Start free

Privacy Policy

Version 1.0 · effective April 26, 2026

Privacy Policy of TWWIM UG (haftungsbeschränkt) for the TWWIM AI SaaS platform – covers the website twwim.ai, the customer dashboard and the plugins and integrations for online stores and websites (incl. WordPress, Shopify, WooCommerce, JTL Shop and standalone snippet integrations). Personal data is processed exclusively in accordance with the GDPR and the German Federal Data Protection Act (BDSG).

Controller

Company
TWWIM UG (haftungsbeschränkt)
Address
Stapperstr. 65, 52080 Aachen, Deutschland
Managing Director
Dmitri Botezat
Email
[email protected]

This policy applies to all components of the TWWIM platform: (1) the public website twwim.ai, (2) the customer dashboard (registration, login, billing, account management), (3) the plugins and snippet integrations that customers embed in their online stores or websites (WordPress, Shopify, WooCommerce, JTL Shop and others), and (4) the corresponding backend APIs.

Principles

We process personal data exclusively in accordance with the GDPR (EU 2016/679) and the German Federal Data Protection Act (BDSG). Personal data is collected, stored and processed only for clearly defined purposes and on a defined legal basis. No transfer to recipients outside the European Union takes place.

Processing on the twwim.ai website

When you visit our public website the following information is recorded automatically (server log files):

  • IP address
  • Date and time of access
  • Referrer URL
  • Browser and operating system used
Legal basis
Art. 6 (1) (f) GDPR (legitimate interest in security and functionality)
Retention
7 days, then automatic deletion

Contact

If you contact us by email or form, your data is stored for the purpose of processing the request.

Legal basis
Art. 6 (1) (b) GDPR (contract initiation) or Art. 6 (1) (f) GDPR (legitimate interest)
Retention
Until the request is resolved or as required by statutory retention periods

Processing in the customer dashboard (SaaS account)

When you create an account on TWWIM AI or are invited as a member of an organisation, we process the following data to provide the platform:

Account master data
Email address, password hash (bcrypt), first and last name, optionally phone number, chosen language and timezone.
Company data
Company name, legal form, address, VAT-ID/tax number, register court and registration number, contact person, industry – as far as you provide them.
Billing data
Plan selection, billing address, payment history, card or SEPA data processed by our payment service provider Stripe (TWWIM does not store full payment instrument data).
Audit logs
Login times, IP address, user agent, recorded acceptances of legal documents (Terms, Privacy, DPA) for proof of consent.
Usage metrics
Aggregated usage statistics of the platform (e.g. number of requests, active tenants), used for billing of booked plans and capacity planning.
Legal basis
Art. 6 (1) (b) GDPR (performance of contract) and Art. 6 (1) (c) GDPR (statutory retention obligations, in particular § 147 AO).
Retention
For the duration of the contractual relationship plus statutory retention periods (typically 6 or 10 years for invoice-relevant data).

Processing in the TWWIM plugins and integrations

To enable you to use TWWIM AI in your online shop, website or application, we provide a number of plugins and snippet integrations – currently for WordPress, Shopify and WooCommerce; further integrations such as JTL Shop are in preparation. TWWIM AI can additionally be embedded via a generic JavaScript snippet. During installation and ongoing operation, your platform and TWWIM exchange the data needed to operate the assistant. We process only what is necessary to provide the agreed functionality; no transfer to third countries takes place.

What we process

Integration authentication
Authentication credentials of your platform (e.g. an OAuth access token in the case of Shopify, or a site secret negotiated between the WordPress plugin and TWWIM in the case of WordPress) so your platform and TWWIM can communicate securely. These credentials are stored encrypted.
Tenant and configuration data
Your platform's domain, selected knowledge sources, language, appearance and other settings you make in the TWWIM dashboard or in the respective plugin.
Knowledge base content
Product catalogue, categories, knowledge documents and FAQ entries that you actively release for the assistant to use. This content is the basis on which TWWIM AI formulates its answers.
Automatically captured page content
When a visitor opens a page on which the TWWIM snippet is active, the assistant captures structural information about that page (visible content, interactive elements, the page URL, where applicable product metadata) so that it can answer questions about and execute actions on that page. This content is held in a transient page cache and is removed automatically once it is no longer needed.
Webhook and synchronisation data
Status changes of your platform (e.g. product update, plugin uninstall, end of subscription) that we evaluate in order to continue or terminate the service correctly.

Processing of your end customers' data

For the processing of personal data of your own end customers – for example visitors interacting with the TWWIM assistant – you are the controller within the meaning of the GDPR. TWWIM acts as a processor under Art. 28 GDPR. The details of this processing are governed by the Data Processing Agreement concluded between you and us, and are summarised below in Data processing on behalf of TWWIM customers.

Legal basis
Art. 6 (1) (b) GDPR (performance of contract) for you as a TWWIM customer; Art. 28 GDPR together with the Data Processing Agreement for the data of your end customers.
Retention
Authentication credentials and configuration data are stored until you uninstall the integration or terminate your contract. Knowledge base content is stored for as long as the integration is active and the content remains released. Automatically captured page content is held transiently and removed automatically on a regular basis.

Cookies

On the twwim.ai website and in the customer dashboard, we use only technically necessary session cookies and equivalent browser storage (e.g. local storage for auth tokens). No tracking, analytics or marketing cookies are deployed. See Cookie Policy for details.

Your rights

To the extent that we process personal data relating to you, you are entitled to the following rights. To exercise any of them, an informal message to [email protected] is sufficient; we may ask you to identify yourself where this is necessary to verify your request.

Right of access (Art. 15 GDPR)
You may at any time request confirmation as to whether and which personal data concerning you we process.
Right to rectification (Art. 16 GDPR)
You may request that incorrect data be rectified or incomplete data be completed.
Right to erasure (Art. 17 GDPR)
You may request the erasure of your data, unless statutory retention obligations or other compelling grounds prevent this.
Right to restriction of processing (Art. 18 GDPR)
In the cases provided for by law, you may request that we restrict the processing of your data.
Right to data portability (Art. 20 GDPR)
You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format.

Right to lodge a complaint with a supervisory authority. Without prejudice to any other remedy, you have the right to lodge a complaint with a supervisory authority, in particular the authority responsible for our seat: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestraße 2-4, 40213 Düsseldorf, Germany — ldi.nrw.de.

Data processing on behalf of TWWIM customers

As provider of the TWWIM AI SaaS platform, we process personal data of end customers on behalf of our customers (platform operators – online shops, websites, apps), to the extent that this is necessary to provide the assistant. The details of this processing – in particular the data categories, purposes, technical and organisational measures, and the engaged sub-processors – are governed by the Data Processing Agreement concluded between us and the respective platform operator.

Key principles:

  • End-customer input is neither used for training or profiling purposes nor persistently stored; it is processed solely for the respective interaction and a short, technically necessary follow-on period and is then removed automatically.
  • All servers in use are located in certified data centres within the European Union; no transfer to third countries takes place.
  • Only language models under our own control, running on EU-based bare-metal GPU servers, are used; no US cloud AI providers (e.g. OpenAI, Google, Anthropic, AWS Bedrock) are involved.
  • The sub-processors engaged (in particular our hosting and our GPU provider) are exhaustively named in Annex 3 of the Data Processing Agreement; any change is notified to the platform operator with reasonable advance notice.

Currency

This privacy policy is updated regularly. The current version is always available at twwim.ai/datenschutz.

Your privacy matters

We use essential cookies to run the site. With your consent we also use analytics and marketing cookies. You can change this any time. Privacy Policy and Cookie Policy.