The plain-English version. We collect what we need to verify you, license your likeness, pay you, and prove consent. We don't sell your data. We don't train AI on your face without a separate licence. You can revoke at any time.
Who we are
Twinnin is operated by AI KAT Limited, a company registered in England and Wales. Our registered address is on file with Companies House. We are registered with the Information Commissioner's Office (ICO).
If you have any questions about this policy or want to exercise your rights, contact katrien@twinnin.ai.
What we collect
Twinnin collects two categories of data:
- Account & identity data — name, email, phone, address, payment details, government-issued ID for verification, and the answers you give us about your work, agency, and licensing preferences.
- Biometric & likeness data — verified scans of your face, voice samples (if you opt in), photos you submit to build your twin, and behavioural signatures created during liveness verification.
We also collect technical data (IP, device, browser) and usage analytics to keep the service running.
How we use it
We process your personal data on the following legal bases:
- To deliver the service you signed up for — performance of contract (UK GDPR Article 6(1)(b))
- To verify your identity and process biometric data — your explicit consent (Article 9(2)(a))
- To comply with legal obligations — including KYC, anti-fraud, and tax reporting (Article 6(1)(c))
- To protect our and others' legitimate interests — fraud prevention, security, and service operation (Article 6(1)(f))
Who we share data with
We share the minimum data necessary with:
- Brands and AI labs licensing your twin — but only after you've approved the specific licence. They receive only what's needed for that licence; never your full account data.
- Identity verification partners — to confirm you are who you say you are.
- Payment providers — Stripe and equivalent partners, to route your earnings.
- Cloud hosting providers — for secure storage of encrypted assets.
- Law enforcement — only where legally compelled.
We do not sell your data. We do not share your likeness with anyone you haven't approved.
How long we keep it
Account data is retained while your account is active and for up to 7 years after closure for tax and audit purposes. Biometric verification data is retained for the duration of any active licence plus a defined audit window. You can request deletion at any time, subject to legal retention obligations.
Your rights
Under UK GDPR you have the right to:
- Access your data and request a copy
- Correct inaccurate data
- Delete your data ("right to be forgotten")
- Restrict or object to processing
- Withdraw consent for biometric processing at any time
- Data portability
- Lodge a complaint with the ICO at ico.org.uk
International transfers
Where we transfer data outside the UK or EEA, we use approved transfer mechanisms — Standard Contractual Clauses, UK International Data Transfer Agreements, or transfers to adequacy-decision jurisdictions.
Security
Biometric data is encrypted at rest and in transit. Access is restricted to authorised personnel under role-based access control. We follow ISO 27001-aligned security practices.
Changes to this policy
If we update this policy, we'll email registered users at least 30 days before changes take effect. Material changes require renewed consent for ongoing biometric processing.
Questions? Email katrien@twinnin.ai directly. The founder reads everything.