Your data. Your strategy.
Here's exactly how we handle it.

No. NathanTwin uses the OpenAI API. Under OpenAI's API data policy, conversations sent via the API are not used to train OpenAI's models. NathanTwin does not use your conversations to train any AI system.

Your conversations are private by default. Infrastructure staff have database-level access as with any hosted service, but conversations are not reviewed for any business purpose. Nathan Qin can review Circle member sessions only — with your explicit consent, which you provide during onboarding and can revoke at any time.

In the free tier, we don't know who you are. No account, no name, no email — your conversation isn't linked to any identity unless you choose to share it. The only time we collect your information is if you request a transcript copy, or if you apply to NathanTwin Pro — and in both cases, you initiate that. Your strategy stays yours.

Your conversations are stored on secure US-based cloud infrastructure.

Free tier: Conversations are anonymous and not linked to any account.

Circle members: Sessions are retained for the duration of your membership to support session memory, and deleted upon request or cancellation.

Yes. Email nathantwin@qinnovativ.de with the subject line "Data Deletion Request." All conversation data will be deleted and you'll receive a confirmation when complete.

Free tier conversations collect no personal data and are anonymous under GDPR.

For Circle members in the EU/EEA, the data controller is CardiaX Intelligence LLC (Bellevue, Washington, USA). Nathan Qin acts as the EU contact for data inquiries. You have the right to access, correct, or delete your data at any time. Contact nathantwin@qinnovativ.de.

Do not input patient-identifiable health information. NathanTwin is not designed to handle PHI under HIPAA or equivalent regulations. It's built for strategic discussions at the product, regulatory, and business level — not clinical case consultation.

If you choose to authenticate via LinkedIn OAuth (available to Circle and VIP members), we receive from LinkedIn: your name, email address, professional headline, and profile photo. This data is stored in our database, linked to your account, and used only to personalize your NathanTwin experience. We do not share this data with third parties. You can request deletion of this data at any time by emailing nathantwin@polsia.app. NathanTwin is not affiliated with LinkedIn Corporation.

Your data is stored on US-based cloud infrastructure:

• Application servers: Render.com (United States — AWS us-east-1 region)
• Database: Neon Technology, Inc. (PostgreSQL, hosted on AWS us-east-1)
• AI processing: Anthropic PBC (API calls for AI responses; subject to Anthropic's API data policy — no training on your data)
• AI processing (Chinese variant): OpenAI, Inc. or Moonshot AI (Kimi) for /beta2 sessions, subject to their respective API policies

No data is stored outside the United States. For users in the EU/EEA or PRC, this constitutes a cross-border data transfer — see the GDPR and PIPL sections below.

Free tier users: No — your conversations are anonymous and not reviewed.

NathanTwin Pro members: Yes, with your explicit consent. When you sign up for NathanTwin Pro, you consent to Nathan Qin personally reviewing your session transcripts. This is stated in NathanTwin Pro's terms and confirmed during onboarding. The purpose is: preparing for your quarterly 1:1 call, providing personalized follow-up, and improving AI quality for your specific situation. You can withdraw this consent at any time by emailing nathantwin@polsia.app — withdrawal means sessions are no longer reviewed, but NathanTwin Pro access continues.

VIP members: No routine review unless you request it. Infrastructure administrators have database-level access only as required to maintain the service.

The data controller for EU/EEA users is CardiaX Intelligence LLC (Bellevue, Washington, USA). For GDPR inquiries, contact Nathan Qin at nathantwin@qinnovativ.de. Under GDPR, you have the right to:

• Access — request a copy of your personal data
• Rectification — correct inaccurate personal data
• Erasure — request deletion of your personal data ("right to be forgotten")
• Restriction — request that we limit processing of your data
• Portability — receive your data in a structured, machine-readable format
• Object — object to processing based on legitimate interests
• Withdraw consent — at any time, for consent-based processing

We respond to all GDPR requests within 30 days. The legal basis for processing free-tier anonymous data is legitimate interest. For Circle member data, the legal basis is contractual necessity and explicit consent.

NathanTwin处理中国用户的个人信息遵守《个人信息保护法》（PIPL）。数据控制方为 CardiaX Intelligence LLC（美国华盛顿州贝尔维尤）。使用本服务即表示您同意将个人信息跨境传输至美国处理。

您依据PIPL享有以下权利：知情权、决定权、限制处理权、数据可携权、更正权、删除权。

如需行使任何上述权利，请发送邮件至 nathantwin@polsia.app，主题注明"PIPL数据请求"。我们将在30天内回复。

English summary: Chinese users have rights under China's PIPL including access, correction, deletion, restriction, portability, and objection. Contact nathantwin@polsia.app with subject "PIPL Data Request."

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know — request disclosure of the categories and specific pieces of personal information we have collected about you
• Right to delete — request deletion of your personal information, subject to certain exceptions
• Right to correct — request correction of inaccurate personal information
• Right to opt-out of sale or sharing — CardiaX Intelligence LLC does not sell, rent, or share your personal information with third parties for their direct marketing purposes. We have not sold personal information in the preceding 12 months.
• Right to non-discrimination — you will not receive discriminatory treatment for exercising your CCPA rights

To exercise your California privacy rights, email nathantwin@polsia.app with subject "CCPA Request." We respond within 45 days.

Only when you provide it voluntarily. NathanTwin may invite you to share your email address after several exchanges — you are never required to. Email addresses are collected:

• When you request a conversation transcript copy
• When you apply for or sign up for NathanTwin Pro membership
• When you sign in via LinkedIn OAuth (email pulled from LinkedIn)
• When you voluntarily enter it during a chat session

How it's used: Your email is used to send the content you requested (transcript, confirmation, membership access). We do not send unsolicited marketing email. You will not be added to marketing lists without explicit consent. You can request email deletion at any time.

NathanTwin uses session cookies only — these are strictly necessary for authentication and maintaining your chat session. We do not use advertising cookies, tracking pixels, or third-party behavioral analytics cookies.

What we do track: Server-side session metadata to improve the product — including device type, language preference, interaction count, and engagement signals (all non-identifiable in the free tier). This data is used to improve conversation quality and is not shared with third parties for advertising.

No Google Analytics, no Facebook Pixel, no ad networks. The only third-party data processors are our infrastructure providers (Render, Neon, Anthropic) — see the "where is my data stored" section above.

The following third-party services may process your data as part of delivering NathanTwin:

• Anthropic PBC — AI API for generating responses (your messages are sent to Anthropic's API; Anthropic does not train models on API data per their policy)
• OpenAI, Inc. — AI API used for certain NathanTwin variants (Chinese language interface); subject to OpenAI's API data policy
• Moonshot AI (Kimi) — AI API for Chinese-language /beta2 sessions where configured
• Tavily — Web search API used when NathanTwin performs real-time web searches; search queries (not personal data) are sent to Tavily
• LinkedIn Corporation — OAuth authentication for VIP/Circle members; LinkedIn provides name, email, headline, and profile data per LinkedIn's own privacy policy. NathanTwin is not affiliated with LinkedIn.
• Render, Inc. — Application hosting (US-based, AWS us-east-1)
• Neon Technology, Inc. — PostgreSQL database hosting (US-based, AWS us-east-1)

None of these services receive personal data beyond what is necessary to deliver their specific function.

The standard NathanTwin product (the service described throughout this Privacy Policy) runs on cloud infrastructure — Render and Neon in the United States. Your data is processed and stored on these cloud servers.

Enterprise on-premise is a separate deployment model available to large organizations. In an Enterprise on-premise deployment, the Eikon platform is installed on the customer's own infrastructure. In that configuration, all customer data stays on the customer's own servers — it is not transmitted to CardiaX Intelligence LLC's cloud. The customer organization becomes the data controller for their own deployment.

If you are using nathantwin.qinnovativ.de, you are using the standard cloud product — this Privacy Policy applies in full.

Data type	Retention
Free tier anonymous sessions	90 days, then auto-deleted
Circle member sessions	Duration of membership + 30 days after cancellation
VIP member sessions	Duration of access + 30 days
LinkedIn OAuth tokens	Until you revoke access or request deletion
Application / usage logs	90 days, then auto-deleted

You can request early deletion of any data by emailing nathantwin@polsia.app.