Twop

Creators

Real Creator Program

About Twop

Contact

Request app access

Twop iOS app subscription Privacy Policy

Responsible: MuseumMate, S.L.U., C/ Arlabán, 7, 8th floor, 28014 Madrid (Spain). CIF: ESB88168299.
Contact (privacy/DSA): legal@twop.app

Date of coming into effect: 1st September 2025

This specific Policy complements the general Privacy Policy of TWOP and focuses on the treatments necessary for subscriptions on iOS.

1. Data we collect regarding your subscription 

  • Purchase identifiers and status: transaction identifiers, purchase token/receipt, subscription status (active, cancelled, renewing, grace period), frequency, start/end date, free trial/introductory offer and store country.

  • Management events: renewals, cancellations, plan changes, payment attempts, grace period, receipt reinforcement and server-to-server notifications from Apple (if enabled).

  • Support data: communications you send us (e.g., questions, issues, purchase restoration).

  • We do not access the card number or banking data: payments are handled by Apple.

2. Purposes and legal bases

Providing and managing your subscription (activation, receipt verification, renewal, restoration, plan changes). Base: contract execution.

  • Fraud prevention and security (receipt validation, detection of abusive use). Base: legitimate interest and legal obligation.

  • Customer service (inquiries, issues, cancellations). Base: contract execution/legitimate interest.

  • Legal obligations (tax, accounting). Base: legal obligation.

  • Aggregated analytics on subscriptions (new sign-ups, cancellations, retention) without identifying the user. Base: legitimate interest.

3. Sources and data flow

  • From your device: purchase initiation, restoration, receipt verification.

  • From Apple: purchase confirmation, status changes (StoreKit/App Store Server Notifications).

  • From you: support inquiries.
    TWOP verifies receipts securely and only processes the minimum necessary data to confirm your right of access to the Plan.

4. Retention

  • Subscription and billing data: for the duration of the subscription and thereafter for the legal retention periods (usually 6–10 years for tax/accounting obligations).

  • Support tickets: up to 24 months from their closure, unless there are open issues or legal requirements.

 5. Recipients and processors

  • Apple (App Store): manages the billing and the subscription account.

  • Providers acting as processors (e.g., hosting, server-to-server notifications, secure storage of subscription metadata, support tools).

  • Authorities: when there is a legal basis or valid requirement.
    We do not sell your personal data.

6. International transfers 

If we use providers outside the EEA, we will apply Standard Contractual Clauses or other appropriate safeguards, with impact assessment when necessary.

7. Rights

You can access, rectify, delete, object, limit, port your data and withdraw consents.

For billing/cancellation/refunds, you must manage your subscription with Apple (Account → Subscriptions).

For data rights or additional support: legal@twop.app. If you wish, you can complain to the AEPD.

8. Minors

Subscriptions are intended for over 16s. If we detect that age/consent requirements are not met, we may close the account and remove data reasonably soon.

9. Security

We apply appropriate technical and organisational measures (encryption in transit, access controls, secure receipt validation, audit logs and incident response).

10. Changes

We may update this Policy to reflect legal or technical changes. We will inform you with reasonable notice if substantial. The current version will be available in the app and at twop.app/app-legal/apple-privacy-user-subscription.