is not directed at children under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without verified parental consent, we will promptly delete it. If you believe a child has provided us with personal data, please contact us at support@twin-phone.com.

12. Automated Decision-Making

We may use automated systems for fraud detection and abuse prevention. These systems may flag or suspend accounts based on usage patterns. You have the right to request human review of any automated decision that significantly affects you.

13. Do Not Track & Global Privacy Control

We honor Do Not Track ("DNT") browser signals. When we detect a DNT signal, we disable non-essential analytics tracking for that session. We do not engage in cross-site tracking regardless of DNT settings.

We also honor Global Privacy Control ("GPC") signals as required by the CCPA/CPRA, Colorado Privacy Act, Connecticut Data Privacy Act, and other applicable US state privacy laws. When we detect a GPC signal, we treat it as a legally binding opt-out of the sale or sharing of personal information and disable non-essential analytics for that session. TwinPhone does not sell or share personal information for advertising purposes.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via email to registered users or via a prominent notice on the Service at least 30 days before taking effect. Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes. We encourage you to periodically review this page.

15. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Wyoming, United States, without regard to its conflict of laws principles. For dispute resolution, arbitration, and class action waiver terms, please see our Terms of Service (Section 14).

Nothing in this policy limits your right to lodge complaints with your local data protection authority (e.g., the ICO in the UK, CNIL in France, BfDI in Germany), or any rights that cannot be waived under applicable consumer protection or data protection law in your jurisdiction.

16. Contact

For any privacy-related questions, data requests, or complaints, contact us at: support@twin-phone.com. We aim to respond to all inquiries within 30 days, or sooner where required by applicable law.