Back to builders

Privacy policy - MyTwin Lab

Last updated: March 1, 2026


Welcome to MyTwin Lab, a collaborative ecosystem operated by We Are One, a French simplified joint-stock company (SAS), registered with the Trade and Companies Register of Nanterre under number 953 111 960, with its registered office at 26 Rue du Capitaine Ferber, 92130 Issy-les-Moulineaux, France, represented by its President, Ruben Valcy.

This Privacy Policy explains how We Are One (hereinafter “we”, “us”, or “the Operator”) collects, uses, stores, and protects personal data in connection with the use of MyTwin Lab.

1. Nature of MyTwin Lab

MyTwin Lab is a collaborative environment designed to connect startups, developers, healthcare professionals, researchers, students, patients, and independent contributors working on digital health and wellness projects.

MyTwin Lab:

  • Does not provide medical services;
  • Does not operate as a healthcare provider;
  • Does not manufacture or distribute medical devices;
  • Does not host or manage end-user health data on behalf of member projects.

The Lab processes only data necessary for the management of its community and operations.

Projects developed within the Lab remain under the sole responsibility of their respective creators.

2. Data Controller

For personal data collected directly in connection with MyTwin Lab membership and operations, We Are One acts as the data controller within the meaning of the General Data Protection Regulation (GDPR – EU 2016/679).

For any personal data processed by members within their own projects, each member acts as an independent data controller.

Under no circumstances shall MyTwin Lab be considered a joint controller or processor for member-developed projects, unless a separate written agreement expressly provides otherwise.

3. Categories of Data Collected

We collect only data that is voluntarily provided or automatically generated in connection with the use of MyTwin Lab.

A. Identification Data

  • Full name
  • Email address
  • Professional affiliation or organization
  • Country of residence
  • Professional role or expertise
  • Username and login credentials

B. Professional and Project Data

  • Description of projects submitted
  • Areas of expertise
  • Collaboration interests
  • Pitch materials or documentation voluntarily shared

C. Technical Data

  • IP address
  • Device type and operating system
  • Browser type
  • Log files
  • Access timestamps
  • Usage statistics

No health data of end users is intentionally collected by MyTwin Lab in its capacity as a collaborative platform.

If a member voluntarily shares health-related information within project documentation, such disclosure occurs under the sole responsibility of that member.

4. Purposes of Processing

Personal data is processed exclusively for the following purposes:

  1. Managing membership and access to the Lab;
  2. Facilitating collaboration between members;
  3. Organizing events, workshops, or communications;
  4. Ensuring security and integrity of the platform;
  5. Complying with legal and regulatory obligations;
  6. Improving the quality and functionality of the Lab.

We do not sell personal data.

We do not share personal data for commercial marketing purposes without explicit consent.

5. Legal Basis for Processing

Processing activities rely on:

  • Contractual necessity (membership and access to the Lab);
  • Legitimate interest (community management, network development, platform security);
  • Legal obligations (regulatory compliance);
  • Consent, where applicable.

6. Data Hosting and Security

Personal data is hosted within the European Union or in jurisdictions offering an adequate level of protection under GDPR.

We implement appropriate technical and organizational measures to ensure:

  • Confidentiality of personal data;
  • Integrity of systems;
  • Availability and resilience of services;
  • Protection against unauthorized access.

Security measures include:

  • Encrypted communications (HTTPS/TLS);
  • Restricted internal access controls;
  • Role-based authorization policies;
  • Secure infrastructure aligned with industry standards (e.g., ISO/IEC 27001-aligned providers where applicable).

MyTwin Lab does not operate as a certified health data host (HDS) for member projects.

Members developing applications involving health data must independently ensure compliance with applicable hosting and security requirements.

7. Data Retention

Personal data is retained for the duration of active membership.

In case of prolonged inactivity (12 months without login), we may notify the member prior to account deletion.

Certain technical logs may be retained for up to 24 months for security and audit purposes.

Data may be retained longer where required by law.

8. Data Sharing and Subprocessors

We may engage technical service providers for:

  • Hosting infrastructure;
  • Platform maintenance;
  • Security monitoring;
  • Analytics (in anonymized or aggregated form).

All subprocessors are contractually bound to comply with GDPR and confidentiality obligations.

We do not share member data with third parties for advertising or resale purposes.

9. International Transfers

If personal data is transferred outside the European Economic Area (EEA), such transfer will occur only:

  • To countries recognized by the European Commission as providing adequate protection; or
  • Under appropriate safeguards such as Standard Contractual Clauses (SCCs).

10. User Rights

In accordance with GDPR (EU 2016/679), members have the right to:

  • Access their personal data;
  • Request rectification;
  • Request erasure (“right to be forgotten”);
  • Request restriction of processing;
  • Object to processing;
  • Request data portability;
  • Withdraw consent at any time (where processing is based on consent).

Requests may be submitted via the contact information provided below.

We will respond within one (1) month, as required by law.

11. Data of Minors

MyTwin Lab is intended for individuals aged 18 years or older.

We do not knowingly collect personal data from minors.

If such data is identified, it will be deleted without undue delay.

12. Changes to this Policy

We reserve the right to modify this Privacy Policy at any time.

In case of substantial changes, members will be notified via email or through the platform.

The latest version is always indicated at the top of this document.

13. Contact and Supervisory Authority

For any questions regarding this Privacy Policy or to exercise your rights:

Email: contact@my-twin.io

Postal address:

We Are One

26 Rue du Capitaine Ferber

92130 Issy-les-Moulineaux

France

If you believe your rights have been violated, you may lodge a complaint with the competent supervisory authority:

CNIL – Commission Nationale de l’Informatique et des Libertés

3 Place de Fontenoy, TSA 80715

75334 Paris Cedex 07 – France

www.cnil.fr