Privacy Policy

Last updated: June 26, 2026 (Version 2.1 - AI & Twitter/X Data Clarity Update)

At TweetReplier, we take your privacy seriously. This policy explains what data we collect, how we use it, and your rights.

What We Collect

Information You Provide

• Account Information: Email address, name (if provided via Google OAuth)
• User Profile: Writing style preferences, topics of interest, tone settings
• Subscription Data: Selected plan tier, billing interval (monthly/yearly), payment method (handled by Polar)

Automatically Collected Information

• Usage Data: Number of replies generated, tones used, creator styles selected, feature usage patterns
• Device Information: Device fingerprint for session management (max 3 concurrent sessions per account)
• IP Address: For security, fraud prevention, and rate limiting
• Generated Content: AI-generated replies you create (authenticated users only, used for quality analysis - see AI Data Usage section below)
• Browser Data: Extension version, Chrome version, operating system (for compatibility and bug fixes)

Twitter/X-Related Data

• OAuth Tokens: Twitter/X OAuth 2.0 access tokens (stored securely, never logged or exposed)
• Basic Profile: Your Twitter/X username and profile picture (for account linking display only)
• Tweet Context: Text of tweets you choose to reply to (processed temporarily for reply generation, NOT permanently stored)
• Source Content: Web pages, notes, or text you paste for tweet generation (processed in-memory, NOT stored on our servers)

What We DO NOT Collect from Twitter/X:

• Your Twitter/X password (we use OAuth 2.0 authentication only)
• Your Twitter/X Direct Messages
• Your Twitter/X followers or following lists (unless you explicitly request analysis features)
• Tweets from your timeline (except those you actively interact with using our extension)
• Your Twitter/X analytics or engagement data

How We Use Your Data

We use collected information to:

• Provide Service: Generate AI replies, tweets, rewrites, and analysis based on your input and preferences
• Personalization: Customize reply generation using your writing style, tone preferences, and favorite creator styles
• Quality Analysis: Analyze generated content to reduce AI-detectable patterns and improve response quality
• Usage Enforcement: Track generation counts, prevent abuse, and enforce subscription tier limits
• Security: Detect fraudulent activity, prevent credential sharing, and manage concurrent sessions
• Billing: Process payments, manage subscriptions, and send payment receipts via Polar
• Communications: Send service updates, security alerts, and billing notifications (NO marketing emails without explicit consent)
• Legal Compliance: Respond to legal requests, enforce Terms of Service, and protect our rights

AI Data Usage & Training

Critical Clarification - Your Data is NOT Used to Train AI Models:

TweetReplier uses established third-party AI models via API. We do NOT train our own language models, and your generated content is NOT used to train OpenAI, Anthropic, Google, or any other AI provider's models.

What We DO with Generated Content:

• Quality Analysis: Generated replies are logged temporarily (up to 90 days) to analyze AI-detectability scores and identify repetitive patterns
• Prompt Engineering: We use aggregate data (not individual content) to improve our prompt engineering and tone system
• Pattern Detection: Analyze common AI-tell phrases, sycophantic language, and essay-mode writing to enhance our content filters
• Statistical Analysis: Track which tones, creator styles, and features produce the best user satisfaction (anonymized after 90 days)

What We DO NOT Do:

• Share your generated content with AI model providers (OpenAI, Anthropic, Google, etc.)
• Use your content to fine-tune or train any AI models
• Sell or license your content to third parties
• Publicly display your generated tweets without explicit permission
• Store original tweets you reply to (we only temporarily process them for context)

Opt-Out Option:

You may opt out of quality analysis by emailing privacy@tweetreplier.com with subject "Opt-Out Quality Analysis". Note that opting out may reduce personalization quality and prevent us from improving the service for your use case.

Data Storage & Security

Local Storage: Your preferences, tone settings, and user profile are stored locally in your browser using Chrome's sync storage for quick access.

Server Storage: Account data, subscription information, usage statistics, and generated replies (for authenticated users) are stored securely on our servers hosted by Railway.

Security Measures: We use industry-standard encryption, secure authentication (JWT), and regular security audits.

Third-Party Services & Data Sharing

AI Model Providers:

• OpenRouter: Routes TweetReplier backend requests to AI model providers. They process your prompts to generate replies but do NOT receive your payment details or account billing data.
• Data Sent: Your user prompt (tweet context + your preferences) is sent to generate a reply. Original tweet text is included for context but not stored by the AI provider.
• Data NOT Sent: Your account information, email, payment details, or usage statistics are NOT shared with AI providers.

Authentication & Payment:

• Google OAuth: For account sign-in if you choose Google instead of email login. We receive only basic profile info (name, email, profile picture). Google's Privacy Policy applies.
• Twitter/X OAuth 2.0: For account linking. We never see your password. Twitter/X Privacy Policy applies.
• Polar.sh: Payment processing for subscriptions. They handle all credit card data (we never see full card numbers). Polar Privacy Policy applies.

Infrastructure & Hosting:

• Railway: Backend API hosting. Your account data and generated content logs are stored on Railway's secure infrastructure.
• Neon: PostgreSQL database hosting for user accounts, sessions, and usage tracking.
• Cloudflare: Website hosting and CDN for tweetreplier.com

Data Minimization Principle:

We share only the minimum data necessary for each service to function. For example, AI providers only receive the prompt needed to generate a reply, not your email or payment information.

Data Retention

• Account Data: Retained while your account is active
• Generated Replies: Stored for quality analysis, anonymized after 90 days
• Usage Stats: Retained for billing and service improvement
• Deleted Accounts: All personal data deleted within 30 days of account deletion

Your Rights (GDPR, CCPA & Global Privacy Laws)

If you are in the European Union (GDPR):

• Right to Access: Request a copy of all personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format (JSON export)
• Right to Object: Object to our processing of your data for certain purposes
• Right to Withdraw Consent: Withdraw consent for data processing at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

If you are in California (CCPA/CPRA):

• Right to Know: Know what personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of your personal information (subject to certain exceptions)
• Right to Opt-Out: We do NOT sell personal information, so no opt-out is necessary
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights
• Right to Correct: Request correction of inaccurate personal information

For All Users Globally:

• Access Your Data: Email privacy@tweetreplier.com with subject "Data Access Request"
• Export Your Data: Receive JSON export of your account data, preferences, and usage stats (generated content excluded for privacy)
• Delete Your Account: Account settings → Delete Account, or email privacy@tweetreplier.com
• Opt-Out of Quality Analysis: Email privacy@tweetreplier.com with subject "Opt-Out Quality Analysis"
• Update Preferences: Manage data collection preferences in extension settings

Data Deletion Timeline:

• Account data deleted within 30 days of deletion request
• Generated content logs deleted immediately upon account deletion
• Anonymized usage statistics may be retained for business intelligence (cannot be tied back to you)
• Billing records retained for 7 years per financial regulations

How to Exercise Your Rights:

Email privacy@tweetreplier.com with:

• Your account email address
• Specific right you're exercising (access, deletion, correction, etc.)
• Government-issued ID verification (required for deletion/access requests to prevent fraud)

We will respond to all requests within 30 days (or 45 days if complex, with notification).

Children's Privacy

TweetReplier is not intended for users under 13 years old. We do not knowingly collect data from children.

Changes to This Policy

We may update this policy from time to time. We'll notify users of significant changes via email or extension notification.

Twitter/X Data Handling & Compliance

Important Clarification:

TweetReplier is a third-party tool and is NOT affiliated with, endorsed by, or operated by Twitter, Inc. or X Corp. We comply with Twitter/X Developer Agreement and API terms.

How We Handle Twitter/X Data:

• OAuth Tokens: Stored securely using industry-standard encryption. Never logged, exposed, or shared.
• Tweet Text: When you use our extension to reply to a tweet, we temporarily process the tweet text to generate context-aware replies. This text is NOT stored permanently on our servers.
• Profile Data: We only access your basic Twitter/X profile (username, profile picture) for account linking display.
• DM Access: We do NOT access your Twitter/X Direct Messages.
• No Timeline Scraping: We do NOT scrape your timeline or collect tweets you didn't actively interact with using our extension.

Twitter/X API Compliance:

• We respect all Twitter/X rate limits and API usage policies
• We do NOT use Twitter/X data for purposes outside what you explicitly request (reply generation, tweet composition)
• If Twitter/X updates their policies to restrict our use case, we will notify users and comply immediately

International Data Transfers

Your data may be processed in the United States where our servers (Railway, Neon) are located. If you are located in the EU, EEA, or UK, your data is protected by:

• Standard Contractual Clauses (SCCs) with our hosting providers
• Data encryption in transit and at rest
• Your rights under GDPR remain enforceable regardless of where data is processed

Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will:

• Notify affected users within 72 hours of discovery
• Provide details on what data was affected and steps we're taking
• Offer guidance on protecting your account (password reset, session revocation)
• Notify relevant data protection authorities as required by law

Contact Us

Privacy & Data Protection Inquiries:

• General Privacy Questions: privacy@tweetreplier.com
• Data Access/Deletion Requests: privacy@tweetreplier.com (include "Data Request" in subject)
• GDPR/CCPA Compliance: privacy@tweetreplier.com (include your region)
• Data Breach Reports: security@tweetreplier.com

Formal Notices:
Email legal@tweetreplier.com to request the current mailing address for legal or privacy notices.

← Back to Home