Twiinix

Privacy Policy

Effective date: June 1, 2026 · Last updated: June 1, 2026 · Version: v1.0

Twiinix is a trade name of Anand R Nair, an individual developer based in Trivandrum, Kerala, India. Twiinix is not a registered company.

This policy explains what personal data I collect when you visit twiinix.tech, use my contact form, buy NinjaSaaS, or engage me for services — why I collect it, what I do with it, and the rights you have under the EU GDPR, the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and India's Digital Personal Data Protection Act, 2023 (DPDP Act).

1. Who is responsible

  • Data controller: Anand R Nair, Trivandrum, Kerala, India.
  • Contact for privacy questions and rights requests: [email protected].
  • Grievance Officer (India IT Rules 2021): Anand R Nair, same email.

2. What I collect and why

2.1 Website visits

  • What: IP address, browser and device type, pages visited, referral URL, timestamps.
  • Why: to run the site, keep it secure, fix bugs, and understand aggregate traffic.
  • Legal basis (GDPR): legitimate interest (Art. 6(1)(f)) — keeping the site up and safe.
  • Legal basis (DPDP): legitimate use.
  • Retention: standard server/access logs for up to 30 days, then deleted or anonymised.
  • Analytics scripts: none at this time. The Twiinix marketing site currently does not load any third-party analytics, advertising, or session-replay scripts. If this changes, I will update this page and (where required) add a consent banner before loading them.

2.2 Contact form / email enquiries

  • What: name, email, message content, any attachments you send, and the email thread that follows.
  • Why: to reply to you and keep a record of our discussion.
  • Legal basis (GDPR): pre-contract steps at your request (Art. 6(1)(b)) and, for general enquiries, legitimate interest.
  • Legal basis (DPDP): consent (you are voluntarily sending me a message) and performance of contract if we go on to work together.
  • Retention: up to 3 years after the last correspondence, then deleted unless we are still working together.
  • Shared with: my email provider (Microsoft Outlook / Exchange Online).

2.3 NinjaSaaS purchases via Gumroad

  • What Gumroad collects from you: name, email, billing address, payment details, tax information, IP and device data. Gumroad is the merchant of record and is an independent data controller for that transaction. Its privacy policy applies.
  • What I receive from Gumroad: your name, email, the product you bought, order ID, country (for tax), and aggregate sales data. I never receive your full payment card details.
  • Why I use it: to deliver the product, respond to support, issue invoices if requested, and meet tax and accounting obligations.
  • Legal basis (GDPR): contract (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c)) for tax records.
  • Legal basis (DPDP): contract and compliance with law.
  • Retention: purchase records for 8 years (Indian tax records) or longer if required by law.

2.4 Services engagements

  • What: your and your company's contact details, the content of our meetings, statements of work, invoices, and any materials you give me to do the work.
  • Why: to deliver the engagement, bill for it, and keep records.
  • Legal basis (GDPR): contract and legal obligation.
  • Retention: engagement records for 8 years from the end of the engagement.

2.5 Newsletter (only if you subscribe)

  • What: email and subscription status.
  • Why: to send occasional updates about NinjaSaaS and related posts.
  • Legal basis (GDPR / DPDP): consent.
  • Retention: until you unsubscribe.

3. I do not sell your personal data

I do not sell your personal data and I do not share it for cross-context behavioural advertising. Under CCPA/CPRA, I do not "sell" or "share" personal information as those terms are defined.

4. Your rights

4.1 Under the EU GDPR and UK GDPR

You have the right to:

  • access the personal data I hold about you;
  • correct inaccurate data;
  • erase your data, subject to retention laws;
  • restrict or object to processing;
  • data portability — receive your data in a structured, machine-readable format;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with your supervisory authority.

4.2 Under the CCPA/CPRA (California residents)

You have the right to:

  • know what personal information I collect and why;
  • delete personal information I collected from you;
  • correct inaccurate personal information;
  • opt out of "sale" or "sharing" (I do not do either);
  • limit the use of sensitive personal information;
  • non-discrimination for exercising your rights.

4.3 Under the DPDP Act, 2023 (India)

You have the right to:

  • access a summary of your personal data and processing;
  • have it corrected, completed, updated, or erased;
  • raise a grievance with the Grievance Officer (see section 1);
  • nominate another individual to exercise your rights in case of death or incapacity.

4.4 How to exercise your rights

Email [email protected]. I aim to respond within 30 days (GDPR), 45 days (CCPA), or the timeframe required by the DPDP Act. I may ask you to verify your identity first.

5. International transfers

I am based in India. If you are in the EEA, UK, or another region with data-export rules, personal data may be transferred to and stored in India. For such transfers I rely on either the EU Standard Contractual Clauses (2021/914) or an applicable adequacy decision, plus a transfer impact assessment where appropriate. If you would like a copy of the SCCs we rely on, email me.

6. Service providers I use

  • Netlify — hosting for twiinix.tech (server logs, CDN).
  • Microsoft Outlook / Exchange Online — email.
  • Gumroad — payment processing and product delivery for NinjaSaaS (merchant of record).
  • GitHub — code hosting (public repos only involve data you voluntarily made public).

If I add analytics, error tracking, or other processors, I will list them here.

7. Security

I protect your data with:

  • TLS for all traffic to and from the site;
  • access controls and strong authentication on the tools I use to store data;
  • regular software updates on the systems under my control;
  • least-privilege access — I am the only person who sees your data.

If I become aware of a personal data breach likely to cause significant harm, I will notify the affected supervisory authority (where required) within 72 hours and notify you without undue delay.

8. Cookies

See the Cookie Policy.

9. Children

The site and NinjaSaaS are not aimed at children under 16 and I do not knowingly collect data from them. If you believe I have, please email me and I will delete it.

10. Changes to this policy

I may update this policy. For material changes I will update the "Last updated" date and, where appropriate, notify subscribers by email.

11. Contact

Privacy questions, rights requests, and grievances: Anand R Nair, [email protected], Trivandrum, Kerala, India.