Secure by Design.
Zero Trust Architecture.
TwinPane is built from the ground up to operate securely in restrictive enterprise environments. We prioritize data privacy, encryption, and compliance.
Core Security Principles
Our security model ensures that your data never leaves your controlled environment unencrypted, and we never have access to your files.
End-to-End Encryption
All data transfer between the TwinPane Client (Local PC) and Server (Remote Session) occurs over a securely encrypted channel. We use industry-standard TLS 1.3 encryption for all data in transit.
No Data Persistence
TwinPane does not store, cache, or inspect your files on our servers. The backend facilitates the secure connection and transfer of data between endpoints, but the transfer is transient and encrypted. Our servers only retain license validation records and anonymous telemetry.
Code Signing
All TwinPane executables and installers are digitally signed with an OV Code Signing Certificate, ensuring the integrity and authenticity of the software you run.
Infrastructure Security
Our backend infrastructure is hosted on secure, compliant cloud providers with strict access controls. Administrative access requires strong MFA and is limited to essential personnel.
User-Context Execution
The TwinPane agent runs in the user's context, not as a system service. This ensures it respects all existing Windows file permissions and ACLs. The application operates solely with the permissions granted to the logged-in user.
Virtual Channel Isolation
Communication leverages the existing secure RDP/ICA virtual channels established by your remote desktop software. No additional open ports or firewall changes are required.
Backend & Data Privacy
License Validation
The only communication with our public servers happens during license activation and periodic checks. We transmit a hashed hardware ID and your license key over HTTPS. No file metadata, filenames, or user content is ever sent to our servers.
Payment Security
We use Paddle as our Merchant of Record. Paddle is fully PCI-DSS compliant. TwinPane does not collect, store, or process any credit card or banking information directly.
GDPR Compliance
We are a European company and fully committed to GDPR compliance. You have the right to request data export or deletion of your account information at any time. Our data processing agreement (DPA) is available upon request for enterprise customers.