Security & trust

The product is intimate. The controls must be obvious.

AI Twinly is being built for consent-first collection, transparent AI simulation, user-controlled deletion, and trusted-contact access rules.

Consent first

Data sources are explained before collection. Users choose what to share and can pause or delete categories later.

No password in extensions

Browser capture uses a revocable connection token created from the dashboard.

Export and deletion

Users can export account data, delete selected categories, delete extension tokens, or delete the full account.

AI transparency

AI Twinly should never hide that it is AI, even when it answers naturally in a first-person conversational style.

Access boundaries

Trusted contacts and guest chat keys can be scoped by access level, allowed topics, release timing, and legacy-approved evidence.

No advertising resale

The service promise is that personal data is not sold or shared with third parties for advertising.

Security roadmap

The MVP is live. Production hardening comes next.

Now HTTPS, server-side sessions, password hashing, extension tokens, export/delete controls, and consent records.

Next Database migration, encrypted secrets, account email verification, rate limiting, and stronger audit logs.

Before scale Formal privacy review, data retention policies, abuse monitoring, backup policy, and app-store compliance review.