Privacy Policy

Last updated: April 2026

1. Introduction

TWOZERO ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you use our Service.

TWOZERO is a creative layer for TouchDesigner providing AI-assisted creative production tools, cloud components, and standalone utilities. The Service includes TWOZERO MCP (AI-assisted patch generation via Model Context Protocol), TWOZERO APP (web-based content generation), TWOZERO HUB (component library), and standalone Tools (Timeline, Zerror, Setup). All components share a single credit balance.

Operator: SETUP DESIGN DMCC, Dubai, UAE

2. Information We Collect

2.1 Account Information

Email address
Name (optional)
Password (encrypted)
Authentication tokens (if using third-party sign-in)

2.2 Payment Information

Card payments are processed by Lemon Squeezy; we do not store credit card details
Cryptocurrency payments: we receive wallet address, transaction hash, amount, and confirmation status
We store: transaction ID, amount, payment method type, payment status, and credit balance changes

2.3 Usage Data

Credit balance and transaction history (credits purchased, consumed, and remaining)
APP: creation history (generation type, settings, outputs)
MCP: request metadata only (request type, credit cost, timestamp). We do not store prompt content or generated code from MCP requests
HUB: component access and download history
Tools: license activation records
Login times and IP addresses
Device and browser information (for APP and web access)

2.4 Communications

Support tickets and emails
Feedback you provide

2.5 Content Data

TWOZERO APP (Private Workspace):

Prompts and inputs you submit for generation
Reference images you upload
Outputs stored in your private workspace

TWOZERO APP (Publication Submissions):

Content you voluntarily submit for publication on the curated feed
Review records and decisions
Publication status and history

TWOZERO MCP:

We store only billing metadata (request type, credit cost, timestamp)
We do not store, log, or review the content of your prompts or generated outputs
All MCP outputs (patches, code, components) are generated and delivered to your local environment

TWOZERO Tools:

License activation records (account, tool name, activation date)
We do not collect data about your use of standalone tools after activation

3. How We Use Your Information

We use your data to:

Provide and improve our Service
Process payments and manage credits
Send service-related notifications
Respond to support requests
Prevent fraud and abuse
Enforce our Terms of Service and Acceptable Use Policy
Moderate content submitted for publication
Comply with legal obligations

4. Privacy Model by Service Component

TWOZERO handles data differently depending on which component you use:

4.1 TWOZERO APP (Private Workspace)

Aspect	How We Handle It
Visibility	Only you can access your private content
Monitoring	We do NOT actively monitor private content
Storage	Encrypted and stored securely on our servers
Sharing	Never shared publicly without your submission
Retention	Until you delete or account termination

Your private creations remain private. We do not review, analyze, or expose your private workspace content to other users or third parties, except:

When required by law
To investigate reported abuse linked to your account
When you voluntarily submit content for publication

4.2 TWOZERO APP (Curated Public Feed)

Aspect	How We Handle It
Visibility	Visible to all users after approval
Monitoring	Every submission is reviewed before publication
Storage	Stored as public content
Sharing	Displayed on curated public feed
Retention	Until you request removal

Content you submit for publication is reviewed. The public feed is curated: our team reviews every submission, with automated screening assistance. This includes recording of review decisions.

4.3 TWOZERO MCP

Aspect	How We Handle It
Prompts	Not stored, not reviewed, not logged
Generated outputs	Delivered to your local environment, not stored by us
Billing data	Request type, credit cost, and timestamp are stored
Third-party LLM	MCP requests are processed through third-party LLM providers (e.g., Anthropic, OpenRouter). Their privacy policies apply to prompt processing

MCP is privacy-minimal by design. We store only what is needed for billing. Your prompts, generated patches, and code remain between you and the LLM provider you use.

4.4 TWOZERO Tools (Standalone)

Standalone tools operate locally on your machine after activation. We store only the license activation record (account, tool, date). No usage telemetry is collected from standalone tools.

4.5 What We See vs. What We Don't

Data Type	APP Private	APP Publication	MCP	Tools
Prompts	Not reviewed	May be reviewed	Not stored	N/A
Outputs	Not reviewed	Reviewed	Not stored	Local only
Billing data	Stored	Stored	Stored	Activation only
User identity	Protected	Protected	Protected	Protected

5. Content Moderation and Safety

5.1 APP Private Content Processing

For content in your TWOZERO APP Private Workspace:

Content safety filters are applied at creation time
Automated systems may block certain prohibited prompts
We do not perform post-creation review of private content
Private content is not used for training purposes

5.2 APP Publication Review

The curated public feed operates as follows:

Every submission is reviewed by our team before publication
Automated screening assists the review process
Review decisions are recorded for quality assurance and compliance
We reserve the right to reject any submission without explanation

5.3 MCP Processing

For TWOZERO MCP requests:

We do not store or review prompt content
We do not store or review generated outputs (code, patches)
We store only billing metadata required for credit deduction
Your prompts are processed by third-party LLM providers under their respective privacy policies

5.3 Data Retention for Safety

We may retain records of:

Prompts and outputs flagged for policy violations
Account actions taken for Terms violations
Moderation decisions and appeal records
Information necessary to comply with legal requests

6. Data Sharing

We share your information only with:

Recipient	Purpose	Data Shared
Lemon Squeezy (card payments)	Payment processing	Email, transaction data
Cryptocurrency payment processor	Crypto payment processing	Wallet address, transaction data
Cloud providers (Heroku, S3)	Service infrastructure	Encrypted usage and content data
AI model providers (APP generation)	Image/video/audio generation	Prompts (anonymized, no personal data)
LLM providers (MCP)	Patch and code generation	Processed through your LLM client; we do not relay prompts
Legal authorities	When required by law	As legally required

We do NOT:

Sell your personal data
Share data for third-party marketing
Use your private creations for training purposes without consent
Expose your private workspace to other users

7. Data Security

We implement appropriate technical and organizational measures:

Encryption in transit (TLS) and at rest
Access controls and authentication
Separation of private and public content storage
Regular security assessments
Incident response procedures

7.1 Private Content Security

Private workspace content is encrypted
Access restricted to your authenticated sessions
Not accessible to other users or our staff (except as noted)

7.2 Public Content Security

Published content is stored separately from private content
Moderation logs are access-controlled
User identity protection options available

8. Your Rights

Depending on your location, you may have rights to:

Access your personal data
Correct inaccurate data
Delete your data (subject to legal retention requirements)
Export your data
Object to certain processing
Withdraw consent
Request removal of published content

To exercise these rights, contact hello@twozero.ai.

8.1 Deleting Your Content

Private Content: You can delete private content at any time through your dashboard.

Published Content: You can request removal of published content. We will process removal requests within 7 days.

Account Deletion: Upon account deletion, we will:

Delete your private workspace content within 30 days
Remove your published content (or anonymize if required for platform integrity)
Retain only data required by law

9. Data Retention

Data Type	Retention Period
Account information	Until account deletion + 30 days
APP private creation history	12 months (configurable) or until deletion
APP published content	Until you request removal
MCP billing metadata	As required for accounting (typically 7 years)
Tool license records	Duration of account + 30 days
Payment records	As required by law (typically 7 years)
Review records	2 years
Safety-related records	As necessary for enforcement and legal compliance

10. International Transfers

Your data may be processed in countries outside your residence. We ensure appropriate safeguards are in place for such transfers, including:

Standard contractual clauses
Data processing agreements with service providers

11. Children's Privacy

Our Service is not intended for users under 18. We do not knowingly collect data from minors. If you believe we have obtained personal information from a minor, please contact us immediately.

12. Third-Party Services

We use third-party services for:

Payment processing
Content creation processing
Cloud infrastructure
Analytics

These providers have their own privacy policies. We select providers with appropriate data protection standards.

13. Cookies and Tracking

We use essential cookies for:

Authentication and session management
Security and fraud prevention
Service functionality

We do not use tracking cookies for advertising purposes.

14. Changes to This Policy

We may update this Policy periodically. Material changes will be communicated via email or dashboard notification. Continued use after changes constitutes acceptance.

15. Contact

For privacy inquiries:

TWOZERO
Email: hello@twozero.ai
Website: https://twozero.ai
Operated by: SETUP DESIGN DMCC
Dubai, United Arab Emirates

Data Protection Contact: hello@twozero.ai