Privacy Policy
This policy explains what data NathanTwin collects when you use our service, how it's used, and your rights around that data. The short version: we collect what you type to improve the AI and understand how people use the service. We don't sell your data. We don't collect patient data.
1. What We Collect
Data collected automatically
- Session ID โ a random identifier assigned to your chat session
- IP address โ used for security and geographic analytics (not linked to identity)
- Browser/device type โ mobile vs desktop, user agent string
- Referrer URL โ what site linked you here
- UTM parameters โ if you arrive from a marketing link (utm_source, utm_medium, utm_campaign)
- Conversation transcript โ all messages you send and receive
- Timestamps โ when each message is sent
Data you provide voluntarily
- Email address โ only if you choose to provide it for follow-up communication
- Name โ only if you share it in conversation
2. How We Use Your Data
| Data | How Used |
|---|---|
| Conversation transcript | Powers AI responses; stored to allow session continuity; reviewed periodically to improve AI quality |
| Email address | Send follow-up email if requested; never shared with third parties |
| Session analytics | Understand how people use the service (which topics are asked, conversation depth, drop-off points) |
| UTM / referrer | Understand which marketing channels drive the best conversations |
| IP address | Security; fraud prevention; approximate geographic analytics (country/region level) |
3. What We Do NOT Collect
- Patient health information (PHI) โ we actively discourage sharing patient data; see PHI warning below
- Credit card or payment information
- Government ID numbers
- Data from children under 13
4. PHI Warning โ Patient Data
Do not input patient-identifiable health information into NathanTwin. NathanTwin is not designed to handle Protected Health Information (PHI) under HIPAA or equivalent regulations in other jurisdictions. This includes patient names, dates of birth, medical record numbers, specific diagnostic or treatment details that could identify an individual, or any other information that could link a medical history to a specific person.
NathanTwin is designed for strategic discussions at the product, regulatory, and business level โ not for clinical case consultation.
5. Data Retention
Conversation data is retained for up to 24 months to enable service improvement and session continuity. Email addresses and associated conversation data are retained until you request deletion.
6. Cookies and Local Storage
NathanTwin uses browser localStorage (not cookies) to:
- Remember your session ID so conversations persist between visits
- Store your email address if provided (so returning users are recognized)
- Store your cookie consent preference
This data is stored on your device and is never transmitted to third parties. You can clear it by clearing your browser's localStorage for this site.
7. Third-Party Services
- AI Processing โ conversations are processed by AI infrastructure. AI responses are generated server-side; raw conversation data is not sent to third-party AI training datasets.
- Web hosting โ service is hosted on Render (render.com); database on Neon (neon.tech). Both are SOC 2 compliant.
- Google Fonts โ loaded from Google's CDN for typography. Subject to Google's privacy policy.
8. GDPR and EU Visitors
If you are in the European Union or European Economic Area, you have additional rights under GDPR:
- Right of access โ request a copy of data we hold about you
- Right to rectification โ request correction of inaccurate data
- Right to erasure โ request deletion of your data ("right to be forgotten")
- Right to portability โ request your data in a portable format
- Right to restrict processing โ request we stop processing your data
To exercise these rights, contact us via the chat or booking link below. We will respond within 30 days.
Our legal basis for processing conversation data is legitimate interest (providing the service you requested). Our legal basis for processing email addresses you voluntarily provide is consent.
9. Data Security
We use industry-standard security measures including encrypted database connections and secure cloud hosting. However, no system is 100% secure, and we cannot guarantee absolute security of your data.
10. Children's Privacy
NathanTwin is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided personal information, please contact us for immediate deletion.
11. Changes to This Policy
We may update this policy as our practices evolve. We will post the updated date at the top of this page. Continued use after changes constitutes acceptance.
12. Contact
For privacy questions, data deletion requests, or GDPR rights requests: Book a call or use the NathanTwin chat to request contact.