TwoPoints TwoPoints

TwoPoints Privacy Policy

Version: December 21, 2025

1. Scope and Application

This Privacy Policy describes how Standard Foundry Inc. ("Standard Foundry," "Company," "we," or "us") collects, uses, and protects information in connection with the TwoPoints software platform, including the web application, application programming interfaces, and related services (collectively, the "Services"). The Services are intended for authorized users of Customers (as defined herein) and are not offered directly to consumers for personal use.

2. Roles and Responsibilities

When the Services are provided to an organization ("Customer"):

  • the Customer acts as the Data Controller; and
  • Standard Foundry acts as a Data Processor / Service Provider (as such terms are defined in an enterprise agreement with the Customer) ("Enterprise Agreement").

We process personal data solely on documented instructions from Customers, as further described in applicable Enterprise Agreement and any Data Processing Addendum ("DPA"). In the event of a conflict, the Enterprise Agreement and DPA control.

3. Information We Process

We process information necessary to provide, secure, and support the Services, including:

  • individual, account, and registration information (including, if applicable, name, email address, organizational role and permissions, and authentication credentials);
  • customer data ("Customer Data") (including information submitted, uploaded, or generated through the Services by or on behalf of Customers, including documents, prompts, inputs, configurations, and outputs); and
  • usage and technical data (including log files, IP address, device and browser information, and security and performance metrics).

4. How We Use Information

We use information solely to:

  • provide, operate, and support the Services;
  • maintain security, integrity, and availability;
  • improve functionality using aggregated and anonymized data; and
  • comply with legal obligations.

We do not sell personal information.

5. Artificial Intelligence and Automated Processing

Certain features of the Services may leverage artificial intelligence or machine-learning technologies, including third-party artificial intelligence ("AI") providers. Customer Data is processed only within business-compliant or enterprise environments. Customer Data is not used to train foundational AI models. Outputs from the Services may be probabilistic, incomplete, or inaccurate. Users are responsible for human review and validation of outputs before use.

6. Cookies and Similar Technologies

We use limited cookies and similar technologies necessary for:

  • authentication and session management;
  • security and fraud prevention; and
  • performance monitoring.

We do not use cookies for behavioral advertising or cross-site tracking within the Services.

7. Information Sharing and Subprocessors

We may share information with trusted subprocessors that assist us in providing the Services, such as:

  • cloud hosting providers;
  • security and monitoring vendors; and
  • third-party AI service providers.

Such subprocessors are contractually bound to protect information and process it only as necessary to provide the Services, consistent with the DPA.

8. Data Retention

We retain Customer Data for the duration of the Customer's subscription and as necessary to comply with legal obligations, resolve disputes, and enforce agreements. Upon termination or expiration of the applicable Enterprise Agreement, Customer Data is returned or deleted in accordance with the Enterprise Agreement and DPA.

9. Individual Rights

Where applicable under law, individuals may have rights to access, correct, or delete personal data. Because we process personal data on behalf of Customers, requests should generally be directed to the Customer acting as Data Controller. We will assist Customers in responding to such requests as required by law. Individual rights requests from students, research participants, or other submitters are handled by the Customer as Data Controller.

10. Security

We implement commercially reasonable administrative, technical, and organizational safeguards designed to protect information, including:

  • encryption in transit and at rest;
  • access controls and least privilege principles;
  • monitoring and logging; and
  • regular security testing.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. International Data Transfers

Customer Data may be processed in the United States or other jurisdictions where we or our subprocessors operate, subject to appropriate contractual safeguards, including the applicable Enterprise Agreement, where required.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Services or other reasonable means. Continued use of the Services after the effective date constitutes acceptance of the updated Privacy Policy.

13. Regulatory Compliance

Standard Foundry processes personal data in accordance with applicable data protection and privacy laws, including, where applicable, the EU General Data Protection Regulation (GDPR), the United Kingdom GDPR, the California Consumer Privacy Act (CCPA/CPRA), and similar laws. Where required, processing of personal data is governed by the applicable Enterprise Agreement and DPA, which set forth the parties' respective obligations, safeguards, and mechanisms for exercising individual rights.

14. Contact Us

For questions, please contact:

Standard Foundry Inc.
3604 Collins Ferry Road, Suite 100
Morgantown, WV 26505
legal@standardfoundry.com