Back to clinicians

Privacy Policy – MyTwin

Last updated: December 23, 2025


Welcome to MyTwin, an application published by We Are One, a SAS registered with the Nanterre Trade and Companies Register under number 953 111 960, whose registered office is located at 26 Rue du Capitaine Ferber, 92130 Issy-les-Moulineaux, France, represented by Mr. Ruben Valcy, legal representative.

This privacy policy explains how We Are One (“we,” “our,” or “the publisher”) collects, uses, stores, and protects your personal data when using the MyTwin application.

1. Purpose of the application

MyTwin is a platform for interoperability and orchestration of certified CE health solutions and independent wellness applications, allowing personalized tracking without producing autonomous medical analysis.

  1. No direct medical purpose

MyTwin is not a medical device within the meaning of Regulation (EU) 2017/745 or equivalent legislation in other jurisdictions.

The application does not provide any diagnosis, prognosis, or medical treatment.

It does not replace the advice of a qualified healthcare professional.

  1. Medical responsibility

The information displayed by MyTwin comes from validated third-party sources and applications.

MyTwin does not alter or interpret medical data.

All medical or therapeutic decisions must be made by a qualified professional, based on a complete clinical assessment.

  1. Health data and security

MyTwin adheres to international security and privacy standards, including:

  • the General Data Protection Regulation (GDPR) for the European Union,
  • the Personal Data Protection Act (PDPA) for Southeast Asian countries,
  • the Health Insurance Portability and Accountability Act (HIPAA) for the United States.

Health data is hosted on secure servers compliant with local regulations (e.g., HDS-certified hosts in Europe).

Users retain full ownership and control of their data at all times.

  1. Interoperability and third-party services

MyTwin integrates certified third-party applications and services.

Each connected application remains responsible for the compliance of its own medical functionalities.

MyTwin acts solely as a connection and visualization interface.

  1. Emergency and health

In case of symptoms, emergencies, or medical questions, please contact a healthcare professional or the emergency services of your country immediately.

MyTwin must never be used to establish a diagnosis or determine treatment in emergency situations.

MyTwin is not a medical device.

The application does not replace medical advice, diagnosis, or treatment.

All information and recommendations provided are for informational purposes only and must always be validated by a qualified healthcare professional.

2. Data collected

We only collect data that users voluntarily provide or explicitly consent to record through their interaction with the application or the MyTwin Assistant.

These data may include the following categories:

Identification data

  • User ID, email address, default language, display preferences.
  • Profile information: first name, last name, date and place of birth, biological sex, city and country of residence.

Health and wellness data

  • Medical identity: blood type, medical history, allergies, disabilities, risk factors.
  • Lifestyle habits: nutrition, sleep, physical activity, consumption (tobacco, alcohol, caffeine, etc.).
  • Measurements: weight, height, blood pressure, heart rate, body composition, biometric data.
  • Healthcare professionals: names and specialties of associated practitioners (e.g., general practitioner, physiotherapist).
  • Contacts: trusted persons, caregivers, or emergency contacts.
  • Documents: medical reports, assessments, prescriptions, or any manually uploaded files.
  • Connected data: information from partner devices or applications (e.g., smartwatches), only with explicit authorization.

All these data are optional, subject to consent, and can be viewed, modified, or deleted at any time by the user.

Technical data

  • Diagnostic and usage data (logs, errors, anonymized statistics).
  • Device information (model, operating system, app version).

No sensitive data is collected without explicit consent.

You may delete your data at any time through your account or by contacting us (see § 9).

3. Purpose of data processing

Your data is used solely to:

  1. Provide MyTwin’s core features (wellness tracking, personalized analyses).
  2. Improve the app’s performance, reliability, and security.
  3. Personalize your user experience (language, preferences).
  4. Comply with legal obligations (data deletion requests, data security).

We do not sell or share your data with third parties for commercial purposes.

4. Legal basis for processing

The processing of your data is based on:

  • Your explicit consent for health or wellness data.
  • Performance of a contract (MyTwin Terms of Use).
  • Legal obligations (data security, GDPR compliance).

5. Data storage and security

Data is hosted on a European cloud certified for Health Data Hosting (HDS), ensuring compliance with security and confidentiality standards applicable to health data.

Our hosting infrastructure complies with:

  • the General Data Protection Regulation (GDPR – EU 2016/679),
  • the ISO/IEC 27001 information security management standard,
  • and HDS certification requirements for cloud service providers in France and the EU.

During the Beta Program, certain technical or anonymized data may temporarily transit through non-HDS servers for the sole purpose of:

  • debugging, performance analysis, or technical development.

These processes nonetheless adhere to GDPR security standards.

We implement all necessary technical and organizational measures to ensure:

  • Confidentiality of information,
  • Integrity and resilience of systems,
  • Availability of data,
  • and Traceability of access.

All communications between the application and our servers are encrypted using HTTPS/TLS protocols.

Internal access is restricted to authorized personnel only, bound by strict confidentiality obligations.

6. Data retention period

Your data is retained as long as your account remains active.

If your account is inactive for 12 consecutive months, a notification email will be sent before deletion.

Anonymized technical logs may be kept for up to 24 months for statistical purposes.

7. Data sharing and subcontracting

We may use technical service providers for hosting, maintenance, and anonymized performance analysis.

These providers are bound by strict contractual clauses ensuring confidentiality and GDPR compliance.

No data is shared with third parties without your explicit consent.

8. User rights

In accordance with the General Data Protection Regulation (GDPR – EU 2016/679), you have the following rights:

  • Access your personal data;
  • Rectify or update it;
  • Delete it (“right to be forgotten”);
  • Restrict or object to processing;
  • Portability of your data (upon written request).

To exercise these rights, contact us at the address provided in § 9.

9. Contact

DPO / MyTwin Support Contact

Email: contact@my-twin.io

Postal address: We Are One, 26 Rue du Capitaine Ferber, 92130 Issy-les-Moulineaux, France

We respond to all requests within a maximum of 30 days.

10. Data concerning minors

MyTwin is intended for users aged 18 and over.

We do not knowingly collect personal data from minors under 18 years of age.

If such data is mistakenly transmitted, it will be deleted immediately upon notification.

11. Policy updates

We may update this policy at any time.

In the event of substantial changes, you will be notified through the application or by email.

The date of the last update appears at the top of this page.

12. Supervisory authority contact

In case of unresolved disputes, you may contact the competent supervisory authority:

CNIL – Commission Nationale de l’Informatique et des Libertés

3 Place de Fontenoy, TSA 80715 – 75334 Paris Cedex 07 – France

www.cnil.fr