Privacy Policy

SiteTwin collects personal information that you voluntarily provide to us when you register for an account, request a demo, subscribe to our newsletter, fill out a contact form, or otherwise interact with our services. This information may include your full name, email address, phone number, company name, job title, and billing information. We also automatically collect certain technical data when you visit our website, including your IP address, browser type and version, operating system, referring URLs, pages visited, time spent on pages, click patterns, and device identifiers. Additionally, when you use our platform APIs, we may collect usage data such as API call volumes, endpoint usage patterns, error rates, and integration configurations. This data helps us improve our services, optimize performance, and provide better support. We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, or health data unless specifically required for KYC compliance purposes and explicitly consented to by the user.

We use the personal information we collect for several specific purposes. First, to provide, maintain, and improve our banking infrastructure platform and related services. Second, to process your requests, including account registration, demo scheduling, and support inquiries. Third, to send you important service communications such as security alerts, platform updates, maintenance notifications, and changes to our terms or policies. Fourth, to send marketing communications about new features, product updates, industry insights, and events — but only if you have opted in to receive such communications. Fifth, to analyze usage patterns and trends to improve our platform's performance, reliability, and user experience. Sixth, to detect, prevent, and address fraud, security issues, and technical problems. Seventh, to comply with legal obligations, enforce our terms of service, and protect the rights, property, and safety of SiteTwin, our customers, and the public. We process your data based on legitimate business interests, contractual necessity, your consent, or legal obligations, depending on the specific processing activity.

Your personal data is stored on secure servers located in the United States and the European Union, hosted by industry-leading cloud infrastructure providers that maintain SOC 2, ISO 27001, and other relevant certifications. We implement a data retention policy that ensures personal information is kept only for as long as necessary to fulfill the purposes for which it was collected. Account data is retained for the duration of your active account plus 24 months following account closure to comply with regulatory requirements and to handle any post-termination inquiries. Marketing contact data is retained until you unsubscribe or request deletion. Website analytics data is anonymized after 26 months. API usage logs are retained for 12 months for performance analysis and troubleshooting purposes. Backup copies of data may persist in our backup systems for up to 90 days after deletion from primary systems. When data is no longer needed, it is securely deleted or anonymized using industry-standard methods.

Depending on your location, you may have certain rights regarding your personal data under applicable data protection laws such as the GDPR, CCPA, or other regional regulations. These rights may include the right to access your personal data and obtain a copy of the information we hold about you; the right to rectification, allowing you to correct inaccurate or incomplete data; the right to erasure (the 'right to be forgotten'), enabling you to request deletion of your personal data under certain circumstances; the right to restrict processing of your data; the right to data portability, allowing you to receive your data in a structured, machine-readable format; the right to object to processing based on legitimate interests or for direct marketing purposes; and the right to withdraw consent at any time where processing is based on consent. To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

SiteTwin uses certain third-party services to operate our website and platform effectively. These third-party providers may have access to your personal information only to the extent necessary to perform their functions and are obligated to protect your data in accordance with applicable laws and our contractual requirements. Our third-party service providers include cloud hosting providers (for infrastructure and data storage), analytics services (for website usage analysis and performance monitoring), email service providers (for transactional and marketing communications), payment processors (for billing and subscription management), customer support tools (for managing support tickets and communications), and identity verification providers (for KYC compliance purposes). We carefully vet all third-party providers and require them to maintain appropriate security measures and data protection standards. We do not sell your personal information to third parties. We may share aggregated, anonymized data with partners for research and industry analysis purposes, but this data cannot be used to identify individual users.

SiteTwin implements comprehensive technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security measures include encryption of data in transit using TLS 1.3 and encryption of data at rest using AES-256; multi-factor authentication for all internal systems and customer accounts; regular security audits and penetration testing conducted by independent third-party security firms; a dedicated security operations center with 24/7 monitoring for threats and anomalies; strict access controls based on the principle of least privilege, ensuring employees only access data necessary for their roles; comprehensive employee security training and background checks; incident response procedures with defined escalation paths and notification timelines; and regular backup procedures with encrypted, geographically distributed backup storage. Despite our best efforts, no method of transmission over the Internet or method of electronic storage is 100% secure. If we become aware of a data breach that affects your personal information, we will notify you and relevant authorities in accordance with applicable laws.

SiteTwin's services are designed for businesses and professionals and are not intended for use by children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect, solicit, or maintain personal information from children under 16. If we learn that we have collected personal information from a child under 16 without verification of parental consent, we will take immediate steps to delete that information from our servers. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected], and we will work promptly to remove the information and terminate any associated account. We encourage parents and guardians to monitor their children's online activities and to help enforce this policy by instructing their children never to provide personal information through our website or services without their permission.

SiteTwin reserves the right to update or modify this Privacy Policy at any time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes to this policy, we will notify you through prominent notice on our website, email notification to registered users, or other appropriate communication channels at least 30 days before the changes take effect. Non-material changes, such as typographical corrections or formatting updates, may be made without prior notice. The 'Last Updated' date at the top of this policy indicates when the most recent revision was made. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Your continued use of our website and services after any changes to this policy constitutes your acceptance of the updated terms. If you disagree with any changes, you may close your account and discontinue use of our services. Previous versions of this Privacy Policy are available upon request by contacting [email protected].