Twin AI Privacy Policy

Rislings LLC (UNP 193958578) is the data controller / operator of personal data of the users of the Twin AI service. This Policy describes what data we collect, why, with whom we share it and how we protect it.

Effective as of 11 May 2026·version 1.0·URL: https://twinailabs.com/offer

Contents

1.Operator and Contact
2.Categories of Data We Process
3.Purposes
4.Legal Bases
5.Recipients of Your Data
6.Retention
7.Your Rights
8.Security Measures
9.Children and Minors
10.Changes to this Policy

1. Operator and Contact

Operator / controller: Rislings LLC, UNP 193958578, registered office at Starynovskaya str. 15, office 9, 220103 Minsk, Republic of Belarus.

Privacy contact: twinai.support@freeaiphoto.com. Messages with subject "Personal data" are processed within 15 business days.

This Policy is drawn up under Law of the Republic of Belarus No. 99-Z of 7 May 2021 "On Personal Data Protection"; Federal Law of the Russian Federation No. 152-FZ "On Personal Data" — as applicable to Users resident in Russia; and the EU GDPR — where applicable to EEA Users.

2. Categories of Data We Process

Identification: username, e-mail address, and, when using Sign in with Google, the Google account identifier and public profile data (name, avatar).
Account data: password (cryptographically hashed; never stored in clear), time zone, interface language, sign-up date and time.
Usage data: prompt history, generation parameters, selected model identifiers, Credit balance and ledger, generation operation statuses and metadata.
Generated Content: images, videos and text generated by the User and stored in the Account.
Payment data: payment amounts, transaction statuses and identifiers. We do not receive or store full card or bank details — those are processed on the infrastructure of the Payment Processors (YooKassa, Stripe etc.) under their PCI-DSS programme.
Technical data: IP address, device type and version, OS, browser type and version, device identifiers, technical logs.
Cookies and session identifiers: details in the Cookie Policy.
Support requests: content and metadata of communications sent to support.

3. Purposes

Entering into and performing the paid-services agreement (Offer): sign-up and identification, providing access to the Service, performing generation operations and accounting for Credits.
Settlements: processing payments, issuing receipts, refunds.
Technical support and contractual communications: replies, notices about maintenance, changes to the Offer and Subscription.
Security and abuse prevention: moderation of prompts and Generated Content, anti-fraud, DDoS and other abuse mitigation, protection of the rights of the Provider and third parties.
Compliance with applicable law, including responding to lawful requests of competent authorities and AML/CFT requirements.
Analytics and Service improvement on anonymised and aggregated data.
Marketing communications — only with the User's separate consent.

4. Legal Bases

Consent of the data subject (Article 5 of Law No. 99-Z; Article 6(1)(1) of FZ-152; Article 6(1)(a) GDPR).
Performance of a contract with the data subject (the Offer) (Article 6(1)(b) GDPR).
Compliance with a legal obligation (Article 6(1)(c) GDPR).
Legitimate interests of the controller and third parties — for security and abuse prevention, where such interests are not overridden by the rights of the data subject (Article 6(1)(f) GDPR).

5. Recipients of Your Data

We engage third parties to deliver the Service. To the extent necessary, we share specific categories of data with the following types of recipients:

AI model providers (including, in particular, OpenAI, Anthropic, Google, Stability AI, FAL, Replicate, and providers of Sora, Veo, Flux, Kling and other models): receive the contents of prompts and/or reference files necessary to perform the generation operation; transmission is encrypted.
Payment Processors: YooKassa (YooMoney NCO LLC, Russia) for ruble payments; Stripe Payments Europe, Ltd. (Ireland) and Stripe, Inc. (USA) for international payments. Full payment-card data is processed solely on their infrastructure.
Infrastructure providers: Microsoft Azure (hosting and storage), CDN, DNS and DDoS-protection providers.
Monitoring providers: Sentry (Functional Software, Inc., USA) for technical error monitoring.
Connectivity and analytics providers listed in the cookie banner — only with the User's separate consent.
Public authorities and other authorised entities — on a reasoned request, in the manner provided by applicable law.

Some of these recipients are located outside Belarus and the Russian Federation. This constitutes a cross-border transfer of personal data. Before any such transfer we ensure compliance with applicable law, including obtaining separate consent where required and entering into data-processing agreements with appropriate safeguards.

6. Retention

Account and operation-history data — for the life of the Account and for 1 (one) year after deletion, unless applicable law requires otherwise.
Generated Content — for the life of the Account; on User request — deleted within 30 calendar days.
Payment data (amounts and statuses) — for the period required by accounting and tax law of the relevant jurisdiction (typically no less than 5 years).
Technical logs — up to 12 months, after which they are anonymised or deleted.
Cookies — as set out in the Cookie Policy.
Support correspondence — up to 3 years from closure of the ticket.

7. Your Rights

The User has, in particular, the following rights with respect to their personal data:

right to be informed about the processing, including sources, purposes, legal bases, retention and recipients;
right to request rectification, blocking or deletion of personal data that are incomplete, outdated, inaccurate, unlawfully obtained or no longer necessary for the stated purposes;
right to withdraw consent to processing at any time (other legal bases, where available, may continue to apply);
right to lodge a complaint with the National Personal Data Protection Centre of the Republic of Belarus (npa.by); for Russian residents — with Roskomnadzor; for EEA users — with the supervisory authority of their member state.

Requests are sent to twinai.support@freeaiphoto.com from the e-mail registered with the Account or via another means of identifying the requester. We respond within 15 business days of receipt.

8. Security Measures

Encryption in transit (TLS).
Passwords stored as cryptographic hashes and never recoverable in clear.
Access controls: production data is accessible only to authorised personnel on a need-to-know basis.
Audit logging of administrative actions and regular log review.
Regular backups and recovery drills.
Vulnerability management and incident response programme; disclosures to twinai.support@freeaiphoto.com.

9. Children and Minors

The Service is rated 18+ and is not intended for use by minors. If we learn that a minor has registered, we will block the Account and delete associated personal data.

10. Changes to this Policy

We may amend this Policy. The current version is always available at twinailabs.com/privacy-policy. Material changes will be notified by e-mail and/or in the Account at least 14 calendar days before they take effect.

Provider details

Legal name: Rislings LLC
UNP: 193958578
Registered address: Starynovskaya str. 15, office 9, 220103 Minsk, Republic of Belarus
Jurisdiction: Republic of Belarus
E-mail: twinai.support@freeaiphoto.com