Privacy Policy

Twine is operated by Redwood LLC (“we”, “us”, “our”). This policy describes how we collect, use, and protect information when you use the Twine app at app.twinechats.com and our mobile apps (together, the “Service”).

Summary

Twine is built for private messaging. Message bodies are end-to-end encrypted on your device before they are sent. Our servers store and relay ciphertext only — we cannot read the content of your encrypted messages or channel keys.

Information we collect

Account information

When you create an account, we collect:

Messaging metadata

To deliver the Service, our servers process information needed to route messages and run rooms, including:

Mobile push notifications

If you enable push on a mobile device, we store a device push token so we can wake the app. Push payloads contain no message text, sender name, or room title — only a minimal sync signal. Your device fetches ciphertext from the API, decrypts locally, and decides whether to show a notification.

Technical logs

Like most online services, our hosting infrastructure may temporarily process standard request logs (for example IP address, user agent, and request timing) for security, abuse prevention, and reliability. We do not use these logs to read your messages.

What we do not collect

How we use information

We use the information above to:

We do not sell your personal information.

How we share information

We do not sell, rent, or trade your personal information. We share data only with:

Security

We use technical and organizational measures to protect data, including:

No method of transmission or storage is 100% secure. We cannot guarantee absolute security.

Local storage on your devices

To show chat history quickly, Twine may cache decrypted messages on your device. On mobile, that cache is encrypted at rest with keys held in the system secure store. When you log out or delete your account in the app, local cached messages on that device are cleared. A compromised unlocked device is outside what encryption-at-rest can fully prevent.

Service providers

We use third-party infrastructure to run Twine, including cloud hosting (for example Amazon Web Services), databases, and mobile push delivery (for example Google FCM / Apple APNs via Expo). These providers process data on our behalf under our instructions and their own terms.

Data retention and deletion

We retain account and ciphertext data while your account is active and as needed to operate the Service. When you delete your account, we delete associated server-side data (profile, ciphertext, memberships, device keys, push tokens). Short-lived backups may retain data for a limited period before automatic purge.

Delete your account in the app under Me → Delete Account, or follow the steps at twinechats.com/delete-account.html. Temporary deactivation or logging out does not delete server-side data.

Your choices

Children

The Service is not directed at children under 13, and we do not knowingly collect personal information from them. Contact us if you believe a child has provided us data.

International users

Twine is operated from the United States. If you use the Service from elsewhere, your information may be processed in the U.S.

Changes

We may update this policy from time to time. We will post the revised version on this page and update the “Last updated” date.

Contact

Questions about privacy or data requests: support@redwoodchip.com

Redwood LLC
California, United States