// privacy

privacy policy

last updated 2026-05-10

// the headline commitment

Your tweet IDs and statistical features persist until you delete your account. The text of your tweets is retained only when our model has flagged it as potentially harmful to your account, so you can review and act on it. All other tweet text is discarded on ingestion and never stored. Tweets from other people that appear in your archive (parents of your replies, tweets you quoted) are stored as IDs and content hashes only.

// what we collect

When you sign in with X, the Service receives:

Your X user ID, handle, display name, profile picture URL, and profile description.
An OAuth 2.0 access token and refresh token, both encrypted at rest with AES-256-GCM using keys held outside the database.
A 30-day session cookie bound to your browser’s user-agent fingerprint.

If you upload your X archive, the Service additionally receives:

Your tweet history (with conditional text retention — see the headline commitment above).
Engagement metrics (likes, retweets, replies, impressions where available).
Your follower and following lists at the time of export.
Your block and mute lists, if you opt in (default off).
Your like history, if you opt in (default off).
Your account enforcement history (warnings, suspensions, removals as recorded by X).

We do not read your direct messages. Archive files containing DMs (direct-messages.js, direct-message-headers.js) are skipped at parse time and deleted from the staging area immediately.

Email addresses and IP addresses present in your archive’s metadata are stripped during extraction. We have no need for either.

// how we use it

To train statistical models that predict how the X algorithm will treat your content.
To generate the per-user baselines, lexicon, and audience-segmentation outputs that power the product surfaces.
To present analytics and recommendations to you through the application.
To detect algorithm drift (when X changes how it ranks content) and update our model accordingly.

With your separate, default-off consent to aggregate model training, your data may also be pooled with other contributors’ data to improve global models. All such aggregate analyses use a minimum cohort size of 5 contributors before any per-feature contributor counts are reported.

// how we store it

OAuth tokens are encrypted at rest with AES-256-GCM. The encryption key is held outside the database. A database breach alone does not yield usable tokens.
Tweet feature vectors (sparse vocabulary IDs, embedding cluster assignments, structural metadata) are retained permanently regardless of source text. These are what makes the model improve over time and are not back-convertible to original text.
Tweet text excerpts are retained only when flagged at ingest time as potentially harmful (composite negativity score above a configurable threshold). This is what makes the Archive Checkup work — you need to see what you posted to decide whether to delete it.
Session cookies are HttpOnly, Secure, SameSite=Lax, and pinned to your browser’s user-agent fingerprint. A UA change automatically revokes the session.

// who we share it with

No one. We do not sell, license, transfer, or share your data with third parties. We do not run advertising. We do not have analytics integrations that ship your data to external services.

The Service hosts its database and application code on Namecheap shared hosting infrastructure. The operator is the only individual with access to the production database.

// how long we keep it

While your account is active: indefinitely, in the forms described above.
After you delete your account: hard-deleted within seven days. Aggregate model contributions cannot be retroactively un-trained but are not individually attributable.
Operational logs (request logs, rate-limit buckets) follow a 90-day retention policy and are purged automatically.
The audit log of administrative actions is retained indefinitely as a security forensics record. The audit log does not contain personally identifiable content; it records actions, timestamps, and IPs.

// your rights

Revoke OAuth access at any time through X’s app settings. This immediately stops the Service from making any further API calls on your behalf.
Sign out through the Service to terminate your browser session immediately.
Request full data deletion by emailing the operator. We commit to a 7-day SLA for raw data and text excerpts, and a longer SLA for derived data (next model retraining cycle).
Adjust consent scopes in your account settings to opt in or out of aggregate model training, block/mute analysis, like analysis, and Live Checkup polling.

// third-party data in your archive

Your archive contains data about people you’ve interacted with: the authors of tweets you replied to, the targets of your mentions, the accounts you blocked or muted. The Service handles this third-party data carefully:

Parent tweets and quoted tweets are stored as IDs and content hashes only. We do not retain the third party’s tweet text.
Block and mute lists, when opted in, are used only in aggregate computations (e.g. “this account is widely blocked across our contributor pool”) with minimum cohort thresholds. We do not surface specific contributor-blocked-target relationships to anyone other than the contributor themselves.
If the third party is also a Service contributor, their normal data retention applies to their own tweets.

// changes

Material changes to this policy will be communicated to active users through an in-product notice. Continued use after a change constitutes acceptance.

// contact

[email protected]

For data deletion requests, please email the operator with the subject line data deletion request.

← back home