Twop

Creators

Real Creator Program

About Twop

Contact

Request app access

Twop Application Privacy Policy

Responsible: MuseumMate, S.L.U. (“TWOP”)
Address: C/ Arlabán, 7 – 8th floor, 28014 Madrid, Spain
CIF: ESB88168299
Contact (privacy/DSA): legal@twop.app
Scope: TWOP app for Android and, where applicable, twop.app.

Last update: 1st September 2025

This policy complements TWOP's general Privacy Policy and focuses on processing in Android/Google Play (including advertising). TWOP is not directed at minors under 16 years; in the EU we do not serve personalised advertising to those under 18.

1) Data We Process

1.1. Data You Provide Us 

  • Account and Profile: alias/name, email, country/language, declared age, photo.

  • UGC (User Generated Content): videos, descriptions, tags, comments, “likes”, saved/lists and metadata (incl. “Where/When” if you publish/unlock it).

  • Communications: support, reports, appeals.

  • Professionals/Creators (if applicable): company name, NIF/VAT, billing and contact information.

 1.2. Data Collected Automatically

  • Usage and Interaction: views, watch time, completion, clicks, searches, shares, quality signals.

  • Device/Diagnostics: IP, model, OS, app version, time zone/language, crashes and logs.

  • Location: approximate or precise only if you grant permission (nearby discovery/“Where/When” feature).

1.3. Purchases/Subscriptions (Google Play Billing)

  • Purchase Identifiers and Status (active, cancelled, renewal, trial), store country.

  • We do not access your card; the charge is managed by Google Play.

1.4. Advertising and Measurement

  • If you consent to personalised ads: we can process AAID (Android Advertising ID), impression/click events, inferred interest categories, auction information, and contextual data (language, region, device type, screen size).

  • If you do not consent: non-personalised ads (NPA) with no use of AAID for personalisation.

2) Purposes and Legal Bases (GDPR)


Purpose

Legal Basis

Provide the service (account, publishing/reproducing, “Where/When”)

Execution of the contract

Personalisation of feed/recommendations

Legitimate interest (you can object in Settings)

Location for nearby features

Consent (system permission)

Operational communications and security

Legitimate interest/legal obligation

Analytics and performance (metrics, crashes)

Consent (except essential technical metrics)

Advertising and measurement (AdMob/Ad Manager)

Consent (NPA if you do not provide it)

Professionals/creators (billing, aggregated metrics)

Execution of the contract

Legal compliance (fiscal/authorities)

Legal obligation

 3) Sharing and Recipients

  • Data processors (contracted service providers GDPR): hosting/CDN, analytics and performance, crash/security, consent CMP, advertising platform (Google Mobile Ads), support and emails.

  • Google Play: purchases/subscriptions and payment account management.

  • Other Users: your profile and UGC according to settings.

  • Authorities: when there is a legal basis.

  • Third Parties Authorised by You: e.g., sharing to social networks.

 We do not sell your personal data.

 International Transfers: if a provider is outside the EEA, we apply Standard Contractual Clauses or other adequate safeguards (with impact assessment where applicable).

 4) Retention

  • Account/Profile: as long as you maintain the account or until its deletion/inactivity (with notice).

  • UGC: while published or until you delete it; backups for a limited time.

  • Usage/Diagnostics: ~12–24 months.

  • Moderation/Security: up to 24 months (longer if there are serious incidents).

  • Transactions/Billing: 6–10 years (legal obligations).

  • Aggregated/Anonymised Data: may be retained.

 5) Your Controls and Rights

  • Privacy Panel in the App: Settings → Privacy/Consents

    • “Analytics and Performance” [On/Off]

    • “Personalised Advertising” [On/Off] (NPA if Off)

    • “Location for Nearby Content” [On/Off]

    • “Reset and Withdraw Consents” [Button]


  • Delete Account and Data (Play requirement): Settings → Account → Delete Account

    • Immediate deletion of the account and, within a reasonable time, related data; backups may persist for up to 90 days; documents/billing are retained by law.

    • Alternative if you cannot access: write to legal@twop.app from the account email with the subject “Delete TWOP Account (Android)”.


  • GDPR Rights: access, rectification, deletion, objection, restriction, portability and withdrawal of consent.

    • How to exercise: in the app or by email to legal@twop.app.

    • Control Authority: AEPD.

 6) Advertising, Consent, and Minors

  • CMP (IAB TCF 2.2 / Google UMP): we display banners/layers to obtain your consent in the EU/EEA; if you reject or do not choose, we display NPA.

  • Respect for system signals (Android “Delete Advertising ID”).

  • Minors: the app is not directed at < 16; in the EU we do not show personalised advertising to < 18 (we enforce NPA).

 7) Android Permissions (Purpose and Nature)

  • Camera (optional, in use): record videos.

  • Microphone (optional, in use): audio for your videos.

  • Photos/Media/Files (optional): select/upload videos from the device.

  • Approximate/Precise Location (optional): nearby content and “Where/When” features.

  • Notifications (optional): operational alerts; you can disable them.

 We do not request permissions in background unless they are necessary for a function that you explicitly accept.

 8) Security

Encryption in transit (HTTPS), access controls, logs and alerts, secure purchase validation, security testing and response plans. We will notify incidents when required.

 9) SDKs and Partners (Default Setup)

  • Analytics/Performance: Firebase Analytics (paused until consent); Firebase Performance (optional, with consent); Firebase Crashlytics (technical, necessary).

  • Advertising: Google Mobile Ads SDK (AdMob/Ad Manager)NPA by default in the EU if you do not consent; if you consent, personalised ads and measurement.

  • Basic Attribution without Cross-App Profiles: Play Install Referrer.

  • CMP: Google UMP or another CMP IAB TCF 2.2.

We will maintain a live list of SDKs/partners (name, purpose, data processed, retention, and links to their policies) at twop.app/ad-partners.

10) Automated Decisions and Profiles

We use systems for content recommendation and abuse detection. We do not make decisions with legal or significant effects based only on automated processing without safeguards provided by law. You can object to feed personalisation in Settings. 

11) Changes to this Policy

We may update it due to legal or service changes. We will notify with reasonable notice if they are substantial. The current version will be in the app (Settings → Privacy) and at twop.app/app-legal/privacy-policy-twop-application.