Privacy Policy
Version 2.0
Last Updated: May 27, 2025
This Privacy Policy describes how Twila ("Company," "we," "us," or "our") collects, uses, discloses, retains, and safeguards information when you use our mobile application, marketing website, and related services (collectively, the "Platform"). It applies to both Users (people booking photographers) and Photographers (people offering photography services), and to third-party subjects who appear in content uploaded to the Platform. This policy is incorporated by reference into the Twila Terms of Service.
1. Summary at a Glance
| What | Plain English |
|---|---|
| What we collect | Account info you provide, content you upload, location while booking, device/usage data, payment metadata (Stripe holds the card numbers). |
| Who sees your photos | The booking party. Authorized Twila staff for moderation/support. Never advertisers. |
| Do we sell your data | No. We also do not "share" personal information for cross-context behavioral advertising as defined under CPRA. |
| Do we train AI on your content | No. Our AI sub-processor (OpenAI) is bound by contractual terms prohibiting training on your inputs. |
| Where is data stored | United States. |
| Your controls | Download your data, delete your account, opt out of marketing, exercise state-law privacy rights — all in Settings → Privacy. |
| Contact | privacy@twila.io |
This summary is provided for clarity. The defined terms below control.
2. Information We Collect
We collect the categories of personal information listed below. Categories track CCPA §1798.140(o) so that California residents (and residents of states using parallel taxonomies) can map their statutory rights to the categories that apply to them.
2.1 Information You Provide
| Category | Examples | When |
|---|---|---|
| Identifiers | Name, email, phone number, username | Account creation; signup |
| Account credentials | Password (hashed), 2FA secret, push token | Account creation; device registration |
| Demographic info | Birthdate, gender (if provided) | Account creation (age-gate) |
| Profile content | Display name, bio, profile photo | Profile setup |
| Photographer business info | Stripe-issued account identifier. Stripe directly collects and holds the underlying KYC fields (legal name, address, bank-account info, government ID, EIN/SSN); we receive only the resulting account ID and high-level verification status. | Photographer onboarding |
| Payment metadata | Last four digits, card brand, billing ZIP — full PAN handled by Stripe | Checkout |
| Booking content | Meeting location, preferences, briefs you write or generate | Booking creation |
| Messages | Direct messages between you and counterparties | In-app messaging |
| User content | Photos uploaded by Photographers depicting Users or third-party subjects | Session upload |
| Reports | Content reports you file; subject-removal requests | Report submission |
| Communications | Email/chat with support; survey responses | Support; surveys |
2.2 Information We Collect Automatically
| Category | Examples |
|---|---|
| Device info | Model, OS version, app version, device identifier |
| Usage data | Screens visited, taps, session length, crash reports |
| Approximate location (point-in-time) | City-level coordinates collected at the moment you open browse / explore screens, when location permission is granted. We do not continuously track Users' location. |
| Precise geolocation | GPS coordinates within ~10 meters. For Users: collected at the moment you create or accept a booking and stored as the meeting location for that booking. For Photographers: while you have "Available" status enabled, your device broadcasts location in the background so we can match nearby Users; this stops as soon as you toggle Available off. |
| Network info | IP address, ASN/carrier, connection type |
| Diagnostic logs | Error traces, performance metrics |
2.3 Information from Third Parties
We may receive information from:
- Identity providers when you sign in with Apple or Google: name, email, hashed user identifier
- Stripe / Stripe Connect for payment confirmations, payout status, identity verification results
- Twilio for phone number verification and SMS deliverability
- AWS Rekognition for content-moderation labels on uploaded photos
- OpenAI for generated brief outputs (we send your inputs; we receive the generated text)
- Apple App Store / Google Play for in-app purchase receipts and subscription state
2.4 Sensitive Personal Information
Under CPRA §1798.140(ae) and parallel state laws, the following may be considered "sensitive personal information" or "sensitive data":
- Precise geolocation (during active booking)
- Account login credentials (you provide; we store hashed)
- Contents of messages between you and counterparties
- Biometric identifiers contained in uploaded photos (see Section 6 below)
- Government identification for photographer tax/identity verification (collected and held by Stripe, not Twila)
You have the right to limit use of sensitive personal information to what is necessary to provide the Platform. See Section 11 for how to exercise this right.
2.5 Categories of Sources
We collect personal information from: (a) you directly, (b) your device when you use the Platform, (c) other users you interact with (e.g., a Photographer's upload of a photo depicting you), and (d) the third-party services listed in Section 2.3.
3. How We Use Information
We use personal information for the following business and commercial purposes, mapped to the CCPA business-purpose taxonomy:
| Business purpose | Use |
|---|---|
| Provide the service | Account creation; matching; booking; messaging; photo delivery; payouts |
| Security and integrity | Fraud detection; abuse prevention; account-takeover protection; rate limiting |
| Debugging and quality | Crash diagnostics; performance monitoring; service-quality measurement |
| Short-term transient use | Push notification delivery; session state |
| Performing services on behalf of the business | Payment processing (Stripe); SMS delivery (Twilio); push delivery (Expo); content moderation (AWS Rekognition); generated-brief assistance (OpenAI) |
| Internal research | Product improvement based on aggregated, de-identified usage data |
| Quality and safety maintenance | Content moderation; trust & safety review; takedown enforcement |
| Compliance | Legal obligations including tax reporting (1099-NEC for Photographers earning ≥$600/year), responses to lawful process |
3.1 Lawful Bases (GDPR / UK GDPR)
If you are a resident of the European Economic Area, United Kingdom, or Switzerland, we process your personal data on the following lawful bases (GDPR Art. 6):
| Processing | Basis |
|---|---|
| Performing the booking contract | Art. 6(1)(b) Performance of a contract |
| Account creation and authentication | Art. 6(1)(b) Performance of a contract |
| Marketing emails / push | Art. 6(1)(a) Consent — withdrawable at any time |
| Fraud prevention; safety moderation | Art. 6(1)(f) Legitimate interests (Twila's interest in a safe platform, balanced against your privacy) |
| Tax reporting; lawful-process compliance | Art. 6(1)(c) Legal obligation |
| Processing sensitive data (biometrics in photos) | Art. 9(2)(a) Explicit consent (subject consent attestation at booking creation) |
3.2 No AI Training on Your Content
Twila does not use your content (photos, messages, generated briefs, profile information) to train artificial-intelligence models. Our sub-processors are bound to the same:
- OpenAI processes booking-brief inputs under API terms that contractually prohibit training on customer content.
- AWS Rekognition uses your photos solely for moderation label generation; AWS does not retain them for training under our service terms.
If we ever materially change this, we will obtain your explicit opt-in consent before doing so.
4. How We Share Information
4.1 Other Users on the Platform
| Recipient | What they see |
|---|---|
| Photographer you booked | Your name, profile photo, booking details, meeting location, message history, photos they take |
| User you photographed | Your photographer profile, business name, payout-related details for receipts |
| Public viewers | Your username, public profile, public-portfolio photos, public-feed posts you opt-in to share |
4.2 Service Providers (Sub-Processors)
We engage the following service providers to operate the Platform. Each is contractually bound to use your information only as instructed by us:
| Vendor | Purpose | Data shared |
|---|---|---|
| Stripe, Inc. | Payment processing, Photographer payouts (Stripe Connect) | Payment info, identity verification, payout data |
| Amazon Web Services | Cloud hosting (S3, CloudFront, Lambda), content moderation (Rekognition) | All Platform data, photos for moderation |
| Twilio Inc. | Phone verification, transactional SMS | Phone numbers |
| OpenAI, L.L.C. | AI-assisted booking brief generation | Brief inputs |
| Expo | Push-notification delivery and over-the-air updates | Device push tokens, app state |
| Render Inc. | API hosting | All API-routed data |
| Apple Inc. / Google LLC | In-app purchase processing for subscriptions | IAP receipts |
| SMTP email provider | Transactional and marketing email delivery via Nodemailer | Email addresses, email content |
This list may change over time. Material changes will be reflected in updates to this policy.
4.3 Legal Disclosures
We may disclose personal information when we believe in good faith it is necessary to:
- Comply with applicable law, regulation, legal process (subpoena, court order, search warrant), or governmental request
- Enforce our Terms of Service or other agreements
- Protect the rights, property, or safety of Twila, our users, or others
- Detect, prevent, or address fraud, security, or technical issues
- Respond to a request from law enforcement when we have a good-faith belief that disclosure is necessary
Where lawfully permitted, we will provide notice to affected users before disclosing their information in response to legal process, except where doing so is prohibited (e.g., by a non-disclosure order accompanying a warrant) or where we believe notice would create a risk of harm.
4.4 Business Transfers
If Twila is involved in a merger, acquisition, financing, bankruptcy, or sale of all or part of its assets, personal information may be transferred as part of that transaction, subject to the surviving entity continuing to honor commitments at least as protective as those in this policy.
4.5 With Your Consent
We will share personal information with other parties when you direct us to do so.
4.6 No Sale; No Cross-Context Behavioral Advertising
We do not sell personal information for monetary or other valuable consideration as those terms are defined under the CCPA, CPRA, or other state privacy laws.
We do not "share" personal information for cross-context behavioral advertising. We do not allow third parties to track your activity across other websites or applications for advertising purposes.
We have not sold or shared personal information in this manner in the preceding 12 months.
5. Location Information
We collect location data only when you grant permission. Different surfaces of the Platform request it for different purposes.
5.1 Users — Approximate Location (Point-in-Time)
When you open browse / explore screens, the app may request your current location once to surface nearby Photographers. We do not store this location continuously and do not run any background tracking against User devices.
5.2 Users — Precise Location (At Booking Creation)
When you create or accept a booking, we collect and retain your precise GPS coordinates as the meeting location for that booking. This is used to:
- Match you with the correct counterparty
- Verify in-person arrival
- Calculate per-minute session pricing where applicable
Meeting-location coordinates are retained as part of the booking record. See Section 8 for retention.
5.3 Photographers — Background Location (Only While "Available")
When you toggle your status to Available as a Photographer, your device begins broadcasting precise GPS coordinates to our servers in the background so we can match you with nearby Users in real time. This requires you to grant "Always" or background-location permission on iOS and Android. On Android, you will see a persistent foreground-service notification while Available, reading "Twila is keeping you active."
Background tracking stops the moment you toggle Available off, force-quit the app (on iOS), or revoke the permission.
5.4 Revoking Location Permission
You may revoke location permission in your device settings at any time. Doing so will prevent you from creating new bookings (Users) or going Available (Photographers) until permission is re-granted.
6. Photos, Subjects, and Biometric Data
6.1 Photos Uploaded by Photographers
Photos uploaded by Photographers are stored in our secured cloud storage and made available to the booking User through the Platform per the Terms of Service rights tiers.
6.2 Biometric Identifiers
Photos uploaded to the Platform may contain biometric identifiers — including facial geometry, retinal patterns, and other physical characteristics. We process these identifiers only for the following purposes:
- Content moderation — AWS Rekognition labels photos for nudity, violence, weapons, and other safety-relevant categories. We do not use facial recognition to identify individuals.
- Duplicate detection — perceptual hashing to detect re-uploads of moderated content.
We do not:
- Use facial recognition to identify individuals
- Sell or share biometric identifiers with third parties
- Use biometric identifiers for marketing, advertising, profiling, or any purpose other than those listed above
- Retain biometric outputs beyond the moderation decision (the labels are retained; the underlying analysis is not)
Photos themselves are retained per the windows in Section 8. If you are a resident of Illinois, Texas, Washington, or another state with a specific biometric-privacy law, you may have additional rights regarding your biometric identifiers. To exercise those rights or request additional information, contact privacy@twila.io.
6.3 Third-Party Subjects in Photos
Photos may depict people other than the booking User and the Photographer ("subjects"). The Terms of Service §13.4 sets out a removal pathway for any subject (including unauthenticated subjects) who appears in Platform content. To submit a removal request, contact privacy@twila.io.
Subject removal requests are processed within the timelines below:
- Non-consensual intimate imagery (NCII): within 48 hours, per the federal TAKE IT DOWN Act
- Suspected child sexual abuse material (CSAM): immediately upon receipt, with mandatory report to the NCMEC CyberTipline per 18 U.S.C. §2258A
- All other removal requests: typically reviewed within five business days
6.4 Authorized-Personnel Access
Authorized Twila personnel may access photos, including private photos, solely for the legitimate Platform purposes listed below. Access is logged and audited.
- Content moderation and trust & safety review
- Fraud detection and abuse prevention
- Customer support and dispute resolution
- Quality assurance and technical troubleshooting
- Compliance with legal obligations and enforcement of our Terms
Twila does not use photos for advertising or marketing purposes without your explicit opt-in consent.
7. Cookies and Tracking Technologies
7.1 Mobile App
The Twila mobile app uses the following local-device technologies:
- Push notification tokens issued by Apple Push Notification Service or Firebase Cloud Messaging (via Expo)
- Crash and performance telemetry via embedded SDKs (Expo)
- Secure local storage for your session token and user preferences
- In-app purchase receipts issued by the platform app store
The app does not use cookies. The app does not engage in cross-app tracking and therefore does not present an App Tracking Transparency prompt under Apple's framework.
7.2 Marketing Website (twila.io)
The marketing website uses strictly necessary cookies for session and security. We do not use advertising, retargeting, or analytics cookies that share data with third parties for behavioral advertising.
8. Data Retention
We retain personal information for the period required to fulfill the purposes described in this Policy, unless a longer period is required by law. Specific retention windows:
| Data | Retention |
|---|---|
| Active account profile | Lifetime of the account |
| Soft-deleted account | 30-day grace period; anonymized thereafter |
| Photos — originals at full resolution | Deleted from storage 30 days after booking finalization via automated S3 lifecycle. The corresponding download URL is removed at the same point. |
| Photos — delivered preview variants (thumb / medium / full) | Retained indefinitely while the account is active so portfolio, location galleries, and Explore feed surfaces continue to render. |
| RAW files (when purchased) | 30 days from booking finalization |
| Private photos following Full-Rights purchase | Photographer must remove from external portfolios within 14 days |
| Messages between Users and Photographers | Deleted 30 days after the corresponding booking ends, by daily cleanup job |
| Booking records (including meeting location) | Retained as part of the booking record; not separately purged on cancellation |
| Payment records / payout history | 7 years (IRS retention) |
| 1099 tax forms | 7 years |
| NCII reports and related preserved evidence | Per applicable law (typically indefinite for criminal-evidence preservation) |
| CSAM reports preserved for NCMEC | Per 18 U.S.C. §2258A |
| DMCA notices and counter-notices | Indefinite for the statutory record |
8.1 Anonymization on Account Deletion
When you delete your account, your personal identifiers (name, email, phone, profile photo, bio, push tokens) are anonymized after the 30-day grace period. Records that other parties depend on for context (e.g., your past bookings or messages, from the counterparty's perspective) are retained in anonymized form. See Section 11.2 for the deletion process.
9. Data Security
We implement reasonable administrative, technical, and physical safeguards designed to protect personal information. These include:
- Encryption in transit for all client-server communication
- Encryption at rest for stored data and backups
- Password hashing using industry-standard algorithms
- Two-factor authentication required for administrative personnel
- Access controls and audit logging for administrative access to user data
- Vendor due diligence for service providers handling personal information
- Incident-response procedures maintained and exercised periodically
No system is completely secure. We cannot guarantee the absolute security of personal information.
9.1 Breach Notification
In the event of a confirmed personal-information breach that requires notification under applicable law, we will notify affected users without unreasonable delay, and in any event within the timelines required by the law of your jurisdiction (e.g., 72 hours under GDPR Art. 33–34, varying state windows under U.S. breach-notification statutes). Notification will include the nature of the breach, the categories of data affected, the steps we are taking, and recommendations for protective action you can take.
9.2 Data Processing Location
Personal information is processed and stored in the United States. If you access the Platform from outside the United States, you acknowledge that your personal information will be transferred to and processed in the United States, which may not provide the same level of data protection as your jurisdiction.
For transfers of personal data from the European Economic Area, United Kingdom, or Switzerland to the United States, we rely on Standard Contractual Clauses (Module 2, controller-to-processor) with our service providers and on equivalent safeguards under UK and Swiss data protection law.
10. Children's Privacy
The Platform is intended for individuals 18 years of age or older. We require all account holders to confirm their date of birth at signup and we age-gate accounts accordingly. We do not knowingly collect personal information from individuals under 18.
If we learn that we have collected personal information from a person under 18, we will delete that information promptly. If you believe a person under 18 has provided us personal information, please contact privacy@twila.io.
This age threshold is independent of the federal Children's Online Privacy Protection Act ("COPPA") threshold of 13 years. The Platform's services and content moderation are designed for an adult audience.
11. Your Privacy Rights
11.1 Rights Available to All Users (Subject to Verification)
You have the following rights with respect to your personal information, subject to applicable law. Most can be exercised directly in the app at Settings → Privacy & Data.
| Right | What it means | Where to exercise |
|---|---|---|
| Right to know | Receive a copy of the personal information we hold about you | Settings → Privacy → Download my data |
| Right to delete | Request deletion of your account and personal information | Settings → Privacy → Delete my account |
| Right to correct | Request correction of inaccurate personal information | Edit Profile, or email privacy@twila.io |
| Right to opt-out of sale/share | We do not sell or share — but you may submit a request to confirm | privacy@twila.io |
| Right to limit use of sensitive PI | Restrict use of precise location and biometric identifiers | privacy@twila.io |
| Right to non-discrimination | We will not deny service, charge different prices, or provide a different level of service for exercising privacy rights | Automatic |
11.2 Account Deletion Mechanics
When you request deletion via Settings → Privacy → Delete my account:
- Your account is immediately marked deleted and you are signed out.
- A 30-day grace period begins. During this window you may contact support@twila.io to cancel the deletion.
- After 30 days, your personal identifiers are anonymized as described in Section 8.1. Records retained for legal reasons (payment history, tax records, content-moderation evidence) are retained in their original form per Section 8.
11.3 Data Export Mechanics
When you request a data export via Settings → Privacy → Download my data:
- We begin gathering your data within minutes; most exports complete within an hour, but we have up to 45 days under CCPA §1798.130(a)(2).
- We email you a download link valid for 7 days; the underlying file is deleted from our storage 14 days after creation.
- The export includes your profile, bookings, messages, photo metadata and URLs (full-resolution binaries are accessible through the app), notifications, reports you filed, follow graph, and a history of prior export requests.
11.4 State-Specific Rights
California Residents (CCPA / CPRA)
In addition to the rights above, California residents have:
- Right to know specific pieces of personal information collected (Cal. Civ. Code §1798.110)
- Right to know categories and sources collected, business purposes, and categories of third parties to whom information is disclosed (§1798.115)
- Right to opt out of sale or sharing (§1798.120) — Twila does not sell or share
- Right to limit use and disclosure of sensitive personal information (§1798.121)
- Right of correction (§1798.106)
- Right to non-discrimination for exercising privacy rights (§1798.125)
- Shine the Light right (Cal. Civ. Code §1798.83) — Twila does not share personal information with third parties for direct-marketing purposes
We respond to verifiable consumer requests within 45 days. We may extend by an additional 45 days where reasonably necessary, with notice.
You may designate an authorized agent to make a request on your behalf by providing the agent with written authorization (sent to privacy@twila.io) and verifying your identity directly with us.
Texas Residents (TDPSA)
Texas residents have the right to confirm processing, access, correct, delete, obtain a portable copy, and opt out of (i) targeted advertising, (ii) sale of personal data, and (iii) profiling in furtherance of decisions producing legal or similarly significant effects. Twila does not engage in (i), (ii), or (iii) of those activities.
Texas residents may appeal a denial of a request by emailing privacy@twila.io with the subject line "TDPSA Appeal."
Residents of Other Comprehensive-Privacy-Law States
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Oregon, Montana, Delaware, Iowa, New Hampshire, New Jersey, Tennessee, Indiana, Kentucky, Maryland, Minnesota, and Rhode Island have rights similar to those above, with variations in timing, fees, and appeal mechanics governed by each state's statute. Contact privacy@twila.io to exercise rights; we will honor the rights available to you under the law of your state of residence.
11.5 EEA, UK, and Switzerland Rights
If you are a resident of the EEA, UK, or Switzerland, you have additional rights under GDPR / UK GDPR / Swiss FADP:
- Right of access (Art. 15) — receive a copy of your personal data
- Right of rectification (Art. 16)
- Right of erasure (Art. 17) — "right to be forgotten," subject to legal-hold exceptions
- Right to restrict processing (Art. 18)
- Right to data portability (Art. 20) — receive your data in a structured, machine-readable format
- Right to object to processing based on legitimate interests (Art. 21)
- Right not to be subject to solely automated decisions producing legal effects (Art. 22). Twila uses automated tools (e.g., AWS Rekognition) for content moderation, which may result in content being temporarily hidden pending human review. A trust-and-safety team member reviews all such decisions before they become final. You may request human reconsideration of any moderation outcome at support@twila.io.
- Right to withdraw consent at any time without affecting the lawfulness of prior consent-based processing
- Right to lodge a complaint with your supervisory authority
To exercise these rights, contact privacy@twila.io. We will respond within one month, extendable by two months for complex requests per Art. 12(3).
11.6 Verification of Identity
Before responding to most requests, we will verify your identity. Verification methods include confirming control of the account email and phone number; for high-impact requests (deletion, sensitive-PI limits), we may require additional verification proportionate to the sensitivity of the request.
12. Marketing Communications
12.1 Email
Operational emails (booking confirmations, payment receipts, security alerts, policy updates) are sent as part of the service and cannot be disabled while your account is active.
Marketing emails (newsletters, product announcements, promotions) are sent only with your opt-in. You may opt out at any time via:
- The unsubscribe link in any marketing email (one click)
- Settings → Privacy → Marketing email opt-in toggle
12.2 SMS
Operational SMS (verification codes, two-factor authentication) is sent as part of the service. Marketing SMS is not currently sent by the Platform. If we ever introduce marketing SMS, it will be opt-in only and will comply with the federal Telephone Consumer Protection Act ("TCPA"), including frequency disclosure and a working STOP-to-unsubscribe.
12.3 Push Notifications
Operational push (booking lifecycle, payment events, content-moderation outcomes) cannot be disabled while your account is active without disabling all notifications at the OS level.
Social push (likes, comments, follows) and marketing push are gated by separate preferences in Settings → Privacy.
13. Third-Party Services
The Platform may link to or integrate with third-party services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing information.
Integrations currently include: Apple Sign-In, Google Sign-In, Stripe checkout flows, App Store / Google Play subscription management.
14. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this policy reflects the latest changes.
For material changes that affect the categories of information we collect, the purposes for which we use it, or the third parties with whom we share it, we will provide reasonable advance notice (at least 30 days) by in-app banner, email to your account address, or both. Continued use of the Platform after the effective date of a material change constitutes acceptance.
You may request prior versions of this policy by emailing privacy@twila.io.
15. Contact and Complaints
For privacy questions, requests, or complaints, contact:
- Email: privacy@twila.io
- DMCA notices / counter-notices: dmca@twila.io
If you are an EEA, UK, or Switzerland resident and we have not satisfactorily addressed your concern, you have the right to lodge a complaint with your supervisory authority.
Appendix A — Apple App Store and Google Play Disclosures
To align with the privacy-label requirements of the Apple App Store and Google Play Data Safety section, we disclose:
- Data linked to your identity: contact info, identifiers, photos, location, financial info, usage data, diagnostics, user content, search history within the app.
- Data used to track you across apps and websites: none. Twila does not engage in cross-app tracking.
- Encryption: data is encrypted in transit and at rest.
- Data deletion request: in-app deletion is available at Settings → Privacy → Delete my account.
The labels displayed in the App Store / Play Store are the binding disclosures for that respective storefront and reflect this policy.