Privacy Policy

            Last Updated: July 1, 2025

            Effective Date: July 1, 2025

TWOMSYS Corp. ("Company," "we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile applications, websites, and related services (collectively, the "Services").

We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Personal Information Protection and Electronic Documents Act (PIPEDA), Japan's Personal Information Protection Act, and other relevant privacy legislation.

Legal Basis for Processing: We process your personal information based on:

Your consent
Performance of our contract with you
Compliance with legal obligations
Legitimate interests (where not overridden by your rights)

1. Information We Collect

1.1 Information You Provide Directly

Data Category	Specific Information	Purpose	Legal Basis
Account Information	Name, email address, username	Account creation and management, authentication	Contract performance, Consent
Profile Information	Profile photos, bio, preferences	Service personalization, user experience	Consent
Communication Data	Messages, posts, comments, support inquiries	Service provision, customer support	Contract performance, Consent
Payment Information	Payment method details, transaction history	Payment processing, fraud prevention	Contract performance, Legal obligation

1.2 Information Collected Automatically

Data Category	Specific Information	Purpose	Legal Basis
Device Information	Device ID, operating system, app version, device model	Service optimization, technical support	Legitimate interest
Usage Data	App interactions, features used, session duration	Service improvement, analytics	Legitimate interest, Consent
Log Data	IP address, access times, pages viewed, clickstream data	Security, fraud prevention, system administration	Legitimate interest, Legal obligation
Location Data	Approximate location (if enabled)	Location-based features, content personalization	Consent

1.3 Third-Party Integration Data

When you connect third-party services to our app:

Google: Name, email address, profile picture
Apple: Name, email address (or relay email)
Social Media: Profile information you choose to share

1.4 Special Categories of Data

We do not intentionally collect sensitive personal information such as health data, biometric data, or information about political opinions, religious beliefs, or sexual orientation unless explicitly required for specific features and with your explicit consent.

2. How We Use Your Information

Purpose	Data Used	Legal Basis
Provide and maintain Services	Account info, usage data, device info	Contract performance
Personalize user experience	Profile info, usage patterns, preferences	Consent, Legitimate interest
Process payments	Payment information, transaction data	Contract performance
Customer support	Communication data, account info	Contract performance
Security and fraud prevention	Log data, device info, usage patterns	Legitimate interest, Legal obligation
Analytics and improvements	Usage data, performance metrics	Legitimate interest, Consent
Marketing communications	Contact information, preferences	Consent
Legal compliance	All data as necessary	Legal obligation

3. Data Sharing and Disclosure

3.1 Service Providers

We share data with trusted service providers who assist us in operating our Services:

Cloud Storage: Google Cloud Platform, Amazon Web Services
Analytics: Google Analytics, Firebase Analytics
Payment Processing: Stripe, Apple Pay, Google Pay
Customer Support: Zendesk, Intercom
Marketing: Mailchimp, SendGrid

3.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

3.3 Legal Requirements

We may disclose your information when required by law, court order, or to protect our rights, property, or safety.

3.4 International Transfers

            Cross-Border Data Transfers: Your data may be transferred to and processed in countries other than your residence. We ensure appropriate safeguards are in place, including:
            Standard Contractual Clauses (SCCs)
Adequacy decisions by relevant authorities
Certification schemes where applicable

        

4. Data Retention

Data Type	Retention Period	Reason
Account Information	Until account deletion + 30 days	Service provision, dispute resolution
Usage and Log Data	3 months	Security, analytics
Payment Records	5 years	Legal compliance, tax requirements
Marketing Data	Until consent withdrawal	Marketing purposes
Support Communications	3 years	Customer service, quality assurance

5. Your Privacy Rights

Universal Rights

Regardless of your location, you have the following rights:

Access: Request information about data we process
Correction: Update or correct your personal information
Deletion: Request deletion of your personal information
Data Portability: Receive your data in a machine-readable format
Opt-out: Unsubscribe from marketing communications

Additional Rights (GDPR - EU/EEA/UK)

Restrict Processing: Limit how we use your data
Object: Object to processing based on legitimate interests
Withdraw Consent: Withdraw consent for consent-based processing
Lodge Complaints: File complaints with supervisory authorities

California Rights (CCPA/CPRA)

Know: What personal information we collect and how it's used
Delete: Request deletion of personal information
Opt-out: Opt-out of sale/sharing of personal information
Non-discrimination: Equal service regardless of privacy choices
Sensitive Information: Limit use of sensitive personal information

How to Exercise Your Rights

To exercise your privacy rights, contact us at:

Email: privacy@twomsys.com
In-app privacy settings
Privacy request form on our website

6. Cookies and Tracking Technologies

6.1 Types of Cookies We Use

Cookie Type	Purpose	Duration
Essential Cookies	Core app functionality, security	Session/Persistent
Analytics Cookies	Usage analytics, performance monitoring	Up to 2 years
Preference Cookies	User settings, personalization	Up to 1 year
Marketing Cookies	Advertising, remarketing	Up to 1 year

6.2 Cookie Management

You can control cookies through:

Browser settings
In-app privacy preferences
Third-party opt-out tools

7. Children's Privacy

Age Restrictions: Our Services are not intended for children under 13 (or 16 in the EU). We do not knowingly collect personal information from children under these ages. If we discover we have collected such information, we will delete it immediately.

Parental Rights: If you believe your child has provided us with personal information, please contact us immediately.

8. Data Security

We implement comprehensive security measures:

Encryption: Data encrypted in transit and at rest
Access Controls: Strict employee access controls
Security Monitoring: 24/7 security monitoring
Regular Audits: Security assessments and penetration testing
Incident Response: Established data breach response procedures

9. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

Notify relevant authorities within 72 hours (where required)
Inform affected users without undue delay
Provide clear information about the nature of the breach
Offer guidance on protective measures

10. Third-Party Links and Services

Our Services may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to such third parties. We encourage you to review their privacy policies.

11. Automated Decision-Making

We may use automated systems for:

Content recommendations
Fraud detection
Customer support routing

You have the right to request human review of automated decisions that significantly affect you.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes through:

In-app notifications
Email notifications
Website banners

Continued use of our Services after changes indicates acceptance of the updated policy.

13. Contact Information

Privacy Officer

Name: Kim Hyeon-woo

Title: CEO & Privacy Officer

Email: privacy@twomsys.com

Phone: +82-10-2642-6147

Address: [Company Address]

EU Representative (GDPR)

Email: eu-privacy@twomsys.com

UK Representative (UK GDPR)

Email: uk-privacy@twomsys.com

14. Supervisory Authorities

EU/EEA Data Protection Authorities

You can find your local data protection authority at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

UK Information Commissioner's Office

Website: https://ico.org.uk

Phone: 0303 123 1113

California Attorney General

Website: https://oag.ca.gov/privacy/ccpa

Canada - Office of the Privacy Commissioner

Website: https://www.priv.gc.ca

Phone: 1-800-282-1376

Japan - Personal Information Protection Commission

Website: https://www.ppc.go.jp/en/

Jurisdiction-Specific Rights: Depending on your location, you may have additional privacy rights under local laws. This Privacy Policy is designed to provide comprehensive protection that meets or exceeds requirements in major jurisdictions.