← Back to Ava-Twin.me

Privacy Policy

Effective: March 2026. This Privacy Policy explains how ZedStack LLC, a Delaware limited liability company ("Company", "we", "us", "our"), operating the Ava-Twin.me platform, collects, uses, and protects information when you use our website, platform, or services.

Information We Collect

We collect information you provide directly and information generated automatically when you use our services:

  • Account data — email address, password (hashed), and any profile information you provide during signup or onboarding.
  • Billing data — subscription plan and billing period. Payment card details are handled directly by our payment processor (Stripe) and are never stored on our servers.
  • App and API key data — apps you create, API keys you generate (stored as irreversible hashes), and customizer configuration.
  • Avatar data — 3D avatar configurations and customisations created by your end-users through the embedded customizer. This data is stored to enable avatar persistence and in-game loading.
  • Usage and technical data — IP address, browser type, referring URLs, pages visited, and API request logs. Used for security, abuse prevention, and improving the service.
  • Contact and demo requests — email, company name, and any message you send through our contact form.

How We Use Information

  • Provide, operate, and improve the Ava-Twin.me platform and SDK
  • Process subscriptions and manage your account
  • Deliver avatar data securely to your Unity WebGL game
  • Send transactional emails (account confirmation, password reset, billing receipts)
  • Respond to support requests and demo inquiries
  • Detect and prevent fraud, spam, and abuse
  • Comply with legal obligations

We do not use your data for advertising or sell it to third parties.

Cookies and Tracking

We use strictly necessary cookies to keep you signed in and maintain session state. We do not use third-party advertising cookies or tracking pixels. If we add analytics in the future we will update this policy and, where required, ask for your consent.

Third-Party Processors

We use trusted sub-processors to operate the service:

  • Supabase — database, authentication, and storage
  • Stripe — subscription billing and payment processing
  • Vercel — web hosting and edge delivery
  • Cloudflare — DDoS protection and Turnstile bot verification

Each processor handles data only as necessary to provide their service and is bound by their own privacy and security commitments.

International Data Transfers

Our services are operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States.

By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence. We will take reasonable measures to ensure your data is treated securely and in accordance with this Privacy Policy.

Data Retention

We retain account data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law (e.g. billing records). Avatar data linked to your apps is deleted when you delete the corresponding app or account.

Your Rights

Depending on your location, you may have the right to access, correct, export, or delete the personal data we hold about you. To exercise any of these rights, email us at the address below. We will respond within 30 days.

Children's Privacy

The Service is not directed to children under 13 years of age (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child under the applicable age, we will take steps to delete that information promptly. If you believe we have collected data from a child, please contact us at the email address below so we can take appropriate action.

Do Not Track

We do not currently respond to Do Not Track ("DNT") browser signals. There is no uniform standard for how online services should respond to DNT signals. If a standard is adopted in the future, we will update this policy accordingly.

California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights regarding your personal information:

  • Right to Know — you may request that we disclose the categories and specific pieces of personal information we have collected about you.
  • Right to Delete — you may request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale — we do not sell your personal information and have not done so in the preceding 12 months.
  • Non-Discrimination — we will not discriminate against you for exercising any of your CCPA rights.

To exercise your California privacy rights, email hello@ava-twin.me. We will verify your identity before processing your request and respond within 45 days.

Security

We use industry-standard safeguards including encrypted connections (TLS), hashed credentials, and private database schemas not exposed to the public internet. No method of transmission or storage is 100% secure — if you discover a vulnerability please report it to us responsibly.

Limitation of Liability for Data

To the maximum extent permitted by applicable law, ZedStack LLC shall not be liable for any unauthorized access to or alteration of your data, any data that is lost or corrupted, or any failure to store or transmit your data. You acknowledge that you provide your information at your own risk and that no data transmission over the internet or method of electronic storage can be guaranteed to be completely secure.

Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law provisions. Any disputes arising under or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts located in the State of Delaware.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a notice on our website. The "Effective" date at the top always reflects the current version.

Contact

For privacy questions, data requests, or deletion, email hello@ava-twin.me.

ZedStack LLC, registered in Delaware, United States.