Data Residency & Privacy Framework
How TWFT Systems manages ephemeral data in high-compliance environments.
The "Ephemeral Storage" Philosophy
Our architecture is designed around short-lived data lifecycles. We do not retain PII (Personally Identifiable Information) beyond the necessary beta testing window (typically 14 days), effectively minimizing the attack surface for our clients.
1. Data Collection & Purpose
We collect only the minimum data required to facilitate the delivery of mobile binaries and crash reports:
| Data Type | Purpose | Retention Period |
|---|---|---|
| Email Address | Delivery of Invite Links & Alerts | Duration of Active Contract + 30 Days |
| Device UDID | Provisioning Profile Generation | Duration of Test Cycle (Max 14 Days) |
| IP Address | Security Audit & Fraud Prevention | 7 Days (Rolling Logs) |
2. Third-Party Subprocessors
To ensure global delivery and reliability, we utilize the following trusted infrastructure providers. All providers are SOC2 Type II compliant.
- Sinch Mailgun (USA/EU): Transactional Email Delivery.
- AWS (Global): Cloud Hosting & Blob Storage.
- Cloudflare (Global): Edge Security & WAF.
3. International Data Transfers
Clients may select their Data Residency Region (US-East or EU-Central) at the project level. For transfers between the EEA and the US, we rely on Standard Contractual Clauses (SCCs) and the Data Privacy Framework.