Privacy Policy

Privacy Policy

Last Updated: 27.02.2026

Introduction

At Twin Pines LTD (“we”, “us”, or “our”), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you access or use any of our products and services, as described below (collectively, the “Services”).

The Services include the AI Productivity Assistant – ChatCrafter web-based platform available at https://chatcrafter.ai, including any related pages, subdomains, or features (the “WebApp”).

This Privacy Policy applies to all our Services unless we clearly say otherwise.

For data protection purposes, and under the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and similar laws, Twin Pines LTD (address: Agias Zonis 12, Limassol, 3027, Cyprus) is the company responsible for deciding how and why your personal data is processed (the “controller”), unless we clearly state otherwise.

We also take into account other data protection and privacy laws that may apply depending on where you live, including UK data protection laws and certain U.S. state privacy laws, where applicable.

WE ENCOURAGE YOU TO READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND HOW AND WHY WE PROCESS PERSONAL DATA IN CONNECTION WITH THE SERVICES.

Types of Data Collected

When we say personal data, we mean information that can identify you (directly or indirectly), either on its own or when combined with other information. This may include, for example, your email address, device or online identifiers, or other similar details.

We collect only the personal data that is necessary to provide, operate, improve, and promote our Services. The type of data we collect depends on how you interact with the Services (for example, whether you use a mobile app or the website).

We do not intentionally collect biometric data or precise real-time location data.

Below we explain the main categories of personal data we may collect.

Information You Provide to Us

This includes information you choose to share directly when using the Services, for example:

your email address or other contact details;
information you provide when creating or managing an account;
text input or interaction data (for AI functionality);
messages, requests, or feedback you send to us (for example, through support or contact forms);
preferences or settings you choose within the Services.

You are not required to provide personal data unless it is necessary to use a specific feature.

Information We Collect Automatically

When you use the Services, we may automatically collect certain technical and usage information, such as:

device and application information (for example, device type, operating system, language settings, app or browser version);
identifiers such as IP address or device- or browser-based identifiers;
general location information (for example, country or region);
information about how you use the Services, such as interactions, features used, session activity, and subscription or purchase status;
analytics and advertising attribution information, such as referral sources, campaign identifiers, and conversion events, as well as pseudonymous advertising, where permitted by your device or platform settings.
1. Information Collected Through Cookies and Similar Technologies (Web Only)

When you use WebApp, we may use cookies and similar technologies to collect information such as:

information about your device and browser;
pages you visit and actions you take on the website;
preferences such as language or region;
analytics information that helps us understand how users use the website;
advertising and marketing information that allows us and our partners to track user activity, measure campaign performance, and show advertising that may be relevant to users’ interests.

Some of these cookies and technologies are provided by third-party analytics and advertising partners. These partners may track your activity over time and across different websites in order to provide analytics services, advertising attribution, and targeted or personalised advertising.

Where required by law, we use analytics, tracking, and targeting cookies only with your consent. You can manage or withdraw your consent at any time through your browser settings or other tools described in this Privacy Policy.

Information from Third Parties

In some cases, we may receive limited personal data from advertising and analytics partners (for example, Google Platform), typically in aggregated or pseudonymised form, for attribution and analytics purposes. This may include:

subscription and transaction information, such as confirmation of purchases, renewals, cancellations, refunds, or subscription status;
analytics and attribution information, such as referral sources, campaign identifiers, conversion events, or aggregated or pseudonymised usage statistics;
advertising interaction information, such as information indicating that you interacted with one of our ads or marketing materials;
technical or security-related information, such as signals used to help prevent fraud, abuse, or misuse of the Services.

The processing of such information is subject to the privacy policies of the relevant third parties and applicable data protection laws. We do not receive or store your payment card details or full payment information.

How We Use Your Data

We process personal data only where this is permitted by applicable data protection laws and for clearly defined purposes. Depending on the context, we rely on one or more of the following legal bases:

performance of a contract, where processing is necessary to provide the Services, including operating the app and website, managing subscriptions, and delivering AI-powered features;
legitimate interests, such as improving the Services, analysing how they are used, ensuring security, and preventing misuse, provided these interests do not override your rights;
consent, where required by law, in particular for cookies, tracking technologies, and targeted advertising on the web;
legal obligations, where processing is necessary to comply with applicable laws or regulatory requirements.

The table below explains how different categories of personal data are used, for which purposes, and the legal basis we rely on in each case.

Category of personal data	How we use it (purpose)	Legal basis
Account and contact information (such as email address, account information, and settings)	To create and manage accounts, provide access to the Services, save preferences, and communicate with users about the Services	Performance of a contract
Subscription and transaction information (such as subscription status, purchase or renewal events)	To process subscriptions, manage payments and renewals, provide paid features, and handle refunds or cancellations	Performance of a contract; Legal obligation (where required for accounting or tax purposes)
User inputs and content (such as prompts or messages submitted when using AI features)	To provide AI-powered features and generate responses within the Services	Performance of a contract
Technical and usage data (such as device information, app interactions, session activity)	To operate the Services, ensure stability and security, fix bugs, and improve performance and user experience	Legitimate interests
Analytics data (such as aggregated or pseudonymised usage statistics)	To understand how users interact with the Services, improve features, and make data-driven product decisions	Legitimate interests
Advertising and attribution data (such as referral sources, campaign identifiers, conversion events, advertising identifiers)	To measure marketing performance, understand how users find the Services, and optimise advertising campaigns	Consent (where required); Legitimate interests (where permitted by law)
Targeting and tracking data (Web) (such as cookies or similar technologies used for personalised advertising)	To show ads that may be relevant to users’ interests and limit ad repetition	Consent
Communications data (such as messages sent to support)	To respond to inquiries, provide assistance, and communicate about service-related matters	Performance of a contract; Legitimate interests
Security and anti-abuse data (such as logs, risk signals, or fraud indicators)	To detect and prevent fraud, abuse, or misuse of the Services and to protect users and our systems	Legitimate interests; Legal obligation
Email, technical identifier	If you request data deletion or removal from marketing lists, we process your request as required	Legitimate interest
Legal and compliance data (where applicable)	To comply with applicable laws, respond to lawful requests, or defend legal claims	Legal obligation; Legitimate interests

If we ever plan to use personal data for a new purpose that is not covered by this Privacy Policy, we will explain this to you in advance and, where required by law, ask for your consent.

Sharing of Personal Data with Service Providers

We use trusted third-party service providers to help us run, support, improve, and promote the Services. We share only the minimum amount of personal data required for these purposes.

We do not sell your personal data. Service providers that act on our behalf are not allowed to use personal data for their own independent marketing purposes. Some partners, such as analytics or advertising platforms, may process personal data as independent controllers, in which case their own privacy policies apply.

The table below explains which service providers we work with, what they do for us, what types of personal data are involved, and why the data is shared.

Service provider (name & location)	Services performed	Personal data shared	Purpose of sharing	Privacy Policy
Google LLC (Google Ads) (U.S.A.)	Analytics, A/B testing, advertising, and ad management services	Advertising interaction data, attribution data, campaign identifiers, pseudonymous identifiers	To support analytics, advertising attribution, targeting, and campaign optimisation	Privacy Policy Data Processing Addendum
Google LLC (Google Analytics 4)	Analytics, A/B testing, and ad management services	Advertising interaction data, attribution data, campaign identifiers, pseudonymous identifiers	To support analytics, advertising attribution, targeting, and campaign optimisation	Privacy Policy Data Processing Addendum
Google LLC (Gemini)	AI services provider	User inputs, prompts, and related usage data submitted through the Services	To provide AI-powered features and responses within the Services	Privacy Policy Data Processing Addendum
Anthropic PBC (Claude)	AI services provider	User inputs, prompts, and related usage data submitted through the Services	To provide AI-powered features and responses within the Services	Privacy Policy Data Processing Addendum
Mistral AI SAS (Mistral AI)	AI services provider	User inputs, prompts, and related usage data submitted through the Services	To provide AI-powered features and responses within the Services	Privacy Policy Data Processing Addendum
Perplexity AI, Inc. (Perplexity)	AI services provider	User inputs, prompts, and related usage data submitted through the Services	To provide AI-powered features and responses within the Services	Privacy Policy Data Processing Addendum
X.AI LLC. (Grok)	AI services provider	User inputs, prompts, and related usage data submitted through the Services	To provide AI-powered features and responses within the Services	Privacy Policy Data Processing Addendum
OpenAI, L.L.C. and its affiliates (U.S.A. / other countries depending on entity)	AI services provider (OpenAI API services)	User inputs, prompts, and related usage data submitted through the Services	To provide AI-powered features and responses within the Services	General Privacy Policy API Privacy Policy Data Processing Addendum
Stripe, Inc. (USA)	Payment processing (WebApp)	Transaction identifiers, billing metadata, subscription status	To process web payments and manage subscriptions (no access to full payment details)	Privacy Policy Data Processing Agreement

Use of AI Technologies

Our Services use third-party AI technologies (for example, AI models provided by OpenAI) to support certain features, including generating conversational content.

When you use AI-powered features, the information you submit (such as text inputs or prompts) is processed to generate responses. This processing may take place on external systems operated by our AI service providers and is limited to providing the requested functionality.

Information processed in connection with AI features may be handled in aggregated or pseudonymised form. We do not intentionally use AI inputs to identify users or to train public AI models.

Important Note: As our AI-powered features rely on third-party service providers, we cannot fully control their systems or guarantee absolute security of information processed by them. We therefore encourage you to consider the sensitivity of any information you choose to share when using AI-powered features of the Services.

Data Storage & Deletion

We retain personal data only for as long as necessary to provide the Services, fulfil the purposes described in this Privacy Policy, and comply with applicable legal obligations.

Retention periods may vary depending on the type of data, how the Services are used (for example, through a mobile application or a web interface), and applicable legal or regulatory requirements.

Where personal data is no longer needed, we delete or anonymise it within a reasonable period, unless retention is required or permitted by law (for example, for accounting, tax, security, fraud-prevention, or dispute-resolution purposes).

Users can contact support@chatcrafter.ai to request data deletion.

Children’s Privacy

The Services are not intended for children under the age of 13, or under 16 where a higher minimum age applies, such as in the European Union.

We do not knowingly collect personal data from children below the applicable age limit without valid parental consent, where such consent is required by law.

If we become aware that personal data has been collected from a child in violation of these requirements, we will take reasonable steps to delete it promptly, unless retention is required by law.

User Rights under GDPR and similar laws

Depending on where you live and the laws that apply, you may have certain rights in relation to your personal data.

These rights may include the right to:

access the personal data we hold about you;
correct inaccurate or incomplete personal data;
delete your personal data, subject to applicable legal limitations;
restrict or object to certain types of processing;
receive a copy of your personal data in a portable format, where applicable;
withdraw consent at any time, where processing is based on consent;
opt out of certain data uses, including targeted advertising or similar activities, where required by applicable law.

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing, including profiling, within the meaning of applicable data protection laws.

We do not discriminate against users for exercising their privacy rights.

You may exercise your rights by contacting us at support@chatcrafter.ai. We may need to verify your identity before responding to your request. Please note that we can only fulfill requests with respect to Personal Data that we control or can reasonably access. Some requests may be subject to limitations or exceptions under applicable law.

If you believe that your rights have not been respected, you may also have the right to lodge a complaint with a relevant data protection or privacy authority, depending on your location.

Where required by applicable U.S. state law, you may have the right to appeal our decision regarding a privacy request.

International Transfers

We may transfer personal data to service providers and partners located outside your country of residence, including outside the European Economic Area (EEA), the United Kingdom, or Switzerland. This may include transfers to countries that do not provide the same level of data protection as your home jurisdiction.

Where personal data is transferred internationally, we take appropriate steps to ensure that it remains protected in accordance with applicable data protection laws. These safeguards may include, where required:

reliance on adequacy decisions adopted by relevant authorities;
the use of standard contractual clauses or similar approved contractual safeguards;
additional technical and organisational measures designed to protect personal data.

International transfers may occur, for example, when we use cloud infrastructure, analytics, advertising, or AI service providers that operate globally or are based in other countries.

You may contact us for further information about the safeguards applied to international data transfers, where required by law.

Security

We take reasonable technical and organisational measures to protect personal data and to help keep it secure. These measures are designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure during storage and transmission.

Where appropriate, we use safeguards such as access controls, encryption, system monitoring, and other security practices. Access to personal data is limited to authorised personnel and service providers who need it to perform their duties and who are subject to confidentiality and security obligations.

No system can be guaranteed to be completely secure. While we work to protect personal data, we cannot guarantee absolute security. If a security incident occurs, we will take reasonable steps to investigate and address it and will notify affected users and authorities where required by law.

If you believe that your account or personal data may be at risk, please contact us using the details provided in this Privacy Policy.

Changes to This Policy

We may update this Privacy Policy from time to time. This may happen if our Services change, if we introduce new features, or if the law or regulatory guidance changes. When we update the Policy, we will publish the new version and update the “Last Updated” date. We encourage you to review it regularly.

Contact Information

For questions, concerns, or requests, please contact us at:

Email: support@chatcrafter.ai

Company: TWIN PINES LTD

Address: Agias Zonis 12, Limassol, 3027, Cyprus