Orchestrate every channel
from one intelligent
layer.
In 30 minutes we'll show you how Twinny connects to your operation and starts delivering results from week 1.
Ready for your legal committee before the demo.
Twinny is built against European compliance frameworks from day one. Every conversation, every decision and every data point is auditable and reversible.
PILLARS
How the platform is built.
Not a list of promises. Each pillar has a mechanism and an audit behind it.
Data on European territory
Default deployment on AWS Frankfurt or Ireland. On-premise option for regulated sectors. Customer data never leaves the EU without explicit consent.
No training on your data
We don't train generic models on your conversations, cases or documents. Models are yours, logs are yours, decisions are signed in your name.
Per-decision traceability
Every agent action is logged with timestamp, applied policy, consulted data and cryptographic signature. Exportable to your SIEM in OpenTelemetry.
Granular permissions and consent
Roles defined by your organization. Informed consent in every conversation, GDPR rights in one click, guaranteed right to be forgotten.
End-to-end encryption
TLS 1.3 in transit, AES-256 at rest. Keys rotated per policy, custody with KMS independent of the cloud provider.
Continuous audit
Quarterly penetration tests, independent annual SOC 2 review, active bug bounty programme. Reports available under NDA.
IDENTITY, ACCESS & AUDIT
Enterprise SSO, mandatory MFA, granular RBAC.
Access to the platform follows the standards your IT team already uses, without requiring exceptions to corporate policy.
Enterprise SSO
SAML 2.0, OpenID Connect, Google Workspace and Microsoft Entra ID. Automatic provisioning and de-provisioning via SCIM 2.0.
Mandatory MFA
Second factor by default: TOTP, WebAuthn / passkeys, push notifications. Policy configurable per role.
Granular RBAC
Roles defined by your organization, not by Twinny. Permissions at module, pipeline, agent and sensitive-data level.
Immutable audit log
Every login, every access to personal data, every configuration change. Exportable to your SIEM in a standard format.
Sessions and network
Configurable timeouts, remote session kill, optional IP allowlisting, private VPN and AWS peering support.
Critical approvals
Sensitive actions (mass send, agent policy change, recording access) require configurable dual approval.
CERTIFICATIONS AND FRAMEWORKS
European compliance by default.
- GDPR EU 2016/679 General Data Protection Regulation
- EU AI Act European regulation on artificial intelligence
- ISO 27001 Information security management system
- ISO 27017 Cloud-specific security controls
- ISO 27018 Personal data protection in the cloud
- ISO 9001 Quality and traceability management
- SOC 2 Type II Security and availability controls audit
- NIS2 EU cybersecurity directive for essential entities
- HIPAA For healthcare deployments — BAA available
- NIST CSF Cybersecurity risk management framework
- IEC 62443 Cybersecurity for industrial OT systems
- HDS French health-data hosting certification
EU AI ACT
Your agent inside the European AI framework.
The EU regulation classifies AI uses by risk. Twinny manages each deployment according to the level that applies and documents the required controls.
| Level | What it requires | In Twinny |
|---|---|---|
| Minimal | Unrestricted under the EU AI Act (informational chatbots). | Default |
| Limited | Transparency: the agent declares it is AI at the start of each conversation. | Active |
| High | For uses classified as high-risk (HR, credit, clinical care): technical documentation, human supervision and EU registry. | Case by case |
| Prohibited | Twinny does not operate in prohibited uses: social scoring, manipulation, real-time biometric surveillance. | N/A |
PRIVACY AND GDPR
Contractual commitments for your DPO.
Each commitment maps to a concrete mechanism: a signed document, a measurable process or a contact path.
Data processor (GDPR art. 28)
Twinny operates as data processor for personal data entrusted by the customer, who remains the controller.
Signable DPA
Data Processing Agreement available for all customers handling personal data. Templates aligned with EU Commission Standard Contractual Clauses.
Public sub-processors
Public, versioned list of sub-processors. Any change is communicated 30 days in advance.
Rights handling
Access, rectification, deletion, portability, opposition and limitation handled within 30 days of the request.
Breach notification
Customer notification within 72 hours of detection, with technical detail and remediation plan.
DPO available
Data Protection Officer reachable at clientes@twinny.es for queries, requests and authorities.
FREQUENTLY ASKED
What your security team asks us most.
Does Twinny train AI models on customer data?
No. Customer conversations, cases and documents are not used to train generic models. Embeddings and memory stay inside the customer's tenant.
Where is customer data stored?
EU cloud by default (AWS Frankfurt or Ireland). On-premise option for regulated sectors. Data does not leave the EU without explicit, logged consent.
Is a Data Processing Agreement (DPA) available?
Yes. Twinny acts as data processor (GDPR art. 28) and provides a signable DPA for all customers handling personal data.
How are security breaches notified?
Notification to the customer within 72 hours of detection, with technical detail and remediation plan. Supervisory authority is notified when applicable.
Can I review the SOC 2 report before signing?
Yes. The full SOC 2 Type II report is available under NDA for enterprise customers during evaluation.
Does Twinny support on-premise deployment?
Yes. For regulated sectors (healthcare, banking, defense), the decision engine and data can run on the customer's infrastructure. The conversational layer remains managed.
SECURITY CONTACT
A direct path for data protection and incidents.
If your DPO needs to talk, if you find a vulnerability or if you want to review the SOC 2 report under NDA, write to us.
- DATA PROTECTION clientes@twinny.es
- VULNERABILITIES clientes@twinny.es
- REPORTS & AUDITS /en/contact/