Effective date: May 20, 2026

Version 1.0 — May 20, 2026

This Privacy Policy explains how TWP Technologies, LLC processes personal data in connection with Sentient Forms.

TWP Technologies, LLC
1603 Capitol Ave, Ste 415 #379013
Cheyenne, WY 82001
United States

Privacy: [email protected]
Support: [email protected]
Billing: [email protected]
Legal: [email protected]
Security: [email protected]

In this Privacy Policy, “TWP,” “Sentient Forms,” “we,” “us,” and “our” mean TWP Technologies, LLC. “Customer” means the WordPress site owner, organization, agency, webmaster, or administrator using Sentient Forms. “End user” means a person who interacts with a Customer’s WordPress site, including by submitting a form.

1. Scope

This Privacy Policy applies to Sentient Forms websites, accounts, managed service, billing and account systems, support communications, metadata-only telemetry, Plugin communications with Sentient Forms managed services, Sentient Forms Managed Service, website analytics, service emails, and related operations.

Customer WordPress sites are controlled by their own site owners. A Customer’s WordPress site may have its own privacy policy, cookie notice, form notices, consent flows, retention settings, and third-party integrations. End users should contact the site owner for requests about form submissions and other Customer-controlled WordPress data.

2. Our role depends on the feature

Sentient Forms has several data paths. Our privacy role depends on which feature is used.

For Customer-controlled WordPress data, the Customer controls the WordPress site, forms, WordPress database, local plugin records, backups, administrator accounts, retention settings, export and deletion settings, and privacy notices. TWP generally does not receive this local WordPress data unless the Customer sends it to TWP through Sentient Forms Managed Service, support, metadata-only telemetry, or another configured path.

For Direct OpenRouter Execution, selected request content is sent from the Customer’s WordPress site to OpenRouter using the Customer’s OpenRouter credentials and configuration. Direct OpenRouter Execution sends request content from the Customer WordPress site to OpenRouter, not to the Sentient Forms CPS. TWP does not receive Direct OpenRouter BYOK or free-model execution payloads unless the Customer separately sends information to TWP through Sentient Forms Managed Service, support, metadata-only telemetry, or another configured path.

For Sentient Forms Managed Service, selected form fields, rendered prompts or action instructions, and operational metadata may transit the CPS as needed for managed execution, metering, billing, support, abuse prevention, and service administration. TWP may act as a processor, service provider, or contractor for Customer-selected managed execution content where required by applicable law and an applicable DPA or service-provider addendum.

For metadata-only telemetry, TWP processes operational metadata after administrator opt-in and after the site has a connected Sentient Forms site identity. TWP generally acts as a controller/business for telemetry used to operate, secure, and improve service reliability, unless a signed agreement states otherwise.

For account, billing, website, analytics, support, security, abuse-prevention, legal, and business operations data, TWP generally acts as a controller/business.

For Stripe, OpenRouter, downstream AI providers, Google Cloud Platform / Google Compute Engine, Google Workspace, Google Analytics, webhook receivers, and other third parties, each party’s role depends on its own terms, privacy notice, and the specific integration.

3. Personal data we may process

Depending on how you use Sentient Forms, we may process the following categories of personal data.

Account and contact data, such as name, email address, organization, administrator account details, support contact details, and communication preferences.

Billing and payment metadata, such as Stripe customer ID, subscription status, plan, billing portal sessions, checkout session records, invoices, payment status, tax-related metadata if later configured, chargeback or dispute records, payment blocks, and related billing events. TWP does not need to store full card numbers, CVV codes, or complete payment-card details.

Site, license, and account identifiers, such as site URL, site ID, license ID, license status, plan, connected site identity, plugin version, runtime version, and provider path.

Sentient Forms Managed Service content, such as selected form fields, rendered prompt or action instructions, model identifier, request metadata, and related outputs or results, when the Customer uses Sentient Forms Managed Service or provides content for support diagnostics.

Direct OpenRouter content, which is sent from the Customer’s WordPress site to OpenRouter and not to the Sentient Forms CPS unless separately sent to TWP through another feature.

Metadata-only telemetry, if the Customer opts in after connecting a Sentient Forms site identity. Telemetry may include plugin/runtime versions, provider path, action code, opaque execution request ID, adapter, job status, attempts, timing, and sanitized error or warning codes. It excludes form field contents, prompts, model outputs/results, raw error messages, visitor identifiers, provider request IDs, saved provider secrets, billing secrets, and OpenRouter BYOK payloads.

Support communications and diagnostics, such as emails, tickets, screenshots, logs, request IDs, configuration details, temporary access details, and other information you provide to us for support. Customers should not send sensitive or regulated personal data in support requests unless we provide an approved secure process.

Site Context data, such as site URL, public-site research prompt, selected model identifier, request metadata, and public-page context retrieved or searched by web-capable models. Public pages may still contain personal data or confidential information, so Customers should review Site Context settings carefully.

Webhook data, such as form entry identifiers, local action context, action result, and configured webhook metadata, when a Customer configures a webhook destination.

Website analytics data, such as IP address, device and browser information, pages viewed, referral information, cookie identifiers, and interaction data collected through GA4 or similar tools on the public SentientForms.com/TWP website, subject to consent and configuration.

Service email and communications data, such as support messages, required service notices, billing notices, legal notices, and opt-in marketing email preferences.

Security and abuse-prevention data, such as logs, IP address or IP hash, request metadata, authentication metadata, abuse indicators, payment-block records, and incident records.

4. How we use personal data

We use personal data to:

  1. provide, operate, configure, and secure Sentient Forms;
  2. create and administer accounts, site identities, licenses, managed service access, billing, subscriptions, metering, and plan limits;
  3. process Sentient Forms Managed Service requests and return outputs or results;
  4. provide AI Site Context features when enabled;
  5. provide support, troubleshooting, diagnostics, incident response, and customer communications;
  6. operate metadata-only telemetry after administrator opt-in;
  7. prevent fraud, abuse, unauthorized access, chargebacks, security incidents, provider-policy violations, and unlawful use;
  8. maintain billing records, tax records if applicable, audit logs, event receipts, and legal records;
  9. enforce terms, provider rules, and acceptable-use requirements;
  10. comply with law, legal process, and regulatory obligations;
  11. improve reliability, security, and product operations, using data in ways consistent with this Privacy Policy and Customer settings;
  12. send required service, account, billing, legal, and support communications; and
  13. send opt-in marketing email where permitted, with unsubscribe handling.

5. Metadata-only telemetry

Metadata-only telemetry is separate from public website analytics such as GA4. Plugin telemetry is off unless an administrator opts in after connecting a Sentient Forms site identity. Telemetry cron or collection should occur only after consent and after a connected Sentient Forms site identity exists.

If enabled, metadata-only telemetry may include non-content reliability and operations metadata such as plugin/runtime versions, provider path, action code, opaque execution request ID, adapter, job status, attempts, timing, and sanitized error or warning codes.

Metadata-only telemetry excludes form contents, prompts, model outputs/results, raw error messages, visitor identifiers, provider request IDs, saved provider secrets, billing secrets, and OpenRouter BYOK payloads.

Telemetry is not described as anonymous diagnostics because it may include site, license, or operational identifiers. Administrators may disable telemetry through available plugin settings. Disabling telemetry does not affect Customer obligations for other provider paths or managed billing records.

The Plugin does not include GA4, website analytics, ad pixels, session replay, or similar marketing analytics.

6. Direct OpenRouter Execution

When a Customer uses Direct OpenRouter Execution, selected form fields, rendered prompt or action instructions, model identifier, and request metadata are sent from the Customer’s WordPress site to OpenRouter using the Customer’s OpenRouter credentials and configuration.

Direct OpenRouter Execution sends request content from the Customer WordPress site to OpenRouter, not to the Sentient Forms CPS. TWP does not receive Direct OpenRouter BYOK or free-model execution payloads unless the Customer separately sends information to TWP through Sentient Forms Managed Service, support, metadata-only telemetry, or another configured path.

OpenRouter may route requests to downstream model providers. Provider logging, retention, training, regional handling, and zero-data-retention availability may vary by provider, model, endpoint, account settings, and request configuration. Customers should review OpenRouter and provider terms before sending personal data.

7. Sentient Forms Managed Service

When a Customer uses Sentient Forms Managed Service, selected form fields, rendered prompts or action instructions, and operational metadata may transit the Sentient Forms CPS as needed for managed execution, metering, billing, support, abuse prevention, and service administration.

Sentient Forms Managed Service uses the Sentient Forms managed service/CPS as a relay-plus-service-control-plane. The CPS handles managed execution relay, authentication, billing, metering, long-running execution, telemetry ingestion, operational safety, support, abuse prevention, and account administration. It is not the Customer’s regulated decision system.

Managed execution content should not be persisted by default beyond what is needed to complete the request unless the Customer clearly enables or requests persistence, or unless retention is needed for security, support, billing, abuse prevention, dispute resolution, or legal compliance.

8. Website analytics, cookies, and marketing

The Sentient Forms WordPress plugin does not include GA4, website analytics, ad pixels, session replay, or similar marketing analytics.

The public SentientForms.com/TWP website may use Google Analytics 4 in a consent-ready configuration. GA4 website analytics is separate from Plugin metadata-only telemetry.

At launch, we do not treat Google Ads audience features, remarketing, session replay, support chat tracking, or similar high-observation or advertising features as active unless later enabled. If we later enable remarketing, advertising pixels, session replay, support chat tracking, CRM tracking, or similar tools, we will update this Privacy Policy and provide any required cookie notice, consent mechanism, opt-out, or “Do Not Sell or Share” mechanism.

We do not sell personal data for money, do not act as a data broker, and do not build our business around collecting Customer or end-user data for sale or brokerage.

Because analytics and advertising laws treat some data-sharing or targeted-advertising tools broadly, we will provide any legally required opt-out, Global Privacy Control handling, or “Do Not Sell or Share My Personal Information” link if our website implementation triggers those obligations.

9. Communications

We use email-first communications. We may send required service emails, support emails, account notices, billing notices, legal notices, security notices, and operational messages.

If we send marketing emails, they will be opt-in where required and will include unsubscribe handling. We do not launch with SMS or phone marketing unless later added with appropriate disclosures and consent.

Google Workspace may be used for support email and operational communications.

10. Sharing personal data

We may share personal data with:

Stripe, for billing, checkout, subscriptions, invoices, payment events, disputes, fraud controls, and payment processing.

Google Cloud Platform / Google Compute Engine, for managed service hosting and infrastructure.

OpenRouter, for model routing where Direct OpenRouter Execution, Sentient Forms Managed Service, Site Context, or another configured AI provider path uses OpenRouter.

Downstream AI providers through OpenRouter, depending on model, route, endpoint, provider availability, and Customer configuration.

Google Workspace, for support email and service communications if email support is offered.

Google Analytics 4, for public website analytics if enabled and consented/configured as required.

Customer-selected webhook receivers.

Professional advisers, auditors, insurers, and legal representatives.

Authorities, regulators, courts, law enforcement, and third parties where required by law or necessary to protect rights, safety, security, and the integrity of the Services.

Parties involved in a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar business transaction.

If additional production vendors are added, such as monitoring, logging, customer-support, CRM, consent-management, email marketing, or security vendors, we will update our disclosures as required.

11. Subprocessors and service providers

Confirmed managed-service subprocessors or service providers currently include:

  1. Google Cloud Platform / Google Compute Engine, for hosting and infrastructure.
  2. Stripe, for billing and payment processing.
  3. OpenRouter, for model routing where used.
  4. Google Workspace, for support email and operational communications if email support is offered.
  5. Google Analytics 4, for public website analytics if enabled and consented/configured as required.

This list does not include third parties selected by Customers for their own WordPress sites, Direct OpenRouter Execution, webhook receivers, hosting, plugins, OpenRouter BYOK configurations, or downstream tools.

If we add material subprocessors for managed service operations, we will update our disclosures as required by applicable law or any applicable DPA.

12. International transfers and EU/UK posture

Sentient Forms is operated from the United States and is U.S.-focused at launch. We do not specifically target EU/UK markets at launch, but we do not necessarily geoblock EU/UK use.

Personal data may be processed in the United States and other countries where TWP, service providers, subprocessors, or providers operate.

Customers needing EU/UK DPA terms, Standard Contractual Clauses, UK Addendum, transfer-impact review, EU representative analysis, UK representative analysis, DPO analysis, or other EU/UK legal review should request that review before relying on Sentient Forms Managed Service for that data.

13. Retention

We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law, contract, security, dispute, tax, accounting, or regulatory obligations.

Managed execution content should not be persisted by default beyond what is needed to complete the request unless the Customer clearly enables or requests persistence, or unless retention is needed for security, support, billing, abuse prevention, dispute resolution, or legal compliance.

Metadata-only telemetry, support records, and security records are retained only while useful for disclosed operational purposes or legally required, subject to minimization and periodic deletion or anonymization.

Billing, tax if applicable, accounting, dispute, chargeback, and legal records may be retained as required by law, accounting practices, payment-processing obligations, dispute resolution, and legal defense.

Customer local WordPress data is controlled by the Customer’s WordPress site, plugin settings, local database, backups, retention settings, and uninstall choices. TWP does not control that local retention unless the Customer sends data to TWP through a managed or support path.

Backups may retain data for a limited period until backup rotation or deletion occurs.

14. Privacy rights and request routing

Depending on your location and applicable law, you may have rights to access, know, correct, delete, port, restrict, object to processing, withdraw consent, appeal a privacy decision, opt out of sale or sharing, opt out of targeted advertising, and limit certain uses of sensitive personal information.

To exercise rights for data TWP controls, such as Sentient Forms account, billing, support, website, telemetry, or managed service records, contact [email protected].

If you are an end user of a Customer’s WordPress site, the Customer is usually the party that controls your form submission, local WordPress records, local execution logs, webhook choices, and Direct OpenRouter configuration. Please contact the Customer or site owner directly for requests about those records. We may direct your request to the Customer or ask you to contact the Customer directly unless the request concerns data TWP controls.

For Direct OpenRouter Execution content, requests may need to be directed to the Customer and/or OpenRouter, depending on the Customer’s OpenRouter configuration and applicable law. For Stripe billing data, Stripe may also process data under its own privacy notice.

We will not discriminate against you for exercising privacy rights where prohibited by law.

15. U.S. state privacy disclosures

We do not sell personal data for money, do not act as a data broker, and do not build our business around collecting Customer or end-user data for sale or brokerage.

If the CCPA/CPRA or similar U.S. state privacy laws apply to TWP, this Privacy Policy describes the categories of personal information we collect, sources, purposes, categories of recipients, retention criteria, and rights.

If our website analytics, advertising, or marketing implementation later triggers sale, sharing, targeted advertising, opt-out preference signal, or “Do Not Sell or Share” obligations, we will provide required notices and opt-out mechanisms.

16. Security incidents and breach notice

If we become aware of a security incident involving personal data that TWP processes through Sentient Forms Managed Service and that requires notice under applicable law or an applicable DPA, we will notify affected Customers without undue delay or within the period required by the applicable agreement.

Customers are responsible for assessing and providing any notices required for incidents involving their WordPress sites, local WordPress databases, forms, local plugin records, backups, administrator accounts, OpenRouter accounts, Direct OpenRouter Execution, webhook destinations, customer-selected providers, or other Customer-controlled systems.

Nothing in this Privacy Policy limits any breach-notice rights or obligations in a signed DPA, service-provider addendum, or other written agreement.

17. Regulated data and no-HIPAA/no-BAA default

No HIPAA support is offered by default. TWP does not provide a Business Associate Agreement unless a separate written BAA is signed by TWP.

Unless TWP expressly agrees in a separate written addendum, Customers must not use Sentient Forms to process protected health information, payment-card data, nonpublic financial information, children’s personal data, education records, biometric identifiers, precise geolocation, government identifiers, consumer reports, employment screening data, tenant screening data, credit eligibility data, insurance eligibility data, or other highly sensitive or regulated personal data.

Customers are responsible for configuring their forms, prompts, provider paths, Site Context, outputs, webhooks, retention settings, and privacy notices to avoid prohibited regulated data. Accidental receipt of prohibited regulated data does not mean TWP accepts regulated-data obligations that require a signed addendum or special compliance program.

Nothing in this Privacy Policy limits non-waivable privacy, data protection, consumer, tax, or statutory obligations that cannot legally be waived or shifted to Customers.

18. Children

Sentient Forms is not directed to children. TWP does not knowingly collect children’s personal data through Sentient Forms managed services.

Customers must not use Sentient Forms to process children’s personal data unless TWP has expressly agreed in a separate written addendum and the Customer has implemented all required legal, technical, and contractual controls.

19. Automated decision-making and AI outputs

TWP does not use Sentient Forms Managed Service outputs to make legal or similarly significant decisions about end users.

Customers may configure forms, prompts, Custom Actions, outputs, and webhooks in many ways. Customers are responsible for determining whether their configurations involve automated decision-making, profiling, or decisions with legal or similarly significant effects and for providing required notices, consents, lawful bases, human review, and safeguards.

AI outputs require human review before consequential reliance. AI outputs may be inaccurate, incomplete, biased, unsafe, or unsuitable for consequential decisions.

20. Security

We use reasonable administrative, technical, and organizational measures designed to protect managed systems and personal data we process. These measures may include access controls, authentication, encryption where appropriate, logging, monitoring, incident response, and vendor review.

Customers are responsible for securing their WordPress sites, administrator accounts, databases, backups, plugin settings, OpenRouter keys, provider credentials, webhook destinations, and local logs.

No method of transmission or storage is completely secure. We cannot guarantee absolute security.

21. Third-party links and services

The Services may link to or integrate with third-party services. Third-party services are governed by their own terms and privacy notices. We are not responsible for third-party privacy, security, availability, data retention, training, or regional processing practices.

Customers should review third-party terms before configuring OpenRouter, downstream models, Stripe, webhooks, analytics, support tools, or other integrations.

22. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version will show a new version date. If changes are material, we will provide notice as required by law or as reasonably appropriate. Your continued use of the Services after the updated policy takes effect means the updated policy applies to your use of the Services.

Scroll to Top