PRIVACY POLICY – TWICE

1. Introduction

Thank you for using Twice!

Twice is a secure communication platform that combines the power of modern messaging, an intelligent contact management tool, and a universal digital business card. By using Twice, you can:

  • exchange digital business cards that centralise your contact information,

  • chat via end-to-end encrypted messages ensuring that only you and your recipients can read them,

  • make VoIP calls without VPN, even in jurisdictions where voice-over-IP services are restricted,

  • use geolocation features to find contacts you have met recently or who are nearby,

  • benefit from an intelligent contact sorting and suggestion system based on criteria such as date, location or industry.

Our mission is to provide you with an innovative platform that respects your privacy while allowing you to take back control of your digital, personal and professional interactions.

1.1 Importance of data protection

Protecting your personal information is a responsibility we take very seriously. We know that in a world where data has become an essential resource, the trust you place in our service is paramount.

To this end, we have designed Twice in accordance with the following principles:

  • Data minimisation: we only collect the information strictly necessary to provide our Services.

  • Transparency: we clearly explain what data we collect, why we use it, how long we keep it and with whom it may be shared.

  • User control: you have settings to manage your information, contacts and privacy preferences.

  • Security: we use advanced encryption technologies and strict access controls to protect your information from unauthorised access.

  • Compliance with international legislation: we comply with the applicable legal standards in the jurisdictions where we operate, including:

    • the General Data Protection Regulation (GDPR) for the European Economic Area,

    • UK GDPR in the United Kingdom,

    • the California Consumer Privacy Act (CCPA) in California,

    • the Lei Geral de Proteção de Dados (LGPD) in Brazil,

    • the Personal Data Protection Act (PDPA) in Singapore,

    • the laws of the United Arab Emirates (DIFC, ADGM, federal data protection laws),

    • and other relevant local laws in your country of residence.

As a Twice user, you therefore benefit from a protective legal framework suited to your country, as well as the guarantees offered by our voluntary commitment to privacy.

1.2 Reference to the Terms of Use

This Privacy Policy is a contractual document that supplements our Terms of Use (ToU). It specifies Twice's commitments regarding the collection, use, storage and protection of your personal data, as well as the rights available to you.

By using our Services, you simultaneously accept:

  1. The Twice Terms of Use, which define the rules for using the application, and

  2. This Privacy Policy, which describes our practices regarding personal data.

In the event of any conflict between the two documents, the provision that is most protective of the user's privacy shall prevail.

By creating a Twice account, you acknowledge that you have read and understood this Policy. You accept that your data will be processed in accordance with it, in compliance with applicable laws. If you do not accept this Policy, you must not use our Services. You may, however, withdraw your consent at any time by deleting your account and your data, as explained in Section 7. Data retention and 12. Your rights.

2. Scope and application

2.1 Users concerned

This Privacy Policy applies to all persons who:

  • create a Twice account,

  • use the Twice mobile application, desktop version or official website,

  • interact with our Services (messaging, calls, digital business cards, geolocation, etc.),

  • or contact us for technical support, assistance or any other official communication.

It applies regardless of the jurisdiction in which you are located, subject to the country-specific addenda referred to in Section 12 – Your rights.

👉 This Policy does not apply, however, to:

  • independent third-party services you may use via Twice (e.g. payment solutions such as Apple Pay, Google Pay or Stripe),

  • websites or applications accessible via external links in Twice,

  • content shared by other users on third-party platforms.

In these cases, your data is subject to the privacy policies of those third-party services, not this Policy.

2.2 Difference between own services and third-party services

It is important to distinguish between two types of services:

  1. Twice's own services:

    • End-to-end encrypted messaging,

    • VoIP calls without VPN,

    • Digital business card exchange,

    • Intelligent contact sorting and suggestions,

    • Secure geolocation features,

    • Management of your profile and privacy settings.

  2. 👉 For these services, Twice acts as data controller of your personal data, in accordance with applicable laws.

  3. Services provided by third parties via Twice:

    • Online payments and Pro and Premium subscriptions (e.g. Stripe, Apple Pay, Google Pay),

    • Cloud hosting and technical services (e.g. infrastructure providers),

    • Integrations with professional tools or social networks (e.g. Zoom, Instagram, LinkedIn, calendars).

  4. 👉 For these services, Twice acts only as a technical intermediary. Your data is processed directly by these third parties in accordance with their own privacy policies.

We nevertheless strive to work only with partners who comply with international data protection standards.

2.3 Use on behalf of an organisation

If you use Twice on behalf of a company, association, public administration or any other organisation (the "Organisation"):

  • You must inform the individuals concerned (employees, members, agents) of how their data is collected and used via Twice.

  • You must ensure that you obtain their prior consent where required by applicable law.

  • You accept that data communicated by your Organisation may be processed by Twice in accordance with this Policy.

In this context, the rights granted to the individuals concerned (see Section 12 – Your rights) also apply, and any request to exercise rights must be sent to Twice, even if the data was provided by your Organisation.

2.4 Scope limitation

This Policy does not apply to:

  • data collected offline (e.g. at physical events organised by Twice, unless expressly stated),

  • communications made outside our Services (e.g. direct emails sent by third parties without going through Twice),

  • data voluntarily published by users on public social networks.

If you have any doubts about the scope of this Policy, please contact us (see Section 15 – Contact).

3. Definitions

To ensure a clear and precise understanding of this Privacy Policy, the following terms shall have the meaning described below. These definitions apply in all contexts unless otherwise stated.

3.1 Personal data

"Personal Data" means any information, alone or combined with others, that allows a natural person to be identified directly or indirectly.

Examples:

  • Phone number, email address, first and last name, profile photo.

  • Unique identifier assigned by Twice (e.g. account ID).

  • Professional data on a digital business card (job title, industry, company).

  • Technical data associated with your device if it allows you to be identified (e.g. fixed IP address).

Personal Data also includes information voluntarily provided by the user when using the Services.

3.2 Location data

"Location Data" means any information that makes it possible to determine or estimate your geographical position.

It may come from several sources:

  • GPS: precise geographical coordinates of your device.

  • IP address: approximate location based on your Internet service provider.

  • Wi-Fi or cell towers: approximate location detection.

  • Geotagged information: voluntary addition of a place in a post (e.g. mention of a city on a digital business card).

Example of use in Twice:

  • Enable the "nearby users" option to find contacts within a 50-metre radius.

  • Find a contact by filtering by recorded meeting location.

3.3 Connection data

"Connection Data" means all information generated automatically when you access our Services.

It includes in particular:

  • IP address, device type and model, operating system, application version, language, time zone.

  • Information relating to the network used (mobile operator, Wi-Fi, connection quality).

  • Technical logs: date, time, connection duration, errors encountered.

  • Usage statistics: frequency of access to features (messaging, calls, digital business cards, geolocation).

Example: when making a VoIP call via Twice, we record the date, time and duration of the call for diagnostic purposes, but never the content of communications (which remains end-to-end encrypted).

3.4 Shared information

"Shared Information" means all data that you voluntarily choose to make visible to other Twice users.

It includes:

  • Your public profile (photo, industry, description).

  • Your digital business card (contact details, company, job title).

  • Content posted on your profile or sent via messaging (text, photos, videos, audio, statuses).

  • Information about you that may be shared by other users (e.g. when a contact adds you to their directory or mentions your business card).

Once shared, this information may be viewed, copied or saved by other users or third parties. Twice does not control how these parties use it.

3.5 Third-party providers

"Third-party providers" means any entity external to Twice that we use to provide certain services necessary for the proper functioning of the application.

Examples of third-party providers:

  • Hosting: server and data storage providers.

  • Security: cybersecurity specialists.

  • Payments: payment operators (Apple Pay, Google Pay, Stripe, etc.).

  • Messaging and VoIP: technical service providers facilitating the transmission of communications.

These providers only have access to the data strictly necessary to perform their tasks and are contractually required to comply with standards equivalent to those of Twice in terms of data protection.

4. Information collected

In order to provide our Services, ensure their security and improve them, we collect several categories of data. The types of data collected depend on how you use Twice and the settings you have enabled.

4.1 Account data (number, profile, industry, photo)

When creating a Twice account, you must provide:

  • Your mobile phone number (required): it is your unique identifier on the platform.

  • Name, first name, profile photo, industry, job title (required).

  • Optional information: social networks.

Example of use:

  • your number is used to identify you and verify your account;

  • your photo and industry may be visible on your digital business card.

Retention period: for as long as the account is active. Legal basis: performance of the contract (necessary for the provision of the service).

4.2 Messages and calls (encrypted, deletion after period)

Messages

Twice allows users to exchange messages. Message content is stored securely to allow continuous consultation by users, until the account is deleted by the user concerned.

Messages are permanently deleted from our systems when the account is deleted, in accordance with our data retention policy.

Twice does not use message content for advertising or profiling purposes.

Audio and video calls

The audio and video calls offered in the Twice application are provided by a third-party provider, namely Zoom, and are subject to that service's security and privacy conditions.

Twice does not store the content of audio or video calls. Twice does not have access to the content of voice or video communications exchanged during calls.

Multimedia files

Multimedia files sent via Twice are stored securely to allow access by users and are retained until the account is deleted, unless deleted earlier by the user.

Exclusions:

  • Group administrators may "pin" messages (which remain stored longer for group members).

  • A user may save a message to their "favourites" (the message then remains stored on their device, not on our servers).

Legal basis: performance of the contract.

4.3 Connection data (IP, device, OS, logs)

We automatically collect certain technical data when you use Twice:

  • IP address, device model, operating system type, language, time zone.

  • Application-related identifiers (installed version, session identifiers).

  • Technical logs: errors, crashes, diagnostics.

Example: if a VoIP call fails, our systems only record technical information related to the incident (such as error code, timestamp, network connection status, application version or device model), without ever recording the content of the call (audio or video).

Retention period: this data is retained only for as long as necessary for the purposes described above, then deleted or anonymised. This data is permanently deleted when the account is deleted.

Legal basis: legitimate interest (ensuring security, stability and improvement of the service).

4.4 Location data (GPS, IP, Wi-Fi)

Certain Twice features require the collection of your geographical position:

  • Nearby users: display of profiles of users located nearby (e.g. within a defined radius of your position).

  • Search by meeting place: find a saved contact by location.

  • Intelligent filtering: contact suggestions by city or geographical area.

Types of location collected

  • GPS data (only if location is enabled by the user),

  • IP address (approximate location by country or city),

  • Wi-Fi networks (approximate urban location).

Retention period

  • Real-time location data: used only during active use of the relevant features and not retained.

  • Location data associated with the account: retained for as long as the account is active and permanently deleted when the account is deleted.

Explicit user consent, which may be withdrawn at any time via device or application settings.

4.5 Contact data (address book import, contact management)

With your consent, Twice may access your address book to:

  • identify contacts already on Twice,

  • allow you to add them more easily,

  • automatically block calls or messages from unauthorised numbers (anti-solicitation protection).

Access to the address book is strictly limited to the features described above. Twice does not use contacts for advertising or profiling purposes.

You may withdraw this permission at any time from your device settings.

Data from the address book is permanently deleted when the account is deleted.

Legal basis: explicit consent.

4.6 Shared media (photos, videos, audio, statuses)

When you send or receive photos, videos, audio files or statuses via Twice:

  • this content is stored securely on our servers to allow display, consultation and use by the users concerned,

  • it remains accessible for as long as the account is active and the content is not deleted by the user.

All multimedia content is permanently deleted when the account is deleted.

Legal basis: performance of the contract (provision of messaging and content sharing features).

4.7 Payment and subscription data

If you subscribe to Twice Pro or Premium or make a purchase via the application:

  • we collect the necessary information (payment method, date, transaction amount),

  • payments are processed via approved external providers (Apple Pay, Google Pay, Stripe, etc.),

  • Twice never retains your full banking data (card numbers, security codes).

Retention period: according to tax legal obligations (5 to 10 years depending on jurisdiction). Legal basis: legal obligation + performance of the contract.

4.8 Customer support (tickets, logs, communications)

When you contact Twice support, we collect the information necessary to process your request, including:

  • your contact details (email address and, where applicable, phone number),

  • the information contained in your messages,

  • screenshots or technical logs that you voluntarily choose to share.

This data is used only to:

  • respond to your support request,

  • ensure support follow-up,

  • improve our services,

  • and, where applicable, manage or prevent a dispute.

Retention period: this data is retained for up to 3 years after the ticket is closed, unless a dispute requires longer retention.

Legal basis:

  • Performance of the contract (processing your support request),

  • Legitimate interest (service improvement and dispute management).

4.9 Surveys and polls

Twice may invite you to participate in optional surveys or polls. These surveys may collect:

  • general demographic information (e.g. industry, company size),

  • feedback on application use,

  • your preferences or suggestions.

Participation is voluntary, and responses are generally anonymised and used for statistical purposes.

Retention period: period indicated during the survey, then deletion or anonymisation. Legal basis: consent.

4.10 Summary table

Data type Purpose Retention period Legal basis
Account data Account creation and management Until account deletion Performance of contract
Messages and calls Encrypted transmission 72h max Performance of contract
Shared media File transmission 120h max Performance of contract
Location data Proximity-based services 3 months max Consent
Contact data Identify contacts already registered Until consent withdrawn Consent
Payments and subscriptions Billing management 5 to 10 years Legal obligation
Connection data Security, diagnostics, performance 90 days Legitimate interest
Customer support Issue resolution, support 3 years (unless dispute) Performance of contract
Surveys and polls Service improvement, statistics Period indicated Consent

5. Use of data

Twice uses your personal data only in compliance with applicable laws and in accordance with the purposes defined in this Policy. Each type of data collected is associated with one or more specific purposes.

5.1 Provision of services

Your data is used to ensure the basic operation of Twice, including:

  • Creation, management and authentication of your account.

  • Transmission of your messages and calls, with end-to-end encryption.

  • Display of your digital business cards.

  • Management of your privacy settings.

Example: your phone number is essential to verify your identity and activate your account.

Legal basis: performance of the contract.

5.2 Communication between users

Twice allows users to exchange securely:

  • Private messages,

  • Audio and video calls.

Communication data is used only to ensure the routing and proper functioning of exchanges between users.

Messages

Message content is stored securely to allow consultation by the users concerned. Messages remain accessible for as long as the account is active and are permanently deleted when the account is deleted.

Audio and video calls

Audio and video calls are provided by a third-party provider (Zoom). Twice does not store call content and does not have access to audio or video communications exchanged.

Legal basis: performance of the contract (provision of communication features within the application).

5.3 Intelligent contact sorting and suggestions

Twice includes an intelligent sorting system that allows you to organise your contacts according to various criteria:

  • industry,

  • date added,

  • meeting place,

  • geographical proximity.

  • mutual contacts

This processing helps you easily find a contact, even if you do not remember their exact name.

Example: if you met a professional at a trade show in Dubai on 5 July, you can search for "Dubai" or "July" to find their business card.

Legal basis: performance of the contract + legitimate interest (improving user experience).

5.4 Personalisation (language, industry, location)

We use your data to adapt your experience to your preferences. This includes:

  • The application display language.

  • Contact or event suggestions based on your industry.

  • Adaptation of services to your general location (e.g. time zone).

Example: if you are based in Paris, we may suggest nearby contacts in the same city or display the application in French.

Legal basis: performance of the contract / legitimate interest.

5.5 Security and anti-spam

Protecting our users is a priority. We use certain data (connection, logs, abnormal behaviour) to:

  • detect and block fraudulent accounts,

  • prevent spam and unsolicited solicitations,

  • combat abusive use of our Services,

  • investigate reports submitted by users.

Legal basis: legitimate interest + legal obligation (preventing fraud).

5.6 Technical support and diagnostics

Your data may be used to:

  • diagnose and resolve technical problems,

  • analyse logs in the event of an application crash,

  • provide personalised assistance.

Example: if you contact our support to report a call problem, we may analyse your connection logs to identify the cause (but never listen to or store the content of the call).

Legal basis: performance of the contract / legitimate interest.

5.7 Development and improvement of new features

Twice analyses certain data in an aggregated and pseudonymised manner to:

  • evaluate the performance of our services,

  • identify the most used features,

  • test new options (e.g. search filters, new business card sharing methods),

  • improve the overall application experience.

Example: if we find that most users use "meeting place" search, we may develop a more advanced module based on this data.

Legal basis: legitimate interest.

Finally, some of your data may be used to comply with our legal and regulatory obligations, for example:

  • respond to a legal or judicial request,

  • comply with tax obligations (retention of payment data),

  • cooperate with authorities in the event of a legitimate investigation.

Example: if a competent authority issues a legal request for disclosure of transaction data, we are required to comply, within the limits of applicable laws.

Legal basis: legal obligation.

6. Data sharing

Twice never sells your personal data to third parties. We share your information only in limited circumstances, strictly governed by law, this Policy and our contractual obligations.

6.1 With your authorised contacts

Certain information you choose to share via Twice is visible to your contacts:

  • your digital business card (name, photo, industry, contact details),

  • your messages, calls and statuses (only for the recipients you have chosen),

  • your profile information (photo, industry).

Example: if you exchange a digital business card with another user, they may keep your information in their Twice directory.

⚠️ Once shared, this information may be copied or saved by your contacts. Twice does not control how they use it.

6.2 With our service providers

We work with third-party providers who help us provide, secure and improve our Services. These partners only have access to the data necessary to perform their tasks and are contractually required to:

  • comply with standards equivalent to the GDPR,

  • not use your data for purposes other than those defined by Twice,

  • not retain your data beyond the necessary period.

Examples of providers:

  • Hosting and cloud (servers located in the United Arab Emirates, Europe and Singapore),

  • Payments (Apple Pay, Google Pay, Stripe),

  • SMS and VoIP services (SMS authentication, internet calls),

  • Security (fraud detection, attack protection).

6.3 With Twice affiliated companies

Twice may share certain data with its subsidiaries, parent companies or related companies when necessary to:

  • provide technical support,

  • develop or improve application features,

  • ensure legal and regulatory compliance.

All these entities comply with this Policy and apply equivalent levels of protection.

6.4 With businesses (integrations)

Twice allows you to interact with businesses through certain features (e.g. professional exchanges, integrations with LinkedIn, calendars or CRM systems).

In this case:

  • The data exchanged (e.g. contact details, appointments) may be visible to the businesses concerned.

  • Some businesses use providers to manage their communications (e.g. outsourced customer service).

  • These businesses are responsible for their own privacy practices.

⚠️ You should consult each business's privacy policy before sharing your data.

6.5 With judicial and regulatory authorities

We may be required to disclose your data if:

  • the law requires it (e.g. court order, judicial investigation),

  • it is necessary to prevent fraud, protect user safety, or respond to an imminent threat to a person's life or safety.

Example: if a user uses Twice for illegal activity (fraud, harassment), we may be required to cooperate with the competent authorities.

6.6 In the event of merger, acquisition or transfer

If Twice is involved in a merger, acquisition, restructuring or asset transfer, your data may be transferred to the replacing entity.

In this case:

  • You will be informed in advance,

  • The new operator will be required to comply at least with the guarantees provided for in this Policy,

  • You will have the option to delete your account if you refuse this transfer.

6.7 Contractual sharing guarantees

In all sharing cases, we apply the following guarantees:

  • Minimisation principle: only strictly necessary data is transmitted.

  • Legal framework: data protection contractual clauses, compliance audits.

  • Technical security: data encrypted during transfer.

  • User control rights: possibility to withdraw certain consents (e.g. geolocation, address book).

7. Data retention

Twice applies the storage limitation principle: we retain your personal data only for the period strictly necessary to achieve the purposes for which it was collected, unless a longer retention period is required or permitted by law.

Each category of data is subject to specific retention and deletion rules.

7.1 Messages

Twice allows users to exchange private messages.

Messages are stored securely on our servers to allow consultation by the users concerned and to ensure the proper functioning of the service.

Messages remain accessible for as long as the account is active and are not automatically deleted after sending or receiving.

All messages are permanently deleted when the account is deleted by the user.

⚠️ Messages saved locally on your devices (or those of your recipients) are not the responsibility of Twice.

  • 7.2 Media

  • Photos, videos, audio files and documents sent via Twice are stored securely on our servers to allow display, consultation and use by the users concerned.

  • This content remains accessible for as long as the account is active and is not automatically deleted after a fixed period.

  • All multimedia content is permanently deleted when the account is deleted by the user.

  • Media saved locally in the user's gallery or retained on a recipient's device are not the responsibility of Twice.

7.3 Technical logs

Twice does not maintain its own application-level technical logs.

Certain technical data may nevertheless be collected and processed by third-party providers used for the operation of the application, in particular:

  • by Apple, for iOS application diagnostics, crash reports and performance,

  • by Supabase, for hosting, authentication and backend infrastructure operation.

This data is used only for diagnostic, security, maintenance and service improvement purposes.

The retention of this data is governed by the respective retention policies of these providers. Data associated with an account is deleted or made inaccessible when the account is deleted, within applicable technical and legal limits.

7.4 Location data

  • Location data is used only in real time to provide certain application features (e.g. display of nearby users).
  • Location is provided by the iOS operating system (Apple) and only with the user's explicit consent.
  • Real-time location data is not stored by Twice and is deleted as soon as the session or use of the relevant feature ends, unless the user voluntarily chooses to associate a location with a business card or search.
  • Twice does not retain location history.

  • Transaction information (date, amount, payment method) is retained according to applicable legal and tax requirements.

  • This period generally varies between 5 and 10 years, depending on the jurisdiction (e.g. EU tax law vs UAE tax law).

  • Twice never retains your full bank card numbers or security codes.

7.6 Deleted accounts

When you choose to delete your account:

  • your profile, your digital business cards and all your account data are permanently deleted from our systems,

  • all your messages, content and data associated with the account are irreversibly deleted,

  • no personal data is retained after the account is deleted.

Account deletion results in permanent loss of access to all associated data and content.

⚠️ Content that may have been saved locally by your contacts (e.g. messages or media saved on their devices) is not the responsibility of Twice and cannot be deleted by Twice.

Certain data may be retained beyond the periods mentioned if:

  • the law requires it (e.g. retention of billing data),

  • it is necessary to resolve a dispute, enforce our ToU or protect our rights,

  • it is part of an ongoing judicial investigation.

In these cases, the data is isolated and protected by strict access controls.

7.8 Anonymisation and aggregation

Where possible, Twice favours anonymisation (removal of any direct identifier) or aggregation (data grouped for statistical purposes). This anonymised data can no longer identify users and may be retained without time limit for analysis, research or improvement of our services.

8. International transfers

Twice is a global application. In order to provide our Services reliably and securely, it is sometimes necessary for your data to be transferred and processed outside your country of residence.

8.1 Server location

Data collected by Twice is mainly stored and processed on servers located in:

  • United Arab Emirates (UAE): our main infrastructure, close to our headquarters, ensures compliance with local data protection laws.

  • European Union (EU): servers used for European users, to ensure compliance with the GDPR.

  • Singapore: strategic hub for Asia, with advanced data protection legislation (PDPA).

8.2 Reasons for transfers

Your data may be transferred to different countries for several reasons:

  • Hosting and infrastructure: use of international cloud servers to ensure optimal service availability.

  • Technical support: certain support and engineering teams, based in different countries, may access your data under defined conditions.

  • Payment processing: data related to transactions may be transferred to international operators (Stripe, Apple Pay, Google Pay).

  • Service improvement: certain anonymised or aggregated data may be processed by partners located outside your country of residence.

We apply the data transfer mechanisms provided by law to ensure that your information benefits from equivalent protection regardless of the country of processing. This includes:

  • Standard Contractual Clauses (SCCs) approved by the European Commission for transfers outside the EU.

  • Intra-group agreements between the different Twice entities and its partners.

  • Data protection impact assessments when required by law.

  • Specific contracts with our providers imposing security and confidentiality obligations.

8.4 Guarantees applied

We implement the following guarantees to protect your data during international transfers:

  • Data encryption in transit (TLS/SSL) and at rest.

  • Limited access to authorised persons only (need-to-know principle).

  • Regular audit of our providers and our data flows.

  • Contractual commitment of our partners to apply standards equivalent to the GDPR.

8.5 Your rights regarding transfers

In accordance with applicable laws (in particular the GDPR), you have specific rights regarding international transfers:

  • You may request information on the mechanisms used to govern these transfers.

  • You may obtain a copy of the standard contractual clauses implemented.

  • You may exercise your rights (access, rectification, deletion, objection) even if your data is stored abroad.

9. Security

The security of your personal data is an absolute priority for Twice. We implement a combination of technical, organisational and contractual measures to protect your information against any unauthorised access, use or disclosure.

9.1 Communication security and encryption

  • Twice implements technical and organisational security measures to protect communications and data exchanged via the application.

  • Communications between the application and our servers are protected by encryption protocols during transit (e.g. TLS) to prevent any unauthorised access.

    Messages

  • Message content is stored securely on our servers to allow consultation by the users concerned. Twice does not use message content for commercial or advertising purposes.

    Audio and video calls

  • Audio and video calls are provided by a third-party provider (Zoom) and benefit from the security and encryption mechanisms implemented by that service. Twice does not store call content and does not have access to audio or video communications exchanged.

    Multimedia files

  • Multimedia files are stored securely to allow use by the users concerned and are permanently deleted when the account is deleted.

9.2 Data encryption in transit and at rest

  • Data exchanged between your device and the servers used by Twice is protected by encryption protocols during transit (such as TLS/SSL) to prevent any unauthorised access.
  • Stored data is encrypted at rest by our hosting and technical service providers, in accordance with their security standards.
  • The management of encryption mechanisms, including key protection, is ensured by these providers according to their security and access control policies.

9.3 Authentication and account security

  • Each Twice account is associated with a unique phone number, verified during registration by means of an authentication code sent by SMS or voice call.
  • This mechanism ensures that only the holder of the number can access the account.
  • In the event of a change of device or phone number, new identity verification is systematically required to prevent any unauthorised access.

9.4 Strict internal controls

Access to personal data is limited:

  • Only authorised Twice personnel (technical support, security, compliance) may access certain data, and only in the course of their duties.

  • Internal logging systems record all access to detect any abuse.

  • Our service providers are subject to strict contractual clauses imposing confidentiality and security of data processed on our behalf.

9.5 Security testing and audits

  • We regularly conduct penetration tests and security audits on our systems.

  • We work with independent cybersecurity experts to identify and fix vulnerabilities.

  • We have implemented an incident management programme to respond quickly to any breach or attempted unauthorised access.

9.6 Limitations of Internet security

Although we deploy advanced measures, no data transmission over the Internet or storage system is 100% secure.

⚠️ You are responsible for:

  • maintaining the confidentiality of your login credentials,

  • protecting your devices with passwords or biometric systems,

  • reporting immediately any suspicion of unauthorised access to your account.

Twice cannot be held responsible for unauthorised access resulting from your negligence (e.g. lost device without lock).

9.7 Reporting security vulnerabilities

If you discover a flaw or vulnerability in the Twice application, you are invited to inform us immediately at: support@twice-messenger.com.

We are committed to investigating promptly and taking all necessary measures to correct the problem.

10. Advertising and commercial communications

Twice does not rely on intrusive advertising to fund its Services. We have designed our business model to protect your user experience and your personal data, while giving you full control over your commercial interactions.

10.1 No intrusive advertising

  • No third-party banner advertising is displayed in the Twice application.

  • We do not resell or rent your personal data to marketing or advertising companies.

  • We do not use your private conversations, calls or contacts to target you for advertising purposes.

👉 Unlike many social networks, Twice relies on a Pro and Premium subscription model (Twice Premium), and not on the exploitation of your data for advertising purposes.

10.2 Mandatory service notifications

Certain communications are necessary for the proper functioning of the application and cannot be disabled. These include:

  • security-related messages for your account (e.g. new login, number change),

  • notifications relating to Service availability (e.g. maintenance, critical updates),

  • alerts in the event of a security breach or incident affecting your data.

These communications are non-commercial and are sent in the legitimate interest of protecting your information.

10.3 Communications with businesses (if enabled)

Twice may allow you to communicate with businesses, partners or organisations via the application, for example:

  • consultation of their digital business card,

  • receipt of transactional notifications (appointment confirmation, payment reminder, delivery tracking),

  • secure professional message exchanges.

These communications are only possible if you have initiated or accepted contact with the business concerned.

⚠️ Note: when you interact with a business via Twice, the content of your exchanges may be accessible to several people within that business (e.g. customer service, sales team).

It is your responsibility to check these businesses' privacy policies to understand how they process your data.

10.4 Promotional communications (opt-in)

  • On an exceptional basis, Twice may offer you the option to receive information about new features, Premium offers or special events.

  • These communications are optional and require your prior consent ("opt-in").

  • You may withdraw this consent at any time via the application settings ("Manage my preferences").

10.5 Unsolicited interactions and anti-spam

Twice includes protection mechanisms against unsolicited commercial communications:

  • only contacts you have accepted or authorised can send you messages or call you,

  • any user who attempts to contact you without your authorisation may be blocked or reported,

  • in the event of repeated abuse (spam, solicitation), Twice reserves the right to suspend or delete the offending account.

11. Age restrictions

11.1 Minimum age required

The use of Twice is strictly reserved for persons aged 18 or over.

  • Any registration by a person under 18 is prohibited.

  • If a violation of this rule is detected, the minor's account will be immediately suspended and deleted.

Where local legislation requires a higher age to allow the processing of personal data (e.g. 21 in certain jurisdictions), the applicable minimum age will be that provided for by local law.

11.2 No collection of data concerning minors

Twice does not intentionally collect personal data relating to minors.

  • If we discover that we have collected information from a user under 18, this data will be immediately deleted.

  • If you believe a minor has created a Twice account, you may report it to: support@twice-messenger.com.

11.3 Prohibited content

To protect the integrity of the Twice community, the dissemination of the following content is strictly prohibited:

  • any sexually explicit content,

  • any violent, discriminatory or hate-inciting content,

  • any content deemed inappropriate or contrary to applicable laws.

⚠️ Any attempt to disseminate such content will result in the immediate and permanent suspension of the account concerned.

11.4 User responsibility

By creating an account, you declare and warrant that you are 18 years of age or older (or the minimum age required in your jurisdiction). Twice reserves the right to require age verification at any time, particularly in the event of doubt as to the authenticity of the information provided.

12. Your rights

Twice recognises fundamental rights for all its users in terms of personal data protection. These rights vary according to the user's country of residence, but we always apply a common foundation of transparency, control and security.

12.1 General rights applicable to all users

Regardless of your country of residence, you have the following rights regarding your personal data:

  • Right of access: obtain confirmation that we process your personal data and receive a copy.

  • Right to rectification: request the correction or update of inaccurate or incomplete data.

  • Right to erasure ("right to be forgotten"): request the deletion of your personal data and your account. Deletion of the account results in permanent deletion of all associated data.

  • Right to data portability: receive the personal data you have provided to Twice in a structured, commonly used and machine-readable format, when technically possible.

  • Right to object: object to certain processing of your data when it is based on legitimate interest.

  • Right to restriction of processing: request the temporary restriction of processing of your personal data, in particular in the event of a dispute as to its accuracy.

  • Withdrawal of consent: withdraw at any time your consent for processing based on it (for example: geolocation, address book access), without affecting the lawfulness of processing carried out before this withdrawal.

To protect the security of your data, we may ask you to verify your identity before responding to your request.

12.2 European Union users (GDPR)

If you reside in the EEA, your rights are governed by the General Data Protection Regulation (GDPR):

  • Legal bases for processing: performance of the contract, consent, legal obligation, legitimate interest.

  • You may lodge a complaint with the competent national authority (e.g. CNIL in France, AEPD in Spain).

12.3 United Kingdom users (UK GDPR)

If you reside in the United Kingdom, your rights are defined by the UK GDPR and the Data Protection Act 2018.

  • You may contact the Information Commissioner's Office (ICO) in the event of a complaint.

12.4 Swiss users

Swiss users benefit from the Federal Act on Data Protection (FADP).

  • You may exercise the rights of access, rectification and deletion.

  • You may lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC).

12.5 California users (CCPA / CPRA)

If you are a California resident, you benefit from specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know what categories of personal data we collect and why.

  • Right to deletion of your personal data, subject to legal exceptions.

  • Right to non-discrimination if you exercise your rights.

  • Right to opt-out to prohibit your data from being shared or sold to third parties (Twice never sells your data, but this right is guaranteed to you).

12.6 Brazilian users (LGPD)

If you reside in Brazil, your rights are guaranteed by the Lei Geral de Proteção de Dados (LGPD):

  • Confirmation of processing of your data,

  • Access, rectification and deletion,

  • Data portability,

  • Right to withdraw your consent at any time,

  • Possibility to lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD).

12.7 Singapore users (PDPA)

If you are a Singapore resident, the Personal Data Protection Act (PDPA) grants you:

  • a right of access to your personal data,

  • a right to correction of inaccurate data,

  • a right to withdraw your consent to processing.

12.8 United Arab Emirates users (UAE – SHAMS)

Twice is registered with Sharjah Media City (SHAMS Free Zone). As such, the processing of personal data of users residing in the United Arab Emirates is governed by UAE federal law on personal data protection (Federal Decree Law No. 45 of 2021 – UAE PDPL).

In accordance with this regulation, you have in particular the following rights:

  • Right of access to your personal data,

  • Right to rectification of inaccurate or incomplete data,

  • Right to deletion of your personal data, under the conditions provided for by applicable law,

  • Right to restriction of certain processing,

  • Right to portability of your personal data in a structured format, where applicable,

  • Right to withdraw consent for optional processing (in particular geolocation or address book access).

Users residing in the United Arab Emirates may also contact the competent data protection regulatory authority, in accordance with the provisions of applicable legislation.

12.9 Exercising your rights

To exercise your rights, you may:

  • Access your account settings directly in the application (profile modification, account deletion, consent withdrawal).

  • Write to us at: support@twice-messenger.com.

We are committed to responding to any request within a maximum of 30 days, except in exceptional circumstances provided for by law.

13. International activities

Twice is an international platform. In order to provide a homogeneous, secure and available service in several jurisdictions, it is necessary for certain data to be shared, transferred and processed worldwide.

13.1 Sharing with global providers

To ensure the operation of its services, Twice uses third-party technical providers that may be located in different countries.

These providers are involved in particular for the following purposes:

  • Hosting and cloud infrastructure: data hosting and operation of the technical infrastructure necessary for the application to function,

  • Payments: transaction and subscription processing via approved payment providers (e.g. via payment platforms integrated into operating systems or specialised providers),

  • Security and abuse prevention: implementation of measures to ensure the security, stability and integrity of services,

  • Technical support: user assistance and service maintenance, which may be provided by teams located in different countries.

Providers act only on Twice's instructions and are subject to strict contractual obligations aimed at guaranteeing the confidentiality, security and protection of personal data, in accordance with applicable regulations.

For users residing in the European Economic Area, the United Kingdom and Switzerland, any transfer of personal data outside these zones is governed by:

  • Standard Contractual Clauses (SCCs) approved by the European Commission,

  • intra-group agreements between the different Twice partner entities,

  • and, where applicable, impact assessments in accordance with GDPR requirements.

These mechanisms ensure that your data benefits from an equivalent level of protection, even when transferred to countries whose local legislation is less strict.

13.3 Standards applied in the United Arab Emirates (UAE – SHAMS)

Twice is registered in Sharjah Media City (SHAMS Free Zone) and applies the UAE federal legal framework for data protection (UAE PDPL – Federal Decree Law No. 45 of 2021).

This means that:

  • data transfers outside the UAE are subject to contractual clauses and compliance checks,

  • we require our providers located outside the UAE to apply a level of protection equivalent to the PDPL and international standards,

  • your data is only transferred to partners that offer recognised guarantees (certifications, ISO standards, GDPR/CCPA/LGPD compliance as applicable).

Twice may, in the future, integrate with strategic partners (e.g. professional tools, social networks, CRM). In this context:

  • your data is only shared with your explicit consent,

  • each integration is documented and subject to a data protection compliance assessment,

  • you may withdraw your consent to the use of a partner service at any time from your settings.

13.5 Transparency and right to information

In accordance with applicable laws (GDPR, UAE PDPL, CCPA, etc.), you have the right to know:

  • to which countries your data is transferred,

  • which providers have access to it,

  • what guarantees are applied to protect your information.

You may obtain this information, as well as a copy of the standard contractual clauses used, by writing to us at support@twice-messenger.com.

14. Policy modifications

14.1 Possibility of update

Twice may modify or update this Privacy Policy at any time in order to:

  • reflect changes in our Services or our business model (e.g. launch of new features, introduction of new subscriptions),

  • take into account the evolution of applicable laws and regulations,

  • incorporate feedback from our users or supervisory authorities,

  • strengthen transparency and protection of your data.

14.2 Informing users

In the event of a substantial modification to this Policy, we will inform users by appropriate means, including:

  • a notification in the application (e.g. via a banner or information window when logging in),

  • updating the Policy within the application and, where applicable, on our official channels,

  • in some cases, email notification, when required by law or when appropriate.

Unless a shorter period is required by law or for security reasons, users will be informed at least 15 days before the entry into force of a new version of the Policy.

14.3 Acceptance of new versions

By continuing to use Twice after the effective date of an update to this Policy, you accept the revised terms. If you do not accept the modifications made, you may:

  • delete your account at any time from the application settings, or

  • contact us at support@twice-messenger.com to request deletion of your data.

14.4 Version history

The current version of the Privacy Policy is always available on our website and in the application. Each version includes an update date clearly indicated at the top of the document. Archived versions may be obtained upon written request.

15. Contact

15.1 Data Protection Officer (DPO)

Twice has appointed a Data Protection Officer (DPO) responsible for ensuring compliance with this Policy and applicable personal data protection laws.

The DPO is your main contact for any questions, requests or complaints relating to privacy and the processing of your data.

15.2 Contact details

You may contact us at any time by the following means:

  • Email address: support@twice-messenger.com

  • Postal address: JAUPIN Design, Twice – support, Gate avenue DIFC, Unit 34, 00000 Dubai, UAE

15.3 Recourse to supervisory authorities

If you believe that your data protection rights have not been respected, you have several options:

  • UAE (SHAMS – UAE PDPL): you may contact the competent federal authority for data protection in the United Arab Emirates.

  • EU (GDPR): you may lodge a complaint with the national data protection authority of your country of residence (for example: CNIL in France).

  • United Kingdom: you may contact the Information Commissioner's Office (ICO).

  • Switzerland: you may contact the Federal Data Protection and Information Commissioner (FDPIC).

  • Brazil (LGPD): you may contact the Autoridade Nacional de Proteção de Dados (ANPD).

  • United States (California – CCPA/CPRA): you may exercise your rights with the California Privacy Protection Agency (CPPA).

  • Singapore (PDPA): you may contact the Personal Data Protection Commission (PDPC).

15.4 Response commitment

We are committed to processing any legitimate request relating to your personal data within a maximum of 30 days, except in exceptional circumstances provided for by law.