Twikka logoTwikka
Get Early Access

Privacy Policy

Twikka Privacy Policy

Last updated: April 2026

Novansa OÜ

Estonian Registry Code: 17445226

Sepapaja tn 6, 15551 Tallinn, Harju Maakond, Estonia

Privacy Enquiries: privacy@novansa.com

Who we are

Twikka is operated by Novansa OÜ, a company registered in Estonia (registry code 17445226). We are the data controller for personal data collected through Twikka.

Contact: privacy@novansa.com

1. Our approach to privacy

We built Twikka to help people build sustainable, healthy activity habits. We understand that the data you create in this app — including activity, location, and health information — can be personal and sensitive, and we take our responsibility to protect it seriously.

We collect only what we need to operate the service, we store it securely, and we do not sell it.

2. Legal basis for processing (GDPR)

We are based in Estonia and subject to the General Data Protection Regulation (GDPR). Where GDPR applies to your use of Twikka, we process your personal data on the following legal bases:

  • Operating your account and delivering the service: Performance of contract (Article 6(1)(b))
  • Payment processing: Performance of contract (Article 6(1)(b))
  • Analytics to improve the app: Legitimate interests (Article 6(1)(f))
  • Sending you service-related communications: Performance of contract (Article 6(1)(b))
  • Marketing communications (where you have opted in): Consent (Article 6(1)(a))
  • Compliance with legal obligations: Legal obligation (Article 6(1)(c))
  • Processing health-related data (where you provide it): Explicit consent (Article 9(2)(a))

3. What data we collect

Account data: When you create an account, we collect your email address, a display name, and a password (stored as a hash, not in plain text). You may optionally add a profile picture or avatar.

Profile and health data: If you choose to provide it, we collect information such as age range, gender, height, weight, and self-reported activity levels. This data is used to personalise your experience and is treated as a special category of personal data under GDPR.

Activity content: We store the activity entries, plans, check-ins, notes and social posts you create in Twikka. Where you choose to share content with other users (for example through challenges or social features), those users will see that content.

Usage data: We collect anonymised or pseudonymised data about how you use the app, such as which features you use and how often. This helps us improve the product.

Device and technical data: We collect standard technical information when you use the app, including device type, operating system, app version, and IP address.

Location and locale data: Country (inferred or provided by you), time zone, and language or locale preferences. If you grant location permissions, the app may also use your approximate or precise location to support activity-tracking and city features. You can disable location access at any time from your device settings.

Payment data: If you subscribe to a paid plan, payment is processed by our payment partners (such as Apple App Store, Google Play, or Paddle). We do not store your full payment card details. We receive a transaction record and subscription status from the payment partner.

4. How we use your data

We use your data to:

  • create and manage your account
  • deliver the features of Twikka, including personalised plans and check-ins
  • process payments and manage your subscription
  • respond to support requests
  • send you service notifications (e.g. subscription renewal reminders)
  • improve the app through aggregated analytics
  • meet our legal obligations

We do not use your personal health data to train AI models.

5. Third-party services

We use the following third-party services that may process your personal data:

  • Supabase: Database and authentication infrastructure — Account data, app content
  • Convex: Backend infrastructure for some app features — Activity content, usage data
  • App Store / Google Play / Paddle: Payment processing — Payment and billing information
  • Push notification provider: Push notifications — Device identifiers, notification preferences
  • Analytics provider: App usage analytics — Pseudonymised usage data
  • AI provider (e.g. OpenAI, OpenRouter, Anthropic): AI-powered coaching features — Limited content data to process AI requests

Each of these providers has their own privacy policy and data processing terms. Where required by GDPR, we have Data Processing Agreements in place with these providers.

6. Data transfers outside the EEA

Some of our third-party service providers are based outside the European Economic Area (EEA). Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • adequacy decisions where applicable

7. How long we keep your data

Account data: Until you delete your account, plus 30 days

Activity and health content: Until you delete your account, plus 30 days

Usage analytics: 24 months (aggregated/anonymised)

Payment records: 7 years (for legal and tax compliance)

Backup copies: Up to 90 days after deletion from primary systems

8. Your rights

Under GDPR, you have the following rights:

  • Access — you can ask us for a copy of the personal data we hold about you.
  • Correction — you can ask us to correct inaccurate data.
  • Deletion — you can ask us to delete your data (subject to legal retention requirements).
  • Portability — you can ask us to provide your data in a machine-readable format.
  • Restriction — you can ask us to restrict processing of your data in certain circumstances.
  • Objection — you can object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, contact us at privacy@novansa.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee) or the data protection authority in your country of residence.

9. Data security

We implement technical and organisational measures to protect your data, including:

  • encryption in transit (TLS) and at rest
  • access controls limiting who within our team can access personal data
  • regular security reviews
  • secure, hardened server infrastructure

No system is completely secure. If you become aware of a potential security issue, please contact us at security@novansa.com.

10. Cookies and tracking

The Twikka website and app may use cookies or similar technologies for session management and analytics. You can control cookie settings through your device or browser. Refusing certain cookies may affect how the service functions.

11. Children's data

Twikka is not intended for users under 16. We do not knowingly collect data from minors. If we discover that we have collected data from someone under 16, we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the app. The updated policy will state the date it takes effect.

13. Contact us

For privacy-related questions or to exercise your rights:

Novansa OÜ
Sepapaja tn 6, 15551 Tallinn, Harju Maakond, Estonia
Email: privacy@novansa.com

Questions About Your Privacy?

We're committed to protecting your personal information. Contact us with any privacy-related questions.