Meta Protocol Inc. • https://twothumbs.ai
Company Address: 251 Little Falls Drive, Wilmington, DE 19808
Last Updated: January 14, 2026
This Privacy Policy ("Policy") explains how Meta Protocol Inc. ("Meta Protocol," "TwoThumbs," "we," "us," or "our") collects, uses, discloses, and otherwise processes personal information in connection with https://TwoThumbs.ai (the "Site") and our APIs, dashboards, developer tools, documentation, and related services (collectively, the "Service"). This Policy is written to align with our Terms of Service and is intended to be read together with them.
IMPORTANT NOTICE ABOUT AI MODELS AND PROVIDERS. TwoThumbs routes certain requests (including Inputs) to third-party model providers ("Providers") and returns Outputs generated by those Providers. Providers are independent third parties and their handling of Inputs and Outputs is governed by Provider terms and policies, not this Policy. You should not submit sensitive personal information through the Service unless you have a lawful basis to do so and you have evaluated whether the applicable Provider's terms and controls are suitable for your use case.
1. Changes to This Policy
We may modify this Policy from time to time. If we make changes, we will post the revised Policy on the Site and update the "Last Updated" date above. If we make material changes to how we collect, use, or disclose personal information, or changes that materially affect your rights, we will provide additional notice that is reasonably designed to inform you (for example, via email to the address associated with your Account or via an in-product notice). Your continued use of the Site or Service after the revised Policy becomes effective means you accept the revised Policy.
2. Personal Information We Collect
"Personal information" generally means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with you or your household. The personal information we collect depends on how you interact with the Site and Service.
We collect personal information you provide to us, such as identifiers and contact information (including name, email address, billing contact details, organization name, and Account credentials), communications you send to us (including support tickets and emails), and transactional information (including records of funding events, invoices, payments, refunds, credits, and associated confirmations). If you include personal information in content you submit through the Service (for example, a prompt or dataset containing names, emails, or other identifiers), we will receive and process that information as part of providing the Service and routing requests to Providers.
We also collect information automatically, including IP address, device and browser identifiers, operating system, time zone, approximate location derived from IP, access times, pages or screens viewed, referring/exit pages, session duration, and diagnostic information such as logs, performance metrics, and error reports. Because TwoThumbs is a usage-metered platform, we also collect usage telemetry necessary for billing and security, which may include request timestamps, model routing selections, token counts or other metered units, latency measurements, and abuse or fraud signals.
Cookies and similar technologies may be used for functionality, security, analytics, and performance. We use Google Analytics ("GA") and PostHog to understand how users interact with the Site and Service. PostHog may support product analytics features and, depending on configuration, may support session replay or similar tools that help us diagnose issues and improve usability; we endeavor to configure such tools to avoid capturing sensitive fields, but you should assume that interactions with the Site may be recorded as part of telemetry. We also use Dune Analytics to analyze and visualize blockchain-related data and usage trends.
3. How We Use Personal Information
We use personal information to provide and operate the Service, including to create and administer Accounts, route requests to Providers, authenticate users, provide customer support, meter usage, and maintain accurate billing records. We use personal information to process payments, fund prepaid balances, issue invoices and receipts, handle refunds or credits where applicable, and maintain required accounting records. We also use personal information to secure the Site and Service; to detect, prevent, and investigate fraud, abuse, and malicious activity; to enforce our Terms and policies; and to protect the rights, property, and safety of TwoThumbs, our users, Providers, and the public.
We use telemetry and analytics to monitor performance, conduct debugging, fix bugs, maintain reliability, and improve the Service. We may use aggregated and de-identified information to understand feature adoption and to generate high-level metrics and analytics reports. Where permitted by law, we may send marketing communications about TwoThumbs; you may opt out of marketing emails, but you may still receive transactional and administrative messages. We also process personal information to comply with applicable law, lawful requests, and legal process, and to resolve disputes.
4. AI Inputs/Outputs, Logging Defaults, and Provider Handling
TwoThumbs's core function is routing requests to third-party Providers. To provide the Service, we transmit Inputs to the selected Provider and receive Outputs from that Provider. Providers may process, log, retain, or otherwise use Inputs and Outputs pursuant to their own terms and policies, which may differ across Models. TwoThumbs does not control Providers' data practices, and Provider terms govern Provider processing.
By default, TwoThumbs seeks to minimize retention of raw Inputs and Outputs, while retaining limited technical and billing metadata necessary to operate a usage-metered platform. This generally includes timestamps, model route, token counts or other metered units, latency and error diagnostics, and abuse/fraud signals. By default, we do not use raw Inputs or Outputs to train TwoThumbs foundation models. If you opt into features that clearly indicate they store content (such as prompt logging, chat history, traces, or evaluation tooling), we may store Inputs and Outputs related to those features and process them as described in our Terms and any in-product disclosures. We may also process information in aggregated or de-identified form to analyze trends and generate analytics outputs intended not to identify individual users.
5. How We Disclose Personal Information
We may disclose personal information to vendors and service providers that help us operate the Site and Service, including hosting and infrastructure providers, observability and error monitoring vendors, customer support tools, analytics providers (including GA and PostHog), payment processors, and fraud prevention vendors. These vendors are authorized to process personal information only as necessary to perform services on our behalf and are contractually obligated to protect it and use it only for the purposes for which we disclose it.
We disclose Inputs to Providers in order to provide the Service and receive Outputs back from those Providers. Providers' processing of Inputs and Outputs is governed by Provider terms and policies. We may also disclose information in connection with a corporate transaction (such as a merger, acquisition, reorganization, or sale of assets), and we may preserve or disclose information where we believe in good faith that doing so is reasonably necessary to comply with law, respond to lawful requests, protect safety, investigate fraud or abuse, and enforce our Terms. We may disclose information with your consent or at your direction.
6. Your Rights and Choices
Depending on your jurisdiction, you may have rights to request access to, correction of, deletion of, or portability of certain personal information, or to object to or restrict certain processing. You may opt out of marketing emails by using the unsubscribe link in the email or by contacting us. You can control cookies through your browser settings and, where applicable, through any cookie consent tools we provide. If the Service offers account-level settings related to logging or history (for example, prompt logging or chat history), you may be able to enable or disable such settings through your dashboard; disabling a feature may prevent new data from being stored going forward but may not automatically delete data previously stored unless you also request deletion where applicable.
7. Data Retention
We retain personal information for as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and protect our legitimate interests. Retention periods vary depending on the nature of the information, the purpose for which it was collected, operational and security considerations, and your configuration choices. For example, billing records may be retained for longer periods to satisfy accounting and compliance obligations, while telemetry and security logs may be retained for shorter periods consistent with operational needs. Where you enable optional logging features, retention may be longer to provide the feature and to support auditability and debugging.
8. Security
We implement reasonable administrative, technical, and physical safeguards designed to protect personal information. However, no security measure is perfect, and we cannot guarantee absolute security. You are responsible for maintaining the security of your Account credentials and API keys, and you should promptly notify us if you suspect unauthorized access.
9. International Data Transfers
We may process and store information in the United States and other jurisdictions where we or our service providers operate. By using the Service, you understand that your personal information may be transferred to and processed in jurisdictions that may have different data protection laws than your jurisdiction. Where required by law, we implement appropriate safeguards for cross-border transfers.
10. Children's Privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to us, please contact us and we will take appropriate steps to delete such information.
11. Subprocessors
We may use third-party service providers (sometimes referred to as "subprocessors") to process personal information on our behalf for the purposes described in this Policy. A list of subprocessors and additional details may be made available upon request.
12. US State Privacy Notice
This section supplements the Policy and applies to residents of certain U.S. states with comprehensive privacy laws (such as California, Colorado, Connecticut, Utah, Virginia, and others) to the extent those laws apply to our processing of personal information. For purposes of these laws, TwoThumbs may act as a "business" or "controller" with respect to personal information we process for our own purposes, such as operating the Site, securing the Service, and administering Accounts, and may act as a "service provider" or "processor" when processing personal information on behalf of a business customer, depending on the context and contractual arrangements.
Categories of personal information we collect may include identifiers and contact information; commercial information (such as purchase and transaction records); internet or other electronic network activity information (such as logs and usage data); approximate location derived from IP; and, depending on how you use the Service, content you submit in Inputs that may contain personal information. We use these categories for the purposes described above, including to operate the Service, process payments, provide support, secure the platform, prevent fraud, analyze performance, and comply with legal obligations.
Subject to applicable law and verification, you may have rights to access, correct, delete, or obtain a copy of personal information, and to opt out of certain processing such as targeted advertising or certain profiling activities, where applicable. We do not sell personal information in exchange for money. You may exercise your rights by contacting us as described in Section 14, and we will respond consistent with applicable law. You will not be discriminated against for exercising privacy rights, but certain features may require personal information to function.
13. EEA/UK Notice; Lawful Bases; DPA Contact
This section applies to individuals in the European Economic Area ("EEA"), the United Kingdom ("UK"), and Switzerland where the General Data Protection Regulation ("GDPR") or similar laws apply. For purposes of this section, Meta Protocol Inc. is the "controller" of personal information processed in connection with the relationship with you (for example, account administration, billing, security, and analytics). We may act as a "processor" to business customers to the extent we process personal information on their behalf through the Service, depending on the nature of the customer relationship and any applicable data processing agreement.
We process personal information under the following lawful bases: (a) performance of a contract, including providing the Service, administering Accounts, and processing transactions; (b) our legitimate interests, such as securing the Service, preventing fraud and abuse, maintaining reliability, improving performance, and understanding usage trends, provided those interests are not overridden by your rights; (c) compliance with legal obligations, such as recordkeeping and responding to lawful requests; and (d) consent, where required by law, such as for certain cookies or marketing communications. Where we rely on consent, you may withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
Subject to applicable law, you may have rights to access, rectify, erase, restrict, or object to processing, and to data portability. You also have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or where an alleged infringement occurred. If you object to processing based on legitimate interests, we will evaluate the objection consistent with GDPR requirements.
Where we transfer personal information outside the EEA/UK/Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses ("SCCs") and (where applicable) the UK International Data Transfer Addendum, or other lawful transfer mechanisms.
For GDPR-related inquiries, you may contact us at privacy@TwoThumbs.ai with "GDPR" or "UK GDPR" in the subject line. If you are a business customer seeking a data processing agreement ("DPA"), please contact legal@TwoThumbs.ai.
14. Contact Us
If you have questions or requests regarding this Policy, please contact us at:
Email: privacy@twothumbs.ai (preferred) or legal@twothumbs.ai
Mail: Meta Protocol Inc., 251 Little Falls Drive, Wilmington, DE 19808