Privacy Policy — Twunein

Plain-language summary

Twunein lets two people press play on the same song at the same time, no matter where they are. To do that we need to know who you are (so your partner can find you), what room you're in, and what's currently playing. That's it. We do not sell your data. We do not run advertising. You can delete everything in two taps.

This summary is for orientation. The full sections below are what we are legally bound by — and they are written in the same plain tone.

Who we are

Twunein (referred to as "we", "us", or "the app") is operated by the makers of the Twunein mobile and web application. For privacy questions you can reach us any time at privacy@twunein.app or via our contact page.

This policy explains how we handle personal information when you use Twunein on Android, iOS, or the web. By using Twunein you agree to the practices described here.

What we collect

We collect only the categories below — nothing more.

Category	Examples	Provided by
Account identifiers	Email, display name, profile picture, unique user ID	You / your sign-in provider
Partner link	Optional partner email you enter to invite	You
Session metadata	Session code, room name, host ID, listener IDs, timestamps	Generated by app
Playback state	Current track ID/URL, position, play/pause, queue order	Generated while you listen
Uploaded audio	MP3 files you choose to share with your partner inside a session	You
App preferences	Theme, default volume, sync quality, notification toggles	You
Diagnostics	Crash reports, performance traces, anonymised device model and OS version	Firebase Crashlytics & Performance Monitoring

What we do not collect

We do not access your phone's microphone, camera, contacts, SMS, or call logs.
We do not track you across other apps or websites.
We do not collect precise location.
We do not run third-party advertising SDKs.

Why we collect it

Purpose	Legal basis (GDPR / DPDPA)
Create your account & let your partner find you	Performance of contract
Sync playback in real time across devices	Performance of contract
Store your shared library so both of you can play it later	Performance of contract
Diagnose crashes & measure performance	Legitimate interests (keeping the app stable)
Communicate about the service (e.g. account changes)	Performance of contract
Comply with law & defend legal claims	Legal obligation

Google Sign-In & Google Drive

Google Sign-In

If you choose to sign in with Google, we receive only the basic profile fields Google releases for sign-in: your email address, your display name, your profile picture URL, and a Google-issued user identifier. We do not receive your Google password and we do not request access to your Gmail, Calendar, Contacts, or any other Google service.

Twunein's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Google Drive (when applicable)

If a future version of Twunein offers to back up or restore your shared audio library to your own Google Drive, we will request the https://www.googleapis.com/auth/drive.file scope only. This scope limits us to files Twunein itself creates or that you explicitly open with Twunein — we cannot read, modify, or delete any other file in your Drive.

Limited Use disclosure. Twunein's use of any Google user data — including data obtained via Google Sign-In or Google Drive scopes — complies with Google's Limited Use requirements: we use the data only to provide and improve user-facing features, never to train generalised AI/ML models, never to serve ads, and never to sell or transfer it to third parties.

Who we share data with

We share the minimum amount of data required to operate the service, and only with the providers below:

Provider	Purpose	Where
Google Firebase (Authentication, Firestore, Realtime Database, Storage, Crashlytics, Performance, Cloud Functions)	Account auth, real-time session sync, file storage, diagnostics	Asia-South2 region (primary), with Google's global edge for delivery
Your partner / co-listener(s)	Sees your display name, avatar, and currently playing track within the session you both joined	End-to-end within the app

We do not sell, rent, or trade personal information. We do not share data with advertising networks or data brokers.

How long we keep it

Data	Retention
Account profile	Until you delete the account
Active session metadata	While the session is live; archived for up to 30 days then auto-deleted
Uploaded audio in your shared library	Until you remove it, or until account deletion
Crash reports / performance traces	90 days (Firebase default)
Account deletion request records	12 months (legal proof of completion)

Your rights & controls

Depending on where you live (GDPR, UK GDPR, India's DPDPA 2023, California's CCPA, and similar laws around the world), you have some or all of the following rights:

Access — request a copy of your personal data.
Correction — fix anything that's wrong (you can also do this yourself in Profile).
Deletion — wipe your account and all associated content (see below).
Portability — receive your data in a machine-readable format.
Objection / restriction — limit how we process your data.
Withdraw consent — for any processing that depends on consent.
Lodge a complaint — with your local data protection authority.

To exercise any of these rights, write to privacy@twunein.app or use the contact form. We respond within 30 days.

Delete your account

You can delete your Twunein account — and everything connected to it — at any time:

From the app: open Settings → Privacy & Security → Delete account.
From the web: use the dedicated account deletion request page.

If you only want to take a break, you can close (suspend) your account instead — you keep your data and can come back later.

Children

Twunein is not directed at children under 13 (or under 16 in regions where local law sets a higher age of digital consent). We do not knowingly collect personal information from children. If you believe a child has created an account, please contact us and we will delete it.

Security

We protect your information with industry-standard safeguards:

All traffic between your device and our servers is encrypted in transit (HTTPS / TLS 1.2+).
Stored data is encrypted at rest by Google Cloud.
Access to production systems is restricted to a small number of authorised maintainers using two-factor authentication.
Firestore Security Rules and Firebase Storage Rules enforce per-user authorization at the database layer — no client can read another user's data.

No system is perfectly secure. If you believe you have found a vulnerability, please write to security@twunein.app.

International transfers

Twunein's primary database region is Asia-South2 (Delhi). Diagnostics and global edge delivery may transit Google's worldwide infrastructure. Where data leaves your region, transfers rely on Google Cloud's Standard Contractual Clauses and other lawful transfer mechanisms.

Changes to this policy

We will update this policy as the product evolves. Material changes are announced in-app and via the email on file at least 14 days before they take effect. Past versions are available on request.

Contact

Privacy questions: privacy@twunein.app
General inquiries: hello@twunein.app
Mailing & full contact form: /contact.html

Last updated 30 April 2026 — questions or corrections welcome.

↑ Back to top