Privacy Policy

1. Introduction and Scope

This Privacy Policy ("Policy") is issued by Twilon ("Twilon," "Company," "we," "us," or "our") and governs the collection, use, processing, storage, disclosure, and protection of personal information and personal data (collectively, "Personal Data") obtained from or about individuals ("you," "your," "User," or "Data Subject") who access, browse, or otherwise interact with our website located at twilon.com (the "Website"), our software-as-a-service products (including, without limitation, Parsium), related applications, application programming interfaces, documentation, support services, and any other services or offerings provided by Twilon (collectively, the "Services").

This Policy applies to all Users of the Services, including but not limited to: (a) visitors to the Website; (b) prospective customers who submit inquiries or request demonstrations; (c) licensed subscribers and authorized end users of Parsium or any other Twilon product; (d) applicants for employment or contractor positions; and (e) any other individual whose Personal Data is processed by Twilon in connection with the Services.

By accessing or using any of the Services, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree to the terms of this Policy, you must immediately discontinue use of the Services. If you are accessing or using the Services on behalf of an organization, you represent and warrant that you have the authority to bind such organization to this Policy.

2. Categories of Personal Data Collected

2.1 Account and Registration Information. When you create an account, register for a subscription, request a product demonstration, submit a contact form, or otherwise communicate with Twilon, we may collect the following categories of Personal Data: full legal name; professional email address; telephone number; job title and role; name and address of your employing organization; billing and payment information (processed through third-party payment processors); account credentials (username and hashed password); and any additional information you voluntarily provide in correspondence with us.

2.2 Employment Application Information. If you apply for a position at Twilon through the Website or any recruitment channel, we may collect: your resume or curriculum vitae; cover letter; educational history; professional experience; references; salary expectations; work authorization status; and any other information you voluntarily submit as part of the application process.

2.3 Automatically Collected Technical Data. As of the effective date of this Policy, Twilon does not deploy cookies, tracking pixels, web beacons, browser fingerprinting, or similar tracking technologies on the Website. We do not collect analytics data, behavioral data, device identifiers, IP addresses, or browsing history through automated means. Should this practice change in the future, this Policy will be updated accordingly, and, where required by applicable law, your consent will be obtained prior to the deployment of any such technologies.

2.4 Information from Third-Party Sources. We may receive Personal Data about you from third-party sources, including but not limited to: Salesforce (in connection with Parsium subscription management and authentication); payment processors (in connection with billing transactions); and publicly available business directories and professional networking platforms, solely to the extent necessary for legitimate business purposes.

3. Purposes and Legal Bases for Processing

Twilon processes Personal Data for the following purposes and on the following legal bases:

3.1 Performance of Contract (Art. 6(1)(b) GDPR). Processing necessary to fulfill our contractual obligations to you, including: provisioning, operating, and maintaining your access to the Services; processing subscription payments and issuing invoices; providing customer support and responding to service requests; delivering product updates, patches, and security fixes; and communicating with you regarding your account and subscription status.

3.2 Legitimate Interests (Art. 6(1)(f) GDPR). Processing necessary for our legitimate business interests, provided such interests are not overridden by your fundamental rights and freedoms, including: analyzing aggregate, de-identified usage patterns to improve the Services; detecting, preventing, and investigating fraud, security incidents, and unauthorized access; enforcing our Terms of Service and other contractual agreements; responding to legal process and complying with legal obligations; marketing and promoting the Services to prospective customers (subject to your right to opt out at any time); and protecting the rights, property, and safety of Twilon, our Users, and the public.

3.3 Consent (Art. 6(1)(a) GDPR). Where required by applicable law, we process certain Personal Data based on your freely given, specific, informed, and unambiguous consent. You may withdraw your consent at any time by contacting us through the methods specified in Section 12 of this Policy, without affecting the lawfulness of processing based on consent before its withdrawal.

3.4 Legal Obligation (Art. 6(1)(c) GDPR). Processing necessary for compliance with a legal obligation to which Twilon is subject, including tax reporting, anti-money laundering, and other regulatory requirements.

4. Disclosure of Personal Data

Twilon does not sell, rent, lease, or trade your Personal Data to third parties for their marketing purposes. We may disclose your Personal Data to the following categories of recipients, solely to the extent necessary for the purposes described in this Policy:

4.1 Service Providers and Processors. Third-party vendors, contractors, and service providers who perform services on our behalf, including but not limited to: cloud infrastructure and hosting providers; payment processors; email delivery services; and customer relationship management platforms. All such service providers are contractually bound to process Personal Data only on our instructions and in accordance with applicable data protection laws.

4.2 Professional Advisors. Attorneys, accountants, auditors, and other professional advisors, to the extent necessary for the provision of their professional services to Twilon.

4.3 Law Enforcement and Regulatory Authorities. Government agencies, law enforcement authorities, courts, and regulatory bodies, where required by applicable law, regulation, legal process, or governmental request, or where Twilon reasonably believes that disclosure is necessary to: (a) comply with a legal obligation; (b) protect and defend the rights or property of Twilon; (c) prevent or investigate possible wrongdoing in connection with the Services; (d) protect the personal safety of Users or the public; or (e) protect against legal liability.

4.4 Business Transfers. In connection with any merger, acquisition, reorganization, sale of assets, or bankruptcy proceeding involving Twilon, your Personal Data may be transferred to the acquiring entity or successor organization, subject to the obligations set forth in this Policy.

5. Data Security

Twilon implements and maintains reasonable and appropriate technical, administrative, and organizational security measures designed to protect Personal Data against unauthorized access, accidental or unlawful destruction, loss, alteration, unauthorized disclosure, and any other forms of unlawful processing. Such measures include, but are not limited to: encryption of data in transit using TLS/SSL protocols; access controls and authentication mechanisms; regular security assessments and vulnerability testing; employee training on data protection and information security; and incident response and breach notification procedures.

Notwithstanding the foregoing, no method of transmission over the Internet and no method of electronic storage is completely secure. While Twilon strives to use commercially reasonable means to protect your Personal Data, we cannot guarantee its absolute security. You acknowledge and accept that any transmission of Personal Data to Twilon is at your own risk.

6. Data Retention

Twilon retains Personal Data only for as long as reasonably necessary to fulfill the purposes for which it was collected, as described in this Policy, unless a longer retention period is required or permitted by applicable law. Specific retention periods are as follows:

6.1 Account Data. Retained for the duration of your active subscription and for a period of thirty (30) days following account termination or expiration, after which it will be securely deleted or anonymized, except to the extent that retention is required for legitimate business purposes, legal compliance, or dispute resolution.

6.2 Employment Application Data. Retained for a maximum period of twelve (12) months from the date of submission, after which it will be securely deleted unless you have consented to longer retention for consideration in future opportunities.

6.3 Contact and Inquiry Data. Retained for up to twenty-four (24) months from the date of the last communication, unless earlier deletion is requested by the Data Subject.

6.4 Financial and Billing Data. Retained for the period required by applicable tax, accounting, and financial reporting regulations, which may extend beyond the termination of your subscription.

8. Third-Party Services and Integrations

Parsium integrates with and relies upon the following third-party platforms and services, each of which maintains its own independent privacy policy and data handling practices:

8.1 OpenRouter. Serves as the API gateway through which User Content is routed to AI model providers for processing. OpenRouter's data handling practices are governed by OpenRouter's own privacy policy and terms of service, available at openrouter.ai.

8.2 AI Model Providers. Various artificial intelligence model providers (including, but not limited to, providers of large language models) that perform the actual document processing and data extraction. The specific AI models used may change over time. Each AI model provider maintains its own privacy policy governing the handling of data submitted for processing.

8.3 Salesforce. Parsium operates as a managed package within the Salesforce platform. Your use of Salesforce is governed by Salesforce's Master Subscription Agreement and Privacy Statement. Twilon is not responsible for Salesforce's data handling practices.

Twilon is an independent software vendor and is not affiliated with, endorsed by, or sponsored by any of the foregoing third-party services. Twilon makes no representations or warranties regarding the privacy or security practices of any third-party service, and Twilon shall not be liable for any acts or omissions of any third-party service provider.

9. Your Privacy Rights

Subject to applicable law and certain exceptions, you may have the following rights with respect to your Personal Data:

9.1 Right of Access (Art. 15 GDPR). The right to obtain confirmation as to whether Personal Data concerning you is being processed, and, where that is the case, access to the Personal Data and specified information about the processing.

9.2 Right to Rectification (Art. 16 GDPR). The right to obtain the rectification of inaccurate Personal Data concerning you without undue delay, and the right to have incomplete Personal Data completed.

9.3 Right to Erasure (Art. 17 GDPR). The right to obtain the erasure of Personal Data concerning you without undue delay, where one of the grounds specified in Article 17(1) GDPR applies, subject to the exceptions set forth in Article 17(3) GDPR.

9.4 Right to Restriction of Processing (Art. 18 GDPR). The right to obtain restriction of processing where one of the conditions specified in Article 18(1) GDPR applies.

9.5 Right to Data Portability (Art. 20 GDPR). The right to receive your Personal Data in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance, where the processing is based on consent or contract and is carried out by automated means.

9.6 Right to Object (Art. 21 GDPR). The right to object, on grounds relating to your particular situation, at any time to processing of Personal Data concerning you which is based on legitimate interests, including profiling based on those provisions.

9.7 Right to Withdraw Consent. Where processing is based on consent, the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of the foregoing rights, please submit a verifiable request to Twilon through the contact methods specified in Section 12. Twilon will respond to verified requests within thirty (30) days, or within the timeframe required by applicable law. Twilon reserves the right to verify your identity before processing any request and to deny requests that are manifestly unfounded, excessive, or not required by applicable law.

10. International Data Transfers

Twilon is based in the United States. If you access the Services from outside the United States, your Personal Data may be transferred to, stored in, and processed in the United States or other jurisdictions where Twilon or its service providers maintain facilities. These jurisdictions may not provide the same level of data protection as your home jurisdiction.

Where Personal Data originating from the European Economic Area ("EEA"), the United Kingdom ("UK"), or Switzerland is transferred to a jurisdiction that has not received an adequacy decision from the relevant authority, Twilon will implement appropriate safeguards to ensure that your Personal Data remains protected in accordance with this Policy and applicable data protection laws. Such safeguards may include the execution of Standard Contractual Clauses approved by the European Commission, reliance on the recipient's certification under an applicable data transfer framework, or other legally recognized transfer mechanisms.

11. California Privacy Rights (CCPA/CPRA)

If you are a resident of the State of California, you have additional rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA"), including:

11.1 Right to Know. The right to request that Twilon disclose: (a) the categories of Personal Data collected about you; (b) the categories of sources from which Personal Data is collected; (c) the business or commercial purpose for collecting or selling Personal Data; (d) the categories of third parties with whom Personal Data is shared; and (e) the specific pieces of Personal Data collected about you.

11.2 Right to Delete. The right to request deletion of Personal Data collected from you, subject to certain exceptions permitted by the CCPA.

11.3 Right to Correct. The right to request correction of inaccurate Personal Data maintained by Twilon.

11.4 Right to Opt-Out. The right to opt out of the "sale" or "sharing" of Personal Data, as those terms are defined under the CCPA. As of the effective date of this Policy, Twilon does not sell or share Personal Data as defined by the CCPA.

11.5 Right to Non-Discrimination. The right not to receive discriminatory treatment by Twilon for the exercise of your privacy rights under the CCPA.

California residents may submit requests by contacting Twilon through the methods specified in Section 12. Twilon will verify requests using a reasonable verification process and respond within forty-five (45) days, as required by the CCPA.

12. Children's Privacy

The Services are not directed to, and are not intended for use by, individuals under the age of eighteen (18). Twilon does not knowingly collect, solicit, or maintain Personal Data from individuals under the age of 18. If Twilon becomes aware that Personal Data has been collected from an individual under the age of 18, Twilon will take reasonable steps to delete such data promptly. If you are a parent or guardian and believe that your child has provided Personal Data to Twilon, please contact us through the methods specified in Section 12 so that we may take appropriate action.

13. Modifications to This Policy

Twilon reserves the right to modify, amend, or update this Policy at any time, in its sole discretion, by posting the revised Policy on the Website with an updated "Effective Date." Your continued use of the Services following the posting of a revised Policy constitutes your acceptance of and agreement to be bound by the revised Policy. If Twilon makes material changes to this Policy that adversely affect your rights, Twilon will use commercially reasonable efforts to notify you by email (if an email address has been provided) or by posting a prominent notice on the Website at least thirty (30) days prior to the changes taking effect. You are encouraged to review this Policy periodically to stay informed about how Twilon is protecting your Personal Data.

14. Contact Information

If you have any questions, concerns, or requests regarding this Policy or Twilon's data processing practices, or if you wish to exercise any of your privacy rights, please contact us through our contact page. Twilon will make every reasonable effort to respond to your inquiry within a timely manner and in accordance with applicable law. If you are located in the EEA or UK and believe that Twilon has not adequately addressed your concerns, you have the right to lodge a complaint with your local supervisory authority.