Privacy Policy
Last updated: May 11, 2026
AYA Twin (“we,” “us,” “our”) is operated by Saxena Tech LLC, based in Florida, USA. This Privacy Policy explains how we collect, use, store, and protect your information when you use AYA Twin.
We built AYA Twin to be a personal operating system you trust. That means being honest about what we collect and what we do with it.
What we collect
Information you give us directly
- Identity: name, email address, profile information from Google sign-in
- Content you create or import: tasks, notes, documents, journal entries, knowledge base contents, contacts, financial data, health and wellness data, and anything else you choose to add
- Conversations with your AI twin
- Settings and preferences
- Payment information via Stripe — we never see or store your card number; Stripe handles it
Information we collect automatically
- Usage data: which features you use, when you log in, how often you return (via PostHog, anonymized at the user level where possible)
- Technical data: browser type, device type, IP address (used for security and abuse prevention)
- Error logs and performance data (via Sentry, with personally identifiable information scrubbed before transmission)
Information we generate about you
The AYA Twin “Pulse” feature uses your name and any details you provide to search publicly available sources and synthesize a profile of your background, work, and interests. This synthesis is created by AI models and is stored in your account.
What we don't collect
- Browsing history outside our app
- Location data (we don't use geolocation)
- Biometric data, beyond what you voluntarily upload (e.g., Whoop / Oura sleep screenshots — those are stored in your account, not sent to the original vendor)
- We don't sell data, don't share with advertisers, and don't fingerprint
What we do with it
- Provide and improve the AYA Twin product
- Personalize your experience and your AI twin's responses
- Communicate with you about your account, support requests, and product updates (via Resend)
- Process payments (via Stripe)
- LLM inference — your conversation context and provided data is sent to AI providers (Anthropic, OpenAI, Google) as part of providing AI features. Their API terms prohibit using API content for model training by default.
- Detect and prevent abuse, fraud, and security incidents
- Comply with legal obligations
We do not sell your personal information. We do not share your content with advertisers. We do not use your private content to train third-party AI models.
Subprocessors
We use the following third-party services to operate AYA Twin. Each is bound by their own data processing agreement and the terms of their API.
| Subprocessor | Purpose | Data shared | Location |
|---|---|---|---|
| Anthropic | LLM inference (Claude — primary AI provider) | Conversation context, your provided content | US |
| OpenAI | LLM inference (GPT models — alternative) | Conversation context, your provided content | US |
| Gemini LLM inference + Google OAuth sign-in | For OAuth: email, name. For Gemini: conversation context. | US | |
| Stripe | Payment processing | Email, billing metadata (no card number — handled by Stripe Checkout) | US |
| Resend | Transactional email delivery | Your email address and the message body of emails we send you | US |
| Turso | Per-user database hosting (your dedicated database) | All your stored data (encrypted at rest) | US |
| Vercel | Web hosting + speed insights | Logs, IP address, request metadata | US |
| Sentry | Error monitoring | Stack traces, scrubbed request data (no auth tokens, no API keys, no cookies) | US |
| PostHog | Product analytics | Page views, feature usage events; anonymized at user level where possible | US |
| Tavily | Web search (used by Claude when an AI tool call needs the web) | Search queries, returned content | US |
If a DPA link returns 404 or has moved, email hello@ayatwin.ai and we'll point you at the current version.
Where your data lives
- Your personal data is stored in a dedicated database hosted on Turso, isolated from other users (per-user database isolation — see our Security page)
- Application infrastructure runs on Vercel
- BYOK API keys you provide (Anthropic / OpenAI / Google) are encrypted at rest with AES-256-GCM with authenticated additional data bound to your user ID and provider
Your rights
You have the following rights regarding your data:
- Right to access: view your data at any time through the AYA Twin product
- Right to correct: edit your data at any time in-app
- Right to delete: request permanent deletion of your account and all associated data by emailing hello@ayatwin.ai. We process deletion requests within 30 days (GDPR) / 45 days (CCPA). A self-serve in-product deletion path is planned but not currently available.
- Right to portability: request a complete export of your data by emailing us
- Right to withdraw consent for the Pulse feature, which will stop new Pulse runs (existing data remains until you delete it)
- Right to object to processing for legitimate-interest purposes — email us with your request
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your information, the right to correct inaccurate information, and the right to opt out of the sale or sharing of personal information. AYA Twin does not sell or share personal information for advertising purposes.
If you are in the EU/EEA, you have the rights described above under the General Data Protection Regulation (GDPR). The legal basis for our processing is your consent (for AI features) and our legitimate interest in providing the service. You have the right to lodge a complaint with your local data protection authority if you believe we're mishandling your data.
Retention
- Account data: retained while your account is active
- On account deletion: processed within 30 days of request; deleted from primary databases. Backups containing your data may persist for up to 30 additional days before rolling off our backup retention window.
- Logs and telemetry: Sentry error logs retained 90 days; PostHog events 12 months; Vercel access logs 30 days
- Billing records: retained 7 years per IRS / state tax law requirements (Stripe handles this on our behalf)
Beta product disclosure
AYA Twin is currently in beta. The product is provided as-is, without warranty. We may collect anonymized usage data to improve the product. We will notify users of any material changes to this policy. Until our SOC 2 attestation is complete, we recommend avoiding storage of your most sensitive data here (e.g., medical records, classified information).
Children
AYA Twin is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe a child has provided us information, please email us and we'll delete it.
Security
We use industry-standard practices to protect your data, including encryption in transit (TLS 1.2+) and at rest, per-user database isolation, and encrypted storage of sensitive credentials. See our Security page for the detailed posture, including how we handle vulnerability disclosures. No system is perfectly secure, and we cannot guarantee absolute security.
Changes to this policy
We may update this policy as the product evolves. Material changes will be communicated to you by email or in-app notification.
Contact
Questions, requests, or concerns? Email hello@ayatwin.ai.
Saxena Tech LLC
Florida, USA