Privacy Policy

Effective Date: March 25, 2025

Twever Inc. ("Twever," "we," "us," or "our") is a global social media platform committed to fostering creativity, connection, and innovation. This Privacy Policy governs the collection, use, disclosure, and protection of your personal information when you engage with our website (www.twever.com), mobile applications, APIs, and all associated services (collectively, the "Services").

By using Twever, you consent to the practices described herein. This policy complies with an extensive array of international data protection regulations, including the GDPR (EU), CCPA/CPRA (California), LGPD (Brazil), PIPEDA (Canada), APPI (Japan), and more, ensuring a world-class standard of privacy protection.

1. Information We Collect

We collect diverse data to deliver a personalized and secure experience:

Identity Data: Username, email address, hashed password, and optional profile details (e.g., display name, bio, avatar, birthdate for age verification).
Content Data: Posts, comments, messages, live battle entries, holo-streams, shop purchases, and user-generated media.
Usage Data: Interactions with features (e.g., Neural Spaces, Galactic Communities), search history, session duration, and clickstream data.
Technical Data: IP address, device type, OS version, browser details, unique identifiers, and network information.
Location Data: Approximate location from IP or precise geolocation (if enabled) for tailored content.
Transactional Data: Payment metadata (processed via third parties), reward redemptions, and purchase history.
Communication Data: Support requests, survey responses, and feedback submissions.
Biometric Data: Optional voice or facial recognition data (e.g., for Holo-Stream filters), with explicit consent.
Inferred Data: Derived insights (e.g., preferences, interests) from your activity.

2. How We Collect Information

We use advanced methods to gather data responsibly:

Direct Interaction: Account registration, content creation, and support inquiries.
Automated Tools: Cookies, pixels, SDKs, and logs (see our Cookie Policy).
Third-Party Sources: Social logins, advertising partners, or analytics providers, with consent where required.
AI Analysis: Behavioral patterns and content analytics for personalization.
Public Data: Information you make publicly available on Twever (e.g., posts).

3. How We Use Your Information

We process your data to:

Enable core functionalities (e.g., Levels & Progression, Badges, Neural Spaces).
Personalize experiences, including content, themes, and recommendations.
Optimize Services via Quantum Analytics, A/B testing, and machine learning.
Secure the platform with encryption, fraud detection, and threat mitigation.
Facilitate communications (e.g., notifications, updates, support responses).
Deliver targeted or non-personalized ads, respecting regional preferences.
Comply with legal, regulatory, and contractual obligations worldwide.
Conduct research, develop new features, and enhance user safety.
Support community moderation and enforce policies.

4. How We Disclose Your Information

We do not sell your personal information. Disclosures are limited to:

User Consent: For sharing features or third-party integrations.
Service Providers: With vendors (e.g., hosting, payment processing) under strict DPAs.
Business Transactions: During mergers, acquisitions, or restructurings, with safeguards.
Legal Compliance: For subpoenas, investigations, or regulatory demands.
Protection: To prevent harm, fraud, or enforce our Terms of Service.
Aggregated Data: Anonymized insights for analytics, research, or ads.
Public Sharing: Content you choose to make public on Twever.

5. Your Privacy Rights and Choices

You have comprehensive rights, including:

Access: View or download your data.
Correction: Update inaccurate details.
Deletion: Remove your account or specific data, subject to legal limits.
Restriction: Limit processing under certain conditions.
Portability: Receive your data in a structured format.
Objection: Opt out of marketing, profiling, or automated decisions.
Consent Withdrawal: Revoke consent where applicable.
CCPA Rights: Opt out of sharing/selling (though we don’t sell data).
Cookie Management: Adjust via our consent tool.

6. Data Security

We employ industry-leading measures:

AES-256 and quantum-resistant encryption.
Zero-knowledge protocols for sensitive data.
Multi-factor authentication and SSO options.
ISO 27001, SOC 2 Type II compliance, and annual audits.
Real-time threat detection and incident response.
Secure development lifecycle (SDLC) for all features.

7. International Data Transfers

We transfer data globally, using:

Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs).
Adequacy decisions (e.g., EU-U.S. Data Privacy Framework, if applicable).
End-to-end encryption during transit.
Regional data residency options where mandated.

8. Children’s Privacy

Twever is not for users under 13 (or 16 where required):

Age verification at signup.
No intentional collection of minor data.
Immediate deletion of underage data upon discovery.
COPPA, GDPR-K, and local law compliance.

9. Third-Party Services

We integrate with:

Payment gateways (e.g., Stripe).
Authentication providers (e.g., OAuth).
Analytics and crash reporting tools.

These entities operate under their own policies.

10. Data Retention

We retain data as needed:

Active Accounts: While you use Twever.
Inactive Accounts: Archived after 12 months, deleted after 24 months.
Legal Holds: Up to 10 years for tax, audit, or litigation.
Backups: Up to 120 days in encrypted form.

11. Advertising and Tracking

Ad-related practices include:

Personalized Ads: Based on activity, with opt-out.
Non-Personalized Ads: Context-based in restricted regions.
Tracking Tech: Cookies, pixels, and SDKs, configurable via settings.
Ad Metrics: Anonymized performance data.

12. Automated Decision-Making

We use automation for:

Moderation: AI flags content, with human oversight.
Recommendations: Algorithmic content curation.
Fraud Detection: Behavioral anomaly detection.
Appeals: Right to contest significant decisions.

13. Intellectual Property and Data Ownership

Your rights to content:

You retain ownership of your creations.
We receive a non-exclusive license to host/display content.
Data generated by Twever (e.g., analytics) belongs to us.

14. Updates to This Privacy Policy

Changes are managed via:

Posting updates online.
Notifications for material changes (email, in-app).
Version history available upon request.

15. Region-Specific Provisions

EU/EEA (GDPR):

Legal bases: Consent, necessity, legitimate interest.
Rights: Erasure, restriction, supervisory authority complaints.

California (CCPA/CPRA):

Rights: Know, delete, opt-out of sharing.
Annual disclosure of data practices.

Brazil (LGPD):

Rights: Anonymization, data breach notifications.

Japan (APPI):

Purpose limitation and security safeguards.

Australia (Privacy Act):

APP compliance and breach reporting.

India (DPDP Act, if enacted):

Data fiduciary obligations and localization rules.

16. Data Breach Notification

In case of a breach:

Notification within 72 hours (GDPR) or as required.
Details on impact and mitigation steps.
Contact via email or in-app alerts.

17. Dispute Resolution

We offer:

Internal review within 30 days.
Mediation or arbitration options.
Regulatory recourse (e.g., FTC, EU DPAs).

18. Additional Legal Protections

We ensure:

Non-Discrimination: No penalties for exercising privacy rights.
Transparency Reports: Annual public disclosure of legal requests.
AI Ethics: Responsible use of AI in data processing.
Accessibility: Policy available in multiple languages upon request.

19. Contact Us

For privacy inquiries:

Email: [email protected]
EU DPO: [email protected]
Brazil ANPD Contact: [email protected]