Privacy Policy

Last Updated: January 2025

Our Privacy Commitment

At Twine Campus, we believe privacy is fundamental to building trust within college communities. This policy explains how we collect, use, protect, and share your information across our two products: Twine Campus App (iPhone) and Remi Guardian (Desktop - Coming Soon).

Key Principles:

We never sell your personal data
You control your information
Transparency in our practices
Security by design

1. Information We Collect

1.1 Account Information

What we collect:

Name and email address
University affiliation
Phone number (for verification)
Profile photo (optional)
Year of study
Major/interests (optional)

Why we collect it:

Verify your student status
Connect you with classmates
Provide personalized experiences
Ensure community safety

1.2 Content You Create

Twine Campus App (iPhone):

Messages and chat history
Posts in Circles (study groups)
Event details you create
Photos and files you share in the app

Remi Guardian (Desktop - Coming Soon):

Study conversations and queries
Uploaded study materials and notes
Generated flashcards and quizzes
Study session data and progress

1.3 Usage Information

Automatically collected across both products:

App interactions and features used
Device information (type, OS, app version)
IP address and approximate location

Twine Campus App specific:

Event attendance (via QR check-ins)
Study session duration in Circles
Campus social interactions

Remi Guardian specific (when launched):

Study session patterns and duration
Feature usage and preferences
Academic help request patterns

Analytics we track:

Feature popularity
User engagement patterns
Performance metrics
Error reports

1.4 Remi Guardian Interactions (Coming Soon)

Text queries and responses
Voice recordings (temporarily, for transcription)
Study preferences and patterns
Academic interests and subject focus
File uploads for study assistance

2. How We Use Your Information

2.1 Core Services

Twine Campus App (iPhone):

Enable connections with verified classmates
Deliver messaging, events, and Circles features
Personalize campus event recommendations
Maintain safety within campus communities

Remi Guardian (Desktop - Coming Soon):

Provide instant academic assistance
Generate personalized study plans and flashcards
Answer academic questions
Track study progress and patterns
Detect crisis situations for support resources

2.2 Cross-Product Benefits

Sync study preferences between products
Provide unified account management
Improve overall student experience

2.3 Communications

Service announcements for both products
Security alerts and important updates
New feature notifications
Event reminders (Twine Campus App)
Study reminders and tips (Remi Guardian)
Community guidelines updates

2.4 Improvements

Develop new features
Fix bugs and issues
Optimize performance
Understand user needs

3. Information Sharing

3.1 What Others See

Public to verified students at your university:

Your name and profile photo
Year and major (if provided)
Public posts in Circles
Events you create

Private unless you share:

Direct messages
Private Circle discussions
REMI conversations
Contact information

3.2 When We Share Information

We may share data with:

Service providers: Hosting, analytics, payment processing
AI providers: For Remi Guardian functionality (anonymized)
Legal requirements: Court orders, legal obligations
Safety: Imminent harm prevention
Business transfers: Mergers or acquisitions (with notice)

We never share with:

Data brokers
Advertisers
Universities (unless legally required)
Other students without your consent

3.3 Third-Party Integrations

University SSO: For student verification (Twine Campus App)
Payment providers: For Remi Guardian subscriptions (when launched)
Infrastructure: Supabase for backend services and data storage
AI providers: For Remi Guardian functionality (anonymized)

4. Data Security

4.1 How We Protect Your Information

We implement comprehensive security measures through our infrastructure provider, Supabase: • TLS/SSL encryption for all data in transit via Supabase's secure connections • Database encryption at rest through Supabase's PostgreSQL infrastructure • Row Level Security (RLS) policies for data access control • Supabase Auth for secure authentication • Regular security audits and monitoring • Real-time security updates from Supabase's SOC2-compliant platform

4.2 Message Security Architecture

Your messages are protected through: • Encrypted transmission between your device and Supabase servers • Secure storage in Supabase's managed PostgreSQL database • Row-level security policies enforcing access rules • Supabase's built-in audit logging

Infrastructure Transparency: Twine leverages Supabase's enterprise-grade infrastructure to deliver reliable, secure services. This architecture enables AI-powered study assistance, real-time messaging, and seamless synchronization while maintaining security through Supabase's proven platform.

4.3 Infrastructure Provider

Supabase as Our Backend: • All data is stored on Supabase's secure infrastructure • Supabase handles database encryption and security • We utilize Supabase Auth for user authentication • Real-time features powered by Supabase Realtime

This means your data benefits from Supabase's: • SOC2 Type II compliance • AWS infrastructure security • Automatic security patches • 24/7 infrastructure monitoring

4.4 Data Access Controls

Access to user data is managed through: • Supabase Row Level Security (RLS) policies • Database role segregation • Application-level permissions • Supabase dashboard access restricted to authorized personnel

Authorized access may occur for: • Essential platform operations • User support requests • Safety and compliance requirements • Legal obligations

4.5 Data Breaches

If a breach occurs, we will:

Notify affected users within 72 hours
Provide details of compromised information
Offer guidance on protective steps
Implement measures to prevent recurrence

5. Your Rights & Controls

5.1 Access Your Data

Request a copy of your information:

Profile data
Content you've created
REMI conversation history
Account activity logs

5.2 Control Your Information

You can:

Edit or delete your profile
Delete messages and posts
Leave Circles and events
Clear REMI history
Adjust privacy settings
Opt out of analytics

5.3 Delete Your Account

Via app settings:

Tap "Delete Account"
Confirm deletion
30-day recovery period
Permanent deletion after 30 days

What happens:

Profile removed
Messages deleted from your view
Events you created remain (anonymized)
Some data retained for legal/safety reasons

5.4 Data Portability

Export your data in JSON format:

Messages
Profile information
REMI conversations
Event history

6. Children's Privacy

Minimum age: 16 years old
Under 18 requires parental consent
We don't knowingly collect data from children under 16
Parents can request deletion: support@twinecampus.com

7. Remi Guardian Specific Privacy

7.1 How Remi Guardian Works (Coming Soon)

Study queries processed by AI partners
Personal information anonymized before processing
Conversations stored for study continuity
Voice recordings converted to text immediately, then deleted
Files uploaded for help are processed securely

7.2 Your Control

Delete individual study conversations
Clear all Remi Guardian history
Opt out of study improvement features
Download your study data anytime

7.3 Safety Features

Crisis detection triggers mental health resources
Academic integrity guidelines built-in
No human review of conversations without consent
Study patterns kept private from universities

8. Data Retention

8.1 Active Accounts

Retained while active:

Profile information (both products)
Recent messages in Twine Campus App (1 year)
Remi Guardian study history (6 months)
Event history from campus activities (1 semester)

8.2 Inactive Accounts

Reminder after 6 months inactive
Deletion after 12 months inactive
University verification expires yearly

8.3 After Deletion

May be retained for:

Legal obligations (up to 7 years)
Safety investigations (90 days)
Aggregated analytics (anonymized)

9. Location Information

9.1 How We Use Location

Show nearby events
Connect with local students
Provide campus-specific content
Emergency notifications

9.2 Your Control

Precise location optional
Use university location only
Disable location services
Clear location history

10. California Privacy Rights (CCPA)

California residents have additional rights:

Know what personal information is collected
Know if information is sold (we don't sell data)
Request deletion of personal information
Non-discrimination for exercising rights
Authorized agent requests accepted

To exercise rights: privacy@twinecampus.com

11. European Users (GDPR)

EU residents have rights to:

Access personal data
Rectification of inaccurate data
Erasure ("right to be forgotten")
Data portability
Object to processing
Withdraw consent

Data controller: Twine Campus, Inc. Contact: privacy@twinecampus.com

12. International Data Transfers

Data processed in the United States
EU-US Data Privacy Framework participant
Standard contractual clauses implemented
Appropriate safeguards in place

13. Cookies & Tracking

13.1 Technologies Used

Essential cookies for functionality
Analytics cookies (optional)
No advertising cookies
Local storage for app preferences

13.2 Your Choices

Disable analytics in settings
Clear app data anytime
Browser cookie controls
Do Not Track honored

14. Changes to Privacy Policy

Review updates in-app
Email notification for material changes
30-day notice for significant changes
Previous versions available on request

15. Contact Us

Privacy Questions

Email: privacy@twinecampus.com
Response time: Within 48 hours

Data Requests

Email: privacy@twinecampus.com
Portal: twinecampus.com/privacy

General Support

Email: support@twinecampus.com
In-app: Settings > Help

Mailing Address

Twine Campus, Inc.
Attn: Privacy Team
[Address to be determined]

Data Protection Officer

legal@twinecampus.com

16. Specific State Rights

16.1 Nevada

Nevada residents may opt out of sale of personal information (we don't sell data): privacy@twinecampus.com

16.2 Vermont

Vermont residents have additional data broker rights (we're not a data broker).

16.3 Virginia

Virginia Consumer Data Protection Act rights available: privacy@twinecampus.com

17. Legal Basis for Processing

We process data based on:

Consent: You agree via Terms of Service
Contract: Necessary to provide Services
Legitimate interests: Safety, improvements
Legal obligations: Compliance requirements

18. Special Categories

We don't intentionally collect:

Health data (except crisis support)
Religious or political views
Sexual orientation
Genetic/biometric data

If shared in messages/posts, you control this information.

19. Infrastructure and Data Handling

Our Technology Stack

Twine is built on modern cloud infrastructure:

Backend Provider: Supabase • PostgreSQL database with encryption at rest • Built-in authentication and authorization • Real-time subscriptions for instant messaging • Automatic backups and disaster recovery

What We Control: • Application logic and features • Database schemas and RLS policies • User experience and interface • Content moderation policies

What Supabase Handles: • Physical and network security • Database encryption and backups • Infrastructure compliance (SOC2) • Server maintenance and updates

Transparency About Access

Given our architecture: • Database queries can access message content when necessary • Supabase dashboard access is limited to authorized developers • We use RLS policies to restrict data access • All infrastructure access is logged by Supabase

Understanding Our Architecture

Before using Twine, please understand:

☑ We use Supabase as our complete backend infrastructure ☑ Your data is stored in Supabase's PostgreSQL database ☑ Encryption is handled by Supabase's platform ☑ This is standard practice for modern applications ☑ We can access data through database queries when necessary ☑ This architecture enables all of Twine's features

Why Our Infrastructure Choice Benefits You

Using Supabase means: • Enterprise-grade security without enterprise costs • Automatic security updates and patches • 99.9% uptime SLA from proven infrastructure • Your data is protected by industry leaders • We focus on features that matter to students • Lower costs = sustainable free tier for users

Trade-offs we're transparent about: • We rely on Supabase's security measures • Database access is technically possible for debugging • We don't control the physical infrastructure • Geographic data location depends on Supabase

20. Security Reports

Found a vulnerability? Report to: safety@twinecampus.com

Responsible disclosure program
Bug bounty available
Hall of fame recognition

21. Accessibility

This policy is available in:

Screen reader compatible format
Large print version
Plain language summary

Request alternatives: help@twinecampus.com

Your Privacy Matters

We're committed to protecting your privacy while helping you make the most of your college experience. If you have questions or concerns about our privacy practices, please don't hesitate to contact us.

Effective Date: This Privacy Policy is effective as of May 2025 and replaces all previous versions.

Twine Campus, Inc. is committed to transparency, user control, and data protection in accordance with global privacy standards.

Privacy Policy

Last Updated: January 2025

Our Privacy Commitment

Key Principles:

We never sell your personal data
You control your information
Transparency in our practices
Security by design

1. Information We Collect

1.1 Account Information

What we collect:

Name and email address
University affiliation
Phone number (for verification)
Profile photo (optional)
Year of study
Major/interests (optional)

Why we collect it:

Verify your student status
Connect you with classmates
Provide personalized experiences
Ensure community safety

1.2 Content You Create

Twine Campus App (iPhone):

Messages and chat history
Posts in Circles (study groups)
Event details you create
Photos and files you share in the app

Remi Guardian (Desktop - Coming Soon):

Study conversations and queries
Uploaded study materials and notes
Generated flashcards and quizzes
Study session data and progress

1.3 Usage Information

Automatically collected across both products:

App interactions and features used
Device information (type, OS, app version)
IP address and approximate location

Twine Campus App specific:

Event attendance (via QR check-ins)
Study session duration in Circles
Campus social interactions

Remi Guardian specific (when launched):

Study session patterns and duration
Feature usage and preferences
Academic help request patterns

Analytics we track:

Feature popularity
User engagement patterns
Performance metrics
Error reports

1.4 Remi Guardian Interactions (Coming Soon)

Text queries and responses
Voice recordings (temporarily, for transcription)
Study preferences and patterns
Academic interests and subject focus
File uploads for study assistance

2. How We Use Your Information

2.1 Core Services

Twine Campus App (iPhone):

Enable connections with verified classmates
Deliver messaging, events, and Circles features
Personalize campus event recommendations
Maintain safety within campus communities

Remi Guardian (Desktop - Coming Soon):

Provide instant academic assistance
Generate personalized study plans and flashcards
Answer academic questions
Track study progress and patterns
Detect crisis situations for support resources

2.2 Cross-Product Benefits

Sync study preferences between products
Provide unified account management
Improve overall student experience

2.3 Communications

Service announcements for both products
Security alerts and important updates
New feature notifications
Event reminders (Twine Campus App)
Study reminders and tips (Remi Guardian)
Community guidelines updates

2.4 Improvements

Develop new features
Fix bugs and issues
Optimize performance
Understand user needs

3. Information Sharing

3.1 What Others See

Public to verified students at your university:

Your name and profile photo
Year and major (if provided)
Public posts in Circles
Events you create

Private unless you share:

Direct messages
Private Circle discussions
REMI conversations
Contact information

3.2 When We Share Information

We may share data with:

Service providers: Hosting, analytics, payment processing
AI providers: For Remi Guardian functionality (anonymized)
Legal requirements: Court orders, legal obligations
Safety: Imminent harm prevention
Business transfers: Mergers or acquisitions (with notice)

We never share with:

Data brokers
Advertisers
Universities (unless legally required)
Other students without your consent

3.3 Third-Party Integrations

University SSO: For student verification (Twine Campus App)
Payment providers: For Remi Guardian subscriptions (when launched)
Infrastructure: Supabase for backend services and data storage
AI providers: For Remi Guardian functionality (anonymized)

4. Data Security

4.1 How We Protect Your Information

4.2 Message Security Architecture

4.3 Infrastructure Provider

This means your data benefits from Supabase's: • SOC2 Type II compliance • AWS infrastructure security • Automatic security patches • 24/7 infrastructure monitoring

4.4 Data Access Controls

Authorized access may occur for: • Essential platform operations • User support requests • Safety and compliance requirements • Legal obligations

4.5 Data Breaches

If a breach occurs, we will:

Notify affected users within 72 hours
Provide details of compromised information
Offer guidance on protective steps
Implement measures to prevent recurrence

5. Your Rights & Controls

5.1 Access Your Data

Request a copy of your information:

Profile data
Content you've created
REMI conversation history
Account activity logs

5.2 Control Your Information

You can:

Edit or delete your profile
Delete messages and posts
Leave Circles and events
Clear REMI history
Adjust privacy settings
Opt out of analytics

5.3 Delete Your Account

Via app settings:

Tap "Delete Account"
Confirm deletion
30-day recovery period
Permanent deletion after 30 days

What happens:

Profile removed
Messages deleted from your view
Events you created remain (anonymized)
Some data retained for legal/safety reasons

5.4 Data Portability

Export your data in JSON format:

Messages
Profile information
REMI conversations
Event history

6. Children's Privacy

Minimum age: 16 years old
Under 18 requires parental consent
We don't knowingly collect data from children under 16
Parents can request deletion: support@twinecampus.com

7. Remi Guardian Specific Privacy

7.1 How Remi Guardian Works (Coming Soon)

Study queries processed by AI partners
Personal information anonymized before processing
Conversations stored for study continuity
Voice recordings converted to text immediately, then deleted
Files uploaded for help are processed securely

7.2 Your Control

Delete individual study conversations
Clear all Remi Guardian history
Opt out of study improvement features
Download your study data anytime

7.3 Safety Features

Crisis detection triggers mental health resources
Academic integrity guidelines built-in
No human review of conversations without consent
Study patterns kept private from universities

8. Data Retention

8.1 Active Accounts

Retained while active:

Profile information (both products)
Recent messages in Twine Campus App (1 year)
Remi Guardian study history (6 months)
Event history from campus activities (1 semester)

8.2 Inactive Accounts

Reminder after 6 months inactive
Deletion after 12 months inactive
University verification expires yearly

8.3 After Deletion

May be retained for:

Legal obligations (up to 7 years)
Safety investigations (90 days)
Aggregated analytics (anonymized)

9. Location Information

9.1 How We Use Location

Show nearby events
Connect with local students
Provide campus-specific content
Emergency notifications

9.2 Your Control

Precise location optional
Use university location only
Disable location services
Clear location history

10. California Privacy Rights (CCPA)

California residents have additional rights:

Know what personal information is collected
Know if information is sold (we don't sell data)
Request deletion of personal information
Non-discrimination for exercising rights
Authorized agent requests accepted

To exercise rights: privacy@twinecampus.com

11. European Users (GDPR)

EU residents have rights to:

Access personal data
Rectification of inaccurate data
Erasure ("right to be forgotten")
Data portability
Object to processing
Withdraw consent

Data controller: Twine Campus, Inc. Contact: privacy@twinecampus.com

12. International Data Transfers

Data processed in the United States
EU-US Data Privacy Framework participant
Standard contractual clauses implemented
Appropriate safeguards in place

13. Cookies & Tracking

13.1 Technologies Used

Essential cookies for functionality
Analytics cookies (optional)
No advertising cookies
Local storage for app preferences

13.2 Your Choices

Disable analytics in settings
Clear app data anytime
Browser cookie controls
Do Not Track honored

14. Changes to Privacy Policy

Review updates in-app
Email notification for material changes
30-day notice for significant changes
Previous versions available on request

15. Contact Us

Privacy Questions

Email: privacy@twinecampus.com
Response time: Within 48 hours

Data Requests

Email: privacy@twinecampus.com
Portal: twinecampus.com/privacy

General Support

Email: support@twinecampus.com
In-app: Settings > Help

Mailing Address

Twine Campus, Inc.
Attn: Privacy Team
[Address to be determined]

Data Protection Officer

legal@twinecampus.com

16. Specific State Rights

16.1 Nevada

Nevada residents may opt out of sale of personal information (we don't sell data): privacy@twinecampus.com

16.2 Vermont

Vermont residents have additional data broker rights (we're not a data broker).

16.3 Virginia

Virginia Consumer Data Protection Act rights available: privacy@twinecampus.com

17. Legal Basis for Processing

We process data based on:

Consent: You agree via Terms of Service
Contract: Necessary to provide Services
Legitimate interests: Safety, improvements
Legal obligations: Compliance requirements

18. Special Categories

We don't intentionally collect:

Health data (except crisis support)
Religious or political views
Sexual orientation
Genetic/biometric data

If shared in messages/posts, you control this information.

19. Infrastructure and Data Handling

Our Technology Stack

Twine is built on modern cloud infrastructure:

What We Control: • Application logic and features • Database schemas and RLS policies • User experience and interface • Content moderation policies

What Supabase Handles: • Physical and network security • Database encryption and backups • Infrastructure compliance (SOC2) • Server maintenance and updates

Transparency About Access

Understanding Our Architecture

Before using Twine, please understand:

Why Our Infrastructure Choice Benefits You

20. Security Reports

Found a vulnerability? Report to: safety@twinecampus.com

Responsible disclosure program
Bug bounty available
Hall of fame recognition

21. Accessibility

This policy is available in:

Screen reader compatible format
Large print version
Plain language summary

Request alternatives: help@twinecampus.com

Your Privacy Matters

Effective Date: This Privacy Policy is effective as of May 2025 and replaces all previous versions.

Twine Campus, Inc. is committed to transparency, user control, and data protection in accordance with global privacy standards.