Privacy Policy

Last updated: June 1, 2026

TwoPass, Inc. ("TwoPass," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit twopass.xyz, use our approval workflow platform, or communicate with us.

1. Information we collect

Information you provide

  • Contact details (name, email, phone, company name) when you submit forms or request demos
  • Account information when you register for our platform (name, email, role, organization)
  • Workflow data you submit through the platform (documents, comments, approval decisions)
  • Payment and billing information processed by our third-party payment provider
  • Communications you send to our support or sales teams

Information collected automatically

  • Device and browser information (IP address, browser type, operating system)
  • Usage data (pages visited, features used, timestamps, referring URLs)
  • Cookies and similar technologies as described in our Cookie Policy

2. How we use your information

We use personal information to:

  • Provide, operate, and maintain the TwoPass platform
  • Process approval workflows and deliver notifications
  • Respond to inquiries and provide customer support
  • Send service-related communications (account updates, security alerts)
  • Improve our products, website, and user experience
  • Comply with legal obligations and enforce our terms
  • Send marketing communications where you have opted in (you may unsubscribe at any time)

3. Legal bases for processing (EEA/UK)

Where applicable, we process personal data based on: performance of a contract, legitimate interests (improving our services, security), consent (marketing cookies, optional communications), and legal obligations.

4. How we share information

We do not sell personal information. We may share data with:

  • Service providers who assist with hosting, analytics, payment processing, and email delivery
  • Integration partners you authorize (e.g., SSO providers, Slack, Microsoft Teams)
  • Professional advisors (lawyers, accountants) under confidentiality obligations
  • Authorities when required by law or to protect rights and safety
  • Successors in connection with a merger, acquisition, or asset sale

5. Data retention

We retain personal information for as long as necessary to provide services, comply with legal obligations, resolve disputes, and enforce agreements. Workflow and audit data retention periods are configurable by account administrators and described in your service agreement.

6. Security

We implement technical and organizational measures including encryption in transit and at rest, access controls, and regular security assessments. No method of transmission over the internet is completely secure; we cannot guarantee absolute security.

7. Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or port your personal data, and to object to certain processing. California residents may have additional rights under the CCPA. To exercise rights, contact privacy@twopass.xyz. We will respond within the timeframe required by applicable law.

8. International transfers

We are based in the United States. If you access our services from outside the US, your information may be transferred to and processed in the US or other countries. We use appropriate safeguards for international transfers where required.

9. Children's privacy

Our services are intended for business use and are not directed to individuals under 16. We do not knowingly collect personal information from children.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated date. Continued use after changes constitutes acceptance.

11. Contact us

TwoPass, Inc.
1220 SW Morrison Street, Suite 900
Portland, OR 97205, United States
Email: privacy@twopass.xyz
Phone: +1 (503) 555-0147