Privacy Policy

We collect information in the following ways:

a) Information You Provide Directly

• Account & registration data — name, email address, and password when you create an account or subscribe to our newsletter.
• Purchase data — billing name, email address, and transaction identifiers generated through our payment processor, Stripe. We do not store full card numbers or CVV codes on our servers.
• Communications — any messages, feedback, or support requests you send to us.

b) Information Collected Automatically

• Usage data — pages visited, time spent, click paths, referring URLs, and similar navigation data.
• Device & connection data — IP address, browser type and version, operating system, screen resolution, and time zone.
• Cookies & tracking technologies — see Section 4 below.

c) Information from Third Parties

• Stripe — confirms payment status and provides transaction identifiers. Stripe may share limited data with us pursuant to their own privacy policy.
• Google Analytics — aggregated analytics data (see Section 4).

We use the information we collect to:

• Create and manage your account and course access;
• Process payments and send purchase confirmations;
• Respond to your inquiries, provide customer support, and resolve disputes;
• Send transactional emails (e.g., purchase receipts, password resets) and, where you have opted in, marketing communications about new courses, promotions, and platform updates;
• Analyse Site performance, diagnose technical issues, and improve the quality and relevance of our content (primarily via Google Analytics — see Section 4);
• Detect and prevent fraud, abuse, or other harmful activity;
• Comply with applicable legal obligations;
• Enforce our Terms & Conditions.

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

If you are located in the European Economic Area, United Kingdom, or another jurisdiction with similar data-protection requirements, we process your personal data under the following legal bases:

• Contract — processing necessary to fulfil a purchase or provide access to course content you have requested.
• Legitimate interests — site security, fraud prevention, analytics, and platform improvement, where these interests are not overridden by your rights.
• Consent — where you have opted in to marketing communications or non-essential cookies.
• Legal obligation — where processing is required to comply with applicable law.

We use cookies and similar technologies to operate the Site and understand how it is used. Cookies are small text files stored on your device by your browser.

Strictly Necessary Cookies

Required for the Site to function (e.g., session management, authentication). These cannot be disabled without affecting core functionality.

Analytics Cookies — Google Analytics

We use Google Analytics to collect aggregated, anonymised data about how visitors interact with the Site. This information is used exclusively for debugging and performance tracking — understanding page load times, identifying broken flows, and improving the overall user experience. Google Analytics may set cookies such as _ga, _gid, and _gat on your device. Data collected by Google Analytics is subject to Google's Privacy Policy. You may opt out by installing the Google Analytics Opt-out Browser Add-on.

Payment Cookies (Stripe)

Our payment processor, Stripe, may set cookies or use other tracking technologies during checkout to facilitate payment security and fraud prevention. These are governed by Stripe's Privacy Policy.

Managing Cookies

You can control or delete cookies via your browser settings. Note that disabling certain cookies may affect Site functionality. For more information on managing cookies, visit allaboutcookies.org.

We share your personal information only in the following limited circumstances:

• Service providers — trusted third-party vendors who assist in operating the Site (e.g., Firebase / Google Cloud for infrastructure, Stripe for payments, Google Analytics for analytics). These providers are contractually obligated to use your data only as directed by us and in accordance with applicable law.
• Legal compliance — if required by law, regulation, legal process, or enforceable governmental request.
• Business transfers — in connection with a merger, acquisition, reorganisation, or sale of all or substantially all of our assets, in which case we will notify you before your data is transferred and becomes subject to a different privacy policy.
• Protection of rights — where disclosure is necessary to protect the rights, property, or safety of TwistLab, our users, or others.

We retain your personal information for as long as necessary to fulfil the purposes described in this Policy and to comply with our legal obligations:

• Account data — retained while your account is active and for up to 3 years after closure, unless a longer retention period is required by law.
• Purchase and billing records — retained for a minimum of 7 years to comply with tax and accounting regulations.
• Analytics data— Google Analytics data is retained according to the retention settings we configure (currently 14 months) and Google's own data deletion policies.
• Communications — support emails and messages are retained for up to 3 years.

When personal data is no longer needed, we securely delete or anonymise it.

We implement industry-standard technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These include:

• HTTPS/TLS encryption for all data transmitted between your browser and our servers;
• Secure, access-controlled cloud infrastructure provided by Google Firebase;
• Payment processing handled entirely by Stripe — we do not store raw card data;
• Regular review and updates to our security practices.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Depending on your location, you may have the following rights regarding your personal information:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate or incomplete data.
• Erasure (“right to be forgotten”) — request deletion of your personal data, subject to our legal retention obligations.
• Restriction — request that we restrict processing of your data in certain circumstances.
• Data portability — receive your personal data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests or for direct marketing purposes.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

California residents (CCPA): You have the right to know what personal information we collect, to request deletion, and to opt out of any sale of your data. We do not sell personal information.

To exercise any of these rights, please contact us at support@twistlabco.com. We will respond within 30 days (or sooner where required by law). We may ask you to verify your identity before acting on a request.

The Site is not directed to children under the age of 13 (or 16 in the EEA/UK). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately at support@twistlabco.com and we will take steps to delete that information.

Your information may be processed and stored in the United States or other countries where our service providers maintain infrastructure. If you are located outside the United States, you acknowledge that your information may be transferred to and processed in a country that may not have the same data protection laws as your jurisdiction. We take steps to ensure appropriate safeguards are in place, including reliance on providers that comply with applicable data transfer frameworks (e.g., EU Standard Contractual Clauses where applicable).

The Site may contain links to third-party websites (e.g., YouTube). This Privacy Policy does not apply to those external sites. We encourage you to review the privacy policies of any third-party site you visit.

With your consent, we may send you emails about new courses, promotions, or platform news. You can opt out at any time by clicking “Unsubscribe” in any marketing email or by contacting us at support@twistlabco.com. Opting out of marketing emails does not affect transactional emails (e.g., purchase receipts).

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective date” at the top of this page. For material changes, we will notify registered users by email or by a prominent notice on the Site prior to the change becoming effective. Your continued use of the Site after the effective date constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: