Privacy Policy
Effective date: April 5, 2026
1. Introduction
This Privacy Policy explains how twittyn ("we", "us", "our") collects, uses, stores, and protects your personal data when you use twittyn-games ("Service"). We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR/DSGVO) and applicable German data protection law.
2. Data Controller
The data controller responsible for your personal data is:
twittyn
Germany
Contact:
3. Data We Collect
| Data Type | Purpose | Legal Basis (GDPR) |
|---|---|---|
| OAuth tokens (YouTube, TikTok, Instagram, Facebook, X) | Upload videos on your behalf | Art. 6(1)(a) Consent |
| Uploaded videos | Temporary storage for processing and delivery | Art. 6(1)(b) Contract performance |
| Video metadata (title, description, hashtags) | Pass to destination platforms | Art. 6(1)(b) Contract performance |
| Templates and preferences | Save your game configurations | Art. 6(1)(b) Contract performance |
| Browser type and screen resolution | Ensure compatibility | Art. 6(1)(f) Legitimate interest |
| IP address (server logs) | Security and abuse prevention | Art. 6(1)(f) Legitimate interest |
4. How We Use Your Data
- Video uploads: We temporarily store your video on our server, transmit it to your selected platforms via their APIs, then delete it from our server.
- OAuth tokens: Stored securely to authenticate with third-party platforms. Used solely for uploading content you initiate.
- Templates: Stored in your browser (localStorage/IndexedDB) and optionally on our server for cross-device access.
- GIF search: Search queries are sent to the GIPHY API. We do not store your search history.
5. Third-Party Services
We integrate with the following services. When you use these integrations, your data is subject to their privacy policies:
- YouTube / Google: YouTube Data API v3. Google Privacy Policy. You can revoke access at Google Security Settings.
- TikTok: Content Posting API. TikTok Privacy Policy.
- Instagram / Facebook (Meta): Graph API. Meta Privacy Policy.
- X (formerly Twitter): X API v2. X Privacy Policy.
- GIPHY: GIF search API. GIPHY Privacy Policy.
6. Data Storage and Security
Your data is stored on servers located in the European Union (Germany). We implement appropriate technical and organizational measures to protect your data, including:
- HTTPS/TLS encryption for all data in transit.
- OAuth tokens stored server-side with restricted file permissions.
- Video files stored temporarily with unique filenames; no public directory listing.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Uploaded videos | Deleted within 24 hours after successful delivery to all platforms, or within 7 days if delivery fails. |
| Queue metadata (JSON) | Deleted when the corresponding video is deleted. |
| OAuth tokens | Retained until you revoke access or request deletion. |
| Templates/preferences | Retained until you delete them or request account deletion. |
| Server logs | Automatically deleted after 30 days. |
8. Cookies and Local Storage
We do not use tracking cookies. We use the following browser storage mechanisms:
- localStorage: Stores your game templates and settings. No personal data.
- IndexedDB: Stores your local media library (GIFs, music). Data stays in your browser and is not transmitted to our servers unless you explicitly use the upload feature.
9. Your Rights (GDPR)
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15): Request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): Request correction of inaccurate data.
- Right to erasure (Art. 17): Request deletion of your personal data.
- Right to restriction (Art. 18): Request restriction of processing.
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
- Right to object (Art. 21): Object to processing based on legitimate interest.
- Right to withdraw consent (Art. 7): Withdraw consent at any time (e.g., by revoking OAuth access).
To exercise any of these rights, contact us at the address below. We will respond within 30 days.
10. Revoking Third-Party Access
You can revoke twittyn's access to your third-party accounts at any time:
- YouTube: Google Account Permissions
- TikTok: Settings > Privacy > Manage app permissions
- Instagram/Facebook: Settings > Apps and Websites
- X: Settings > Security and account access > Apps and sessions
After revocation, we delete the stored tokens within 24 hours.
11. International Data Transfers
When you upload content to platforms operated outside the EU (e.g., YouTube/Google, TikTok, Meta, X), your content is transferred to their servers which may be located outside the European Economic Area. These transfers are governed by each platform's own data protection measures and legal frameworks.
12. Children's Privacy
Our Service is not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child, please contact us immediately and we will delete it.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the Service. The "Effective date" at the top indicates the latest revision. Continued use after changes constitutes acceptance.
14. Supervisory Authority
If you believe we are processing your data unlawfully, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.
15. Contact
For privacy-related questions or to exercise your rights, contact us at: