Privacy Policy

1. Data Controller

The data controller responsible for your personal data is GEDS AI PLATFORM LLC (dba TwinsDo), located in Clermont, Florida, USA. For all privacy-related inquiries, please contact our Data Protection Officer at [email protected].

2. Information We Collect

We collect the following categories of personal data:

• Account Information: Name, email address, and authentication data provided during registration.
• Biometric Data: Photographs (for avatar creation) and voice recordings (for voice cloning). Under Illinois BIPA, these constitute biometric identifiers. We collect this data only with your explicit, informed consent.
• User-Generated Content: Educational scripts, video titles, and learning content you create on the platform.
• Usage Data: Login timestamps, feature usage patterns, device information, IP address, and browser type.
• Payment Data: Transaction records processed through our third-party payment provider. We do not store credit card numbers.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds, as required by GDPR (Article 6) and LGPD (Article 7):

• Consent: For the collection and processing of biometric data (photos and voice recordings) used to create your digital twin avatar and voice clone. You may withdraw consent at any time.
• Contractual Necessity: To provide our services, manage your account, and generate learning videos as requested.
• Legitimate Interest: To improve our platform, ensure security, prevent fraud, and communicate service updates.
• Legal Obligation: To comply with applicable laws, regulations, and legal processes.

4. Biometric Data Notice (BIPA Compliance)

TwinsDo collects biometric identifiers as defined under the Illinois Biometric Information Privacy Act (BIPA), including facial geometry derived from photographs and voiceprints derived from audio recordings. By using our avatar creation and voice cloning features, you provide your informed, written consent to the collection, storage, and use of this biometric data solely for the purpose of creating your personalized digital twin. We will not sell, lease, trade, or otherwise profit from your biometric data. Biometric data is retained only for as long as your account is active or for a maximum of three (3) years after your last interaction with the platform, whichever comes first. Upon account deletion, all biometric data is permanently destroyed within thirty (30) days.

5. How We Use Your Information

Your information is used exclusively for the following purposes:

• To create and maintain your digital twin avatars and voice clones.
• To generate personalized learning videos based on your content.
• To manage your account, authenticate your identity, and provide customer support.
• To improve our platform's functionality, performance, and user experience.
• To communicate important service updates, security alerts, and policy changes.
• To comply with legal obligations and enforce our Terms of Use.

6. Data Storage and Security

Your data is stored securely using industry-standard encryption (AES-256 at rest, TLS 1.3 in transit). Photographs and voice recordings are stored in encrypted cloud storage (AWS S3) with access controls. We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including regular security audits, access logging, and employee training.

7. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information. We may share data with the following categories of service providers, all bound by strict data processing agreements:

• Cloud Infrastructure: AWS for secure data storage and computing.
• AI Processing: Third-party AI services for avatar generation and voice synthesis, which process data only as instructed and do not retain it.
• Payment Processing: Stripe for secure payment handling (PCI DSS compliant).
• Analytics: Anonymized usage analytics to improve platform performance.

8. International Data Transfers

Your data may be transferred to and processed in the United States. For users in the European Economic Area (EEA) and Brazil, we ensure appropriate safeguards are in place for international data transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission and compliance with LGPD's international transfer requirements under ANPD Resolution CD/ANPD No. 19/2024.

9. Data Retention

We retain your personal data for as long as your account is active. Biometric data (photos and voice recordings) is retained for a maximum of three (3) years after your last platform interaction. Generated videos are available for download for forty-eight (48) hours after creation, after which they are permanently deleted from our servers. Upon account deletion, all personal data is permanently erased within thirty (30) days, except where retention is required by law.

10. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

• Right of Access: Request a copy of all personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data. You can delete your account directly from your Profile page — no need to contact us.
• Right to Restrict Processing: Request that we limit how we process your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent: Withdraw consent for biometric data processing at any time without affecting the lawfulness of prior processing.
• Right to Non-Discrimination: Exercise your rights without receiving discriminatory treatment (CCPA).
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information, but you may exercise this right at any time (CCPA/CPRA).

You can exercise your right to delete your account and all associated data directly from the Profile & Settings page in your dashboard. For all other requests, contact us at [email protected]. We will respond within thirty (30) days.

11. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). We do not sell or share your personal information as defined by the CCPA. You have the right to know what personal information we collect, the right to delete your data, and the right to non-discrimination for exercising your rights. To submit a verifiable consumer request, contact us at [email protected].

12. Children's Privacy

TwinsDo is not intended for use by individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from a minor, we will promptly delete it. If you believe a child has provided us with personal information, please contact us immediately at [email protected].

13. AI-Generated Content Disclosure

In compliance with the EU AI Act and the California AI Transparency Act, we disclose that TwinsDo uses artificial intelligence to generate digital avatars, clone voices, and produce learning videos. All AI-generated content on our platform is clearly labeled as such. The AI processes your photos and voice recordings solely to create your personalized learning materials.

14. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within seventy-two (72) hours of becoming aware of the breach (as required by GDPR Article 33) and will notify affected individuals without undue delay. For LGPD compliance, we will also notify Brazil's ANPD as required.

15. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. We will notify you of material changes via email or a prominent notice on our platform at least thirty (30) days before the changes take effect. Continued use of TwinsDo after the effective date constitutes acceptance of the updated policy.

16. Contact Us

For any privacy-related inquiries, data subject requests, or to exercise your rights, please contact our Data Protection Officer at [email protected]. We are committed to resolving any concerns promptly and within the timeframes required by applicable law.