What data does AI Twin hold about me?

Your Twin holds what you put into it. Files you upload, text you type, answers you give during smart onboarding, and the metadata around those items. Your Twin does not scrape your inbox, read your calendar, or watch your screen.

How is my data encrypted?

Your data is encrypted in transit and at rest. Access to your data inside AI Twin is logged, with every read, write, and change recorded with an actor and timestamp.

Does AI Twin use my data to train AI models?

No. AI Twin does not use your data to train AI models, and the model providers we work with do not receive a feed of your memory to retrain their systems. Any feature that sends memory to a third-party model is opt-in, and you see what is sent every time.

Is AI Twin GDPR compliant?

AI Twin is designed and operated to comply with UK GDPR from the first user. We can answer Data Subject Access Requests and support the right to erasure. EU AI Act readiness is in build. We are not yet certified to ISO 27001 or SOC 2; we are engineering toward both.

Where is my data stored?

AI Twin runs on Supabase, on infrastructure inside the European Economic Area, with UK data residency where possible.

Trust

Your data. Your rules. Calibrated honestly.

Q: Can I delete my data from AI Twin?

Yes. One click removes your data from production within seven days. Operational backups roll off on a published schedule and are not used for any purpose other than disaster recovery.

AI Twin is built around a quiet rule. We will say what is true, in plain English, and not a word more. Here is what that looks like in practice.

What we hold

What your Twin actually stores.

A short list, because the list is short.

Your Twin holds what you put into it. Files you upload, including PDFs, images, documents, voice notes, and screenshots. Text you type. Answers you give during smart onboarding. Captures you confirm in Pending Review.

Your Twin holds the metadata around those items. When you added something. What kind of item it is. Tags and categories you set. Audit entries for every action.

Your Twin does not hold what you have not given it. We do not scrape your inbox. We do not read your calendar. We do not watch your screen. We do not infer things about you from places you did not bring to the Twin.

When wider integrations ship, they will roll out one at a time, behind your explicit consent. You will see exactly what each one captures before you turn it on. You can turn it off again at any point.

How we protect it

Encryption, access, and the audit trail.

Your data is encrypted in transit and at rest. That is the baseline. It is not the brand statement.

Access to your data inside AI Twin is logged. Every read, every write, every change, recorded with an actor and a timestamp. You can see your own audit log in your account. We can see ours, internally, and we are accountable to it.

The service-role keys that allow our systems to read your data live only on our servers. They never reach your browser. They are rotated and monitored. Access by anyone on the AI Twin team is restricted, logged, and reviewed.

If something goes wrong, we will tell you, in plain English, within seventy-two hours of becoming aware. That is the legal floor under UK GDPR. We treat it as a floor, not a ceiling.

Your rights

What you can do with your data.

Under UK GDPR you have a set of rights. We have built AI Twin so that exercising them is direct, not a form-filling exercise.

See it.

Your Twin shows you what it holds. No black boxes. No “this is encrypted, trust us” surfaces.

Edit it.

Anything captured can be corrected. If your Twin remembers something wrong, you change it.

Export it.

One click produces a portable file containing everything your Twin holds for you. Standard formats, not a custom export only we can read.

Delete it.

One click removes your data from production within seven days. Operational backups roll off on a published schedule and are not used for any purpose other than disaster recovery.

Object to it.

If we ever start processing your data for a purpose you did not opt into, you can stop us. You can also lodge a complaint with the Information Commissioner’s Office, the UK regulator, at any time. You should not have to. We would rather you tell us first, but you do not need our permission.

Take it elsewhere.

AI Twin is model-agnostic by design. Your memory is yours, and it comes with you if you switch tools or leave us entirely.

These are not features. They are the floor.

What we do not do

Five things you will not see us do.

We do not sell your data. There is no commercial arrangement under which any third party pays us for access to what your Twin holds. Our full list of sub-processors is public at /sub-processors.

We do not share your data with advertisers. AI Twin does not run ad tracking, does not embed advertising pixels, and does not exist inside an ad-funded business model.

We do not use your data to train AI models without your explicit consent. The model providers we work with do not get a feed of your memory to retrain their systems. If a specific feature ever requires sending memory to a third-party model, you will see exactly what gets sent, every time, before it goes.

We do not track you across other websites. Privacy-friendly analytics on this site only, focused on aggregate usage. Nothing tied to your identity, nothing shared with networks that profile you.

We do not retain your data after you have asked us to remove it, beyond the published backup-rolloff window.

Model-agnostic

Your memory is yours. The model is whatever you choose.

A lot of AI products today lock you in. Your conversations live inside one provider’s system. Your context belongs to them. If you switch, you start again.

AI Twin is built differently on purpose.

Your memory is stored in our database, structured and typed and yours. The AI model that helps you use it is whichever one you want. Claude. ChatGPT. Gemini. A local model on your laptop. If a model gets better tomorrow, you switch. Your Twin’s memory comes with you.

This is not a feature for technical users. It is the brand. Lock-in is a tax on trust, and we refuse to charge it.

Compliance

What is live, what is in build, what is not yet certified.

We will not overclaim our compliance status. The space is full of products that print certification badges they have not earned. We are not one of them.

UK GDPR: live.

AI Twin is designed and operated to comply with UK GDPR from the first user. Lawful basis, data minimisation, purpose limitation, storage limitation, integrity, confidentiality, accountability. We can answer Data Subject Access Requests. We can support the right to erasure. We have appointed routes for complaints.

EU AI Act readiness: in build.

The EU AI Act creates obligations for AI systems based on risk. AI Twin sits in the limited-risk category as we understand it today. We are building toward the transparency, governance, and disclosure obligations. We are not yet formally assessed. When that assessment happens, we will publish the result.

ISO 27001 and SOC 2: not yet certified.

We are engineering toward both. They take time, they cost money, and they are worth doing properly. When we are independently audited and certified, we will say so. Not before.

We will publish each milestone when it is independently verified, not before.

Where your data lives

Who else touches it, and from where.

AI Twin runs on a small set of trusted providers. The list is short and deliberate.

Hosting and database: Supabase, on infrastructure inside the European Economic Area. UK data residency where possible, EEA where not.

AI models: provided by the model vendor you choose. Memory is sent to a model only when you make a request that requires it, and you see what is sent.

Email delivery: a transactional email provider for confirmation and account messages. No marketing email from your data without explicit consent.

Analytics: privacy-friendly analytics with no cross-site tracking and no identity tying. Aggregate signals only.

That is the list. If it changes, we update this page and tell people who have signed up. We do not quietly add sub-processors and hope no one notices.

Sensitive data

Who AI Twin is for, and what we ask you to think twice about.

AI Twin is built for adults. We do not build features designed for use by children under 18. We do not market to children. If you are under 18, please do not sign up.

You may, of course, capture things about your family in your Twin. The school’s term dates. The nursery’s dietary letter. Your child’s medication. That is one of the use cases the product is built for. The data is held by you, in your account, as part of your life admin.

Some data is more sensitive than other data. Health information. Faith. Sexuality. Political views. Financial detail. If you choose to capture these in your Twin, you should. It will help your Twin help you. We hold this data with the same care as everything else, and we have specifically not built features that profile, segment, or commercialise based on sensitive categories. Nothing about you triggers a different experience for someone else.

If you ever want to know exactly what your Twin holds and where, that is what the audit log is for.

Contact

A real person reads every message.

For privacy questions, data subject requests, or anything that does not feel right: hello@ai-twin.co.uk.

For complaints you do not want to bring to us first, you can contact the Information Commissioner’s Office at ico.org.uk. We would rather you tell us first, but you do not have to.

Calm AI. Clear consent. Quiet by design.

This page was last updated on 12 May 2026. We will note material changes here and tell people who have signed up.