Privacy Policy

Last Updated: June 7, 2026

Table of Contents

1. Introduction

This Privacy Policy explains how TwistMe ("we", "us", or "our") collects, uses, stores, and discloses personal data when you access or use the TwistMe website (the "Site") and related services (collectively, the "Service").

This Privacy Policy should be read together with our Terms of Service. If you do not agree with the practices described in this Privacy Policy, please do not use the Service.

For purposes of this Privacy Policy, "Personal Data" means any information relating to an identified or identifiable natural person, as defined under applicable data protection laws.

2. Personal Data We Collect

We may collect Personal Data from you in the following ways:

The types of Personal Data we collect depend on how you use the Service and which features you choose to access.

Depending on applicable law, we may also collect limited account, payment, usage, device, and third-party login information as further described below.

3. Personal Data You Provide Directly

When you use the Service, you may provide the following categories of Personal Data:

4. Image Data and Facial Information

4.1 Scope of Visual Content Processing

When you submit images, videos, or other visual material to the Service — some of which may include people's faces — those inputs are processed in order to produce AI-generated videos, images, or other visual outputs on your behalf. Producing the result you ask for typically requires certain automated computer-vision steps, which may include locating faces within a frame, identifying the main subject, estimating pose, evaluating composition, or examining other visual characteristics.

This kind of analysis happens only because you have actively asked for a particular creation — for example, turning a still image into a short video, generating motion from a first and last frame, applying a template effect, creating an image from a text prompt, transforming one image into another, or using any of our other AI creation tools. We do not repurpose facial information to identify who you are, to verify your identity, to monitor your behavior, to track you across services, to target advertising at you, or to construct a biometric profile.

4.2 Facial Data, Biometrics, and What That Means in Practice

TwistMe is a service for AI-driven video and image creation. If your creation involves a person — for instance, a portrait you wish to animate — you are welcome to upload such material.

So that the resulting video looks coherent, and so that a person's appearance remains stable across different frames, scenes, or template variations, we may carry out a bounded amount of technical inspection on what you submit. A typical example is checking whether a frame actually contains a face or a human subject. This is performed strictly to deliver what you requested — bringing a photograph to life, applying a template style, or holding a character's look consistent throughout a generated clip.

Facial information is never used as a tool for recognizing or authenticating individuals. It is not used for identity checks, monitoring, behavioral tracking, advertising, audience profiling, or any form of biometric examination.

We do not generate, retain, or hold on file any face template, facial geometry signature, biometric identifier, or comparable data record that could be tied back to a specific person.

4.3 Use of Third-Party AI Providers for Content Generation

Delivering AI-driven creation, along with the content-safety checks that accompany it, can require collaborating with external AI infrastructure. To make this possible, material you voluntarily submit — such as images, videos, text prompts, generation parameters, template choices, task metadata, and the technical information needed to process the request — may be transmitted to our servers and onward to selected third-party AI providers.

At present, the third-party AI providers we may rely on include:

These providers are limited to handling data only insofar as it is necessary to complete the AI generation, moderation, or related task that you have requested. We have not authorized — and do not request — any of them to deploy your uploaded images, videos, facial information, or any analysis derived from them for identity recognition, identity verification, monitoring, tracking, advertising targeting, the construction of facial-recognition databases, or the building of biometric profiles.

For details on how each provider addresses faces, biometrics, data use, retention, model training, or security, please consult the corresponding official documentation below:

Regardless of which third-party provider is involved on a given request, we will not sell or rent your uploaded images, videos, facial information, or any derived facial-analysis output. And unless you have given us clear and explicit permission, your uploaded images, videos, and facial information will not be used to train any machine learning model that we operate.

4.4 How Long Image and Facial Data Are Kept

Uploaded images, videos, text prompts, generation parameters, generated outputs, and the task metadata that accompanies them are handled only for as long as the Service genuinely needs them to function.

Facial-analysis records, biometric templates, and facial-geometry signatures that could identify a particular individual are not stored. Any transient face-related visual data that is consulted during a generation request is discarded — or simply not retained — once the task has been completed.

The content you submit, the results we generate, and the associated task records may, however, be kept for a reasonable window of time in order to display results back to you, support history and re-access, defend the Service against abuse, conduct content moderation, diagnose failures, respond to user inquiries, and meet legal obligations we are subject to. If you would like such data removed, you may reach out to us in line with this Privacy Policy.

4.5 Things We Will Not Do With Your Data

Your uploaded images, videos, facial information, and any facial-analysis output we derive from them are not sold or rented to anyone.

Uploaded images, videos, and facial information are never repurposed for identity verification, authentication, surveillance, behavioral tracking, advertising targeting, or building biometric profiles.

And — except where you have specifically and affirmatively consented — none of your uploaded images, videos, or facial information will be used to train machine learning models that we own or operate.

4.6 Safety Tooling and Reporting

Automated safety systems help us spot and intercept generations or displayed content that could run afoul of our Terms of Service, including (without limitation) nudity, violence, unlawful material, or other content categories we deem inappropriate. On template pages and result pages you will find a clearly placed Report entry point, so anything problematic can be flagged for our review.

Where our systems conclude that a particular request or its output is likely to breach the Terms of Service, you may see a notice; the generation may be blocked or its result withheld; and, depending on the circumstances, the Gems consumed by that generation may be returned to your balance.

5. Personal Data Collected Automatically

When you use the Service, we may automatically collect certain information, subject to applicable consent requirements. For clarity, this information falls into the following categories:

5.1 Usage and Technical Data

5.2 Transaction Metadata

Payment processing is handled by third-party payment processors. We do not store your full credit card information.

5.3 Advertising and Attribution Identifiers

We use cookies, web beacons, and similar technologies to collect information about your browsing activities. You can manage your cookie preferences through your browser settings. If you opt-out, some features of the Site may not function properly.

5.4 Log and Diagnostic Data

5.5 Browser Permissions

The Site may request access to your camera or file system via your browser’s permission prompts to allow for image/video uploads.

6. How We Use Personal Data

6.1 Purposes of Processing

We process Personal Data for the following purposes, subject to applicable law:

  • To provide and operate the Service and its features;
  • To process user requests and generate requested outputs;
  • To provide customer support and respond to inquiries;
  • To monitor usage, analyze performance, and improve the Service;
  • To ensure security, prevent fraud, and prevent abuse;
  • To comply with legal obligations and enforce our Terms of Service;
  • For any other purpose disclosed at the time of collection or with your consent.

6.2 Legal Bases for Processing

Where required by applicable law, we rely on one or more of the following legal bases to process Personal Data:

  • Performance of a contract, where processing is necessary to provide the Service;
  • Your consent, where you have been asked to provide it;
  • Our legitimate interests, where those interests are not overridden by your rights and freedoms;
  • Compliance with legal obligations.

7. Disclosure of Personal Data

We disclose Personal Data only where it is lawful, necessary, and proportionate for the purposes described in this Privacy Policy. For clarity, disclosures may occur in the following circumstances:

7.1 Service Providers and Business Partners

We may share Personal Data with third-party service providers and business partners who assist us in operating, maintaining, and improving the Service. These providers process Personal Data on our behalf and only for the purposes specified by us, subject to contractual confidentiality and security obligations. Such providers may include, for example:

  • analytics and measurement providers;
  • attribution and advertising measurement providers;
  • cloud hosting and infrastructure providers;
  • authentication and identity management services;
  • app stability and crash reporting services;
  • customer support and communication service providers.

7.2 Legal and Regulatory Disclosures

We may disclose Personal Data if we believe in good faith that such disclosure is necessary to:

  • comply with applicable laws, regulations, legal processes, or lawful requests from public authorities;
  • enforce our Terms of Service, policies, or agreements;
  • detect, prevent, or address security, fraud, or technical issues;
  • protect the rights, property, or safety of users, ourselves, or others, as required or permitted by law.

7.3 Business Transfers

If we are involved in a merger, acquisition, reorganization, bankruptcy, or sale of some or all of our assets, Personal Data may be transferred as part of that transaction. Where required by applicable law, we will take reasonable measures to notify you and ensure appropriate protections are in place.

8. Cookies, SDKs, and Tracking Technologies

We and our partners may use cookies, SDKs, and similar technologies to collect information about how you use the Service. These technologies help us provide functionality, analyze usage, and support advertising and measurement activities.

Types of technologies may include functional technologies (required for core features), measurement and analytics technologies, and marketing or attribution technologies where permitted by law.

You can manage tracking preferences through your device settings. Please note that disabling certain technologies may limit functionality of the Service.

Do Not Track. Some browsers or devices offer a "Do Not Track" signal. Because there is no uniform standard for interpreting these signals, we do not currently respond to them.

9. Data Security

9.1 Data Security Measures

We implement reasonable technical and organizational measures to protect Personal Data against unauthorized access, loss, misuse, or alteration. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9.2 Data Retention

We retain Personal Data only for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary depending on the type of data and purpose of processing.

If you delete your account or request deletion of Personal Data, we will delete or anonymize such data unless retention is required by law.

9.3 Account Deletion and Data Control

You can delete your account at any time from the Account page within the Service. When you delete your account, we will delete or anonymize your Personal Data associated with your account, unless we are required or permitted by law to retain certain information (for example, for compliance, dispute resolution, fraud prevention, or security purposes). Please note that account deletion is permanent and irreversible.

Upon account deletion, any unused account assets or entitlements associated with your account—such as unused Gems/tokens—will be forfeited and cannot be recovered. We do not provide cash refunds for unused assets after account deletion, except where required by applicable law.

10. Children's Privacy

The Service is not intended for children under the age required by applicable law (for example, 18). We do not knowingly collect Personal Data from children under 18. If you believe that a child has provided Personal Data to us, please contact us so that we can take appropriate action.

11. Third-Party Services

Running the Service relies on a number of external building blocks — third-party SDKs, APIs, and service vendors — that together enable us to operate, safeguard, analyze, and continuously refine the product. They also power feature areas such as AI content generation, content-safety moderation, account sign-in, purchase verification, crash reporting, marketing attribution, and user support.

Where these external providers handle personal data, they do so under our instructions and only as far as is genuinely required to deliver the service in question. We expect — and contractually require where appropriate — that they apply suitable confidentiality, security, and data-protection practices.

The categories of Third-Party Services that may be involved include:

  • AI-driven content generation services;
  • AI-driven content-safety and moderation services;
  • Cloud hosting, computing, and data-storage services;
  • Account sign-in and identity-management services;
  • App-stability, crash-analytics, and diagnostic services;
  • Analytics, measurement, and attribution services.

At the time of writing, the specific Third-Party Services in use are listed below:

Third-Party Services Currently in Use:

The independent privacy practices of these Third-Party Services sit outside our control, and we recommend that you consult the policies above to understand how each of them handles data. This list will be revised over time to reflect the providers actually used by the Service.

12. GDPR (European Economic Area, United Kingdom, and Switzerland)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and related local data protection laws apply to our processing of your Personal Data.

Legal bases for processing

We process Personal Data only where we have a valid legal basis to do so, including:

  • Performance of a contract, where processing is necessary to provide the Service you request;
  • Your consent, where you have been asked to provide it;
  • Our legitimate interests, where those interests are not overridden by your rights and freedoms;
  • Compliance with legal obligations.

Your rights

Subject to applicable law, you have the following rights with respect to your Personal Data:

  • The right to access your Personal Data;
  • The right to correct or update inaccurate or incomplete Personal Data;
  • The right to request deletion of your Personal Data;
  • The right to restrict or object to certain processing activities;
  • The right to data portability;
  • The right to withdraw consent at any time, where processing is based on consent.

To exercise these rights, please contact us using the information provided in the Contact Information section below. You also have the right to lodge a complaint with your local data protection authority.

13. CCPA and CPRA (California Residents)

If you are a resident of California, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your Personal Data.

Categories of Personal Data

We collect the categories of Personal Data described in this Privacy Policy for the purposes outlined above.

Your rights

Subject to applicable law, California residents have the right to:

  • Know what Personal Data we collect, use, disclose, and share;
  • Request deletion of Personal Data, subject to legal exceptions;
  • Request correction of inaccurate Personal Data;
  • Opt out of the sale or sharing of Personal Data, where applicable;
  • Not be discriminated against for exercising privacy rights.

Do Not Sell or Share

Where required by law, you may opt out of the sale or sharing of Personal Data used for targeted or cross context behavioral advertising.

Authorized agents

California residents may designate an authorized agent to submit requests on their behalf, subject to verification requirements.

Requests to exercise CCPA/CPRA rights may be submitted by contacting us using the information provided below. We may need to verify your identity before processing your request.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If changes materially affect your rights, we will provide notice or obtain consent as required by law. The updated Privacy Policy will be effective as of the date indicated above.

15. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, you may contact us at:

Email: help@twistme.ai