Twivo Labs ("we", "us", "our") operates the Twivo Labs platform at twivolabs.com (the "Service"). This page tells you what personal data we collect, why, and your choices.
1. Data we collect
- Account data: name, email, hashed password.
- Brand data you create: brand names, handles, niches, presets, past scripts, generated content (scripts, hooks, captions, voiceovers, avatar renders), scheduling.
- Integration credentials: ElevenLabs and HeyGen API keys you connect. Stored server-side; never shown back in plain text.
- Instagram engagement data (when you enable Comment / DM Autopilot): incoming comment text on your own posts, IGSIDs of users who comment or DM, the replies and DMs your flows send. Used only to power the automation flows you configure; never sold or shared. Comment bodies are retained for 30 days; metadata (IGSID, timestamps) for 90 days for analytics; both purged immediately on request.
- Instagram insights: post-level metrics (plays, reach, likes, comments, saves, shares) for Reels you have published through Twivo. Used to auto-improve your hook generator. Retained for the life of the project.
- Billing: Razorpay payment metadata (payment ID, order ID, signature). We never see or store your card / UPI details.
- Usage logs: timestamps of pipeline runs and API calls for rate-limiting and abuse prevention.
2. How we use it
- To run the Service you signed up for.
- To bill you and prevent fraud.
- To send transactional email (verification, password reset, billing receipts).
- To improve the product (in aggregate; we never sell or share your scripts).
3. Third parties we send data to
- Anthropic (Claude) — your prompts, brand context, and (for Comment Autopilot) incoming comment text classified for intent + reply generation. Anthropic does not train on API content.
- Apify — public hashtag and search queries, to surface trending posts.
- Meta (Instagram / Facebook Graph API) — your IG Business connection token + the published content of Reels you publish through us; insight metrics we read back from your own Reels; and (for Comment / DM Autopilot) the replies/DMs your configured flows send back to commenters. We never message users you have not received an inbound comment or DM from first.
- ElevenLabs / HeyGen — only when YOU connect your own keys; calls hit YOUR account directly.
- Razorpay — payment processing.
- Resend — transactional email delivery.
- Vercel / Neon — hosting and database.
None of these vendors receive your password or your stored API keys.
4. Data retention
We keep your account and content for as long as your account is active. You can delete your data at any time by emailing hello@twivolabs.com; we will purge it within 14 days.
5. Your rights
You can: access, correct, export, or delete your data. Email hello@twivolabs.com for any request.
6. Security
Passwords are hashed with scrypt. Sessions use HTTP-only cookies signed with HMAC. API keys are stored server-side and only ever returned masked. We use TLS for all transit. No system is perfectly secure; report any concerns to security@twivolabs.com.
7. Children
The Service is not intended for users under 16. We do not knowingly collect their data.
8. Changes
We may update this policy. Material changes will be emailed to active subscribers.
9. Contact
Twivo Labs · India · hello@twivolabs.com