Effective: April 2026. This Privacy Policy explains how ZedStack LLC, a Delaware limited liability company ("Company", "we", "us", "our"), operating the Ava-Twin.me platform, collects, uses, and protects information when you use our website, platform, or services.
We collect information you provide directly and information generated automatically when you use our services:
The Ava-Twin Unity SDK can be used entirely offline with bundled avatar assets. When used in offline mode (no API credentials provided, no cloud service contact), no personal data is transmitted to ZedStack LLC, and this Privacy Policy does not apply to interactions limited to offline mode. End-user interactions with Your Application remain governed by Your own privacy practices.
We do not use your data for advertising or sell it to third parties.
We use strictly necessary cookies to keep you signed in and maintain session state. We do not use third-party advertising cookies or tracking pixels. If we add analytics in the future we will update this policy and, where required, ask for your consent.
We use trusted sub-processors to operate the service:
| Processor | Purpose | Data Accessed | Location |
|---|---|---|---|
| Supabase | Database, Auth, Storage | All platform data | US (us-east) / EU (eu-central) |
| Stripe | Payment processing | Billing info, card tokens | US (global) |
| Vercel | Hosting, edge delivery | Request logs | Global edge |
| Cloudflare | DDoS, bot protection | IP, request metadata | Global edge |
Each processor handles data only as necessary to provide their service and is bound by their own privacy and security commitments.
Our services are operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. Our sub-processors operate in the United States and the European Union.
For residents of the European Union, European Economic Area, and the United Kingdom, data may be transferred to the United States. Appropriate safeguards are applied via sub-processor agreements, including Standard Contractual Clauses (SCCs) where applicable.
By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence. We will take reasonable measures to ensure your data is treated securely and in accordance with this Privacy Policy.
Depending on your location, you may have the right to access, correct, export, or delete the personal data we hold about you. To exercise any of these rights, email us at the address below. We will respond within 30 days.
If you are located in the EU/EEA or UK, you have the right to lodge a complaint with your local data protection supervisory authority if you believe your data has been processed unlawfully.
ZedStack LLC does not maintain a registered Data Protection Officer. For DPO-related inquiries, contact legal@ava-twin.me. Inquiries are handled by our privacy team.
The Service is not directed to children under 13 years of age (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child under the applicable age, we will take steps to delete that information promptly. If you believe we have collected data from a child, please contact us at the email address below so we can take appropriate action.
If Your Application (using the Ava-Twin SDK) is directed to children, You are responsible for complying with COPPA, the UK Age-Appropriate Design Code, and similar regulations. Ava-Twin provides technical infrastructure; You are the data controller for Your End Users.
We do not currently respond to Do Not Track ("DNT") browser signals. There is no uniform standard for how online services should respond to DNT signals. If a standard is adopted in the future, we will update this policy accordingly.
If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights regarding your personal information:
To exercise your California privacy rights, email privacy@ava-twin.me. We will verify your identity before processing your request and respond within 45 days.
We use industry-standard safeguards including encrypted connections (TLS), hashed credentials, and private database schemas not exposed to the public internet. No method of transmission or storage is 100% secure — if you discover a vulnerability please report it to us responsibly.
To the maximum extent permitted by applicable law, ZedStack LLC shall not be liable for any unauthorized access to or alteration of your data, any data that is lost or corrupted, or any failure to store or transmit your data. You acknowledge that you provide your information at your own risk and that no data transmission over the internet or method of electronic storage can be guaranteed to be completely secure.
This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law provisions. Any disputes arising under or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts located in the State of Delaware.
We may update this policy from time to time. Material changes will be communicated via email or a notice on our website. The "Effective" date at the top always reflects the current version.
For general questions, email hello@ava-twin.me.
For privacy inquiries, data requests, or deletion, email privacy@ava-twin.me (also accepts legal@ava-twin.me).
For broader legal questions, email legal@ava-twin.me.
ZedStack LLC, registered in Delaware, United States.