Privacy Policy

1. Information We Collect

We collect information that you provide to us, information we automatically collect when you use our Service, and information from third-party sources.

Account Information

• Email address: For account creation and communication
• Password: Encrypted and securely stored
• Name: For account personalization
• Account preferences: Settings and configuration choices

X/Twitter Data

When you connect your X/Twitter accounts via OAuth2, we collect:

• Profile information: Username, display name, profile picture, bio
• Access tokens: Encrypted OAuth2 tokens for API access
• Tweet content: Text and metadata from tweets we process
• Engagement metrics: Likes, retweets, replies, and view counts
• Account metadata: Follower counts, account creation date

Usage Data

• Activity logs: Actions performed through our Service
• API requests: Requests made to X/Twitter's API on your behalf
• Settings and preferences: Automation configuration and choices
• Error logs: Technical errors for troubleshooting and improvement
• Performance data: Service usage patterns and metrics

Payment Information

• Billing details: Processed securely by our payment processor
• Transaction history: Records of payments and subscriptions
• Note: We do not store full credit card numbers

2. How We Use Your Information

We use your information to provide, maintain, and improve our Service. Specifically:

Service Provision

• Connect and manage your X/Twitter accounts
• Execute automated engagement actions (likes, retweets, replies)
• Generate AI-powered content suggestions
• Monitor automation activity and performance
• Process payments and manage subscriptions

Communication

• Send service updates and notifications
• Respond to your support requests
• Provide important account information
• Send marketing communications (with your consent)

Improvement and Analytics

• Analyze usage patterns to improve the Service
• Debug and fix technical issues
• Develop new features and functionality
• Understand user needs and preferences

Safety and Compliance

• Ensure compliance with X/Twitter's policies
• Detect and prevent fraud and abuse
• Enforce our Terms of Service
• Comply with legal obligations

3. Data Storage and Security

We implement industry-standard security measures to protect your data:

Encryption

• In transit: All data is transmitted over HTTPS with TLS encryption
• At rest: Sensitive data (passwords, tokens) is encrypted in our database
• OAuth tokens: Stored with AES-256 encryption

Access Controls

• Limited employee access to production data
• Multi-factor authentication for administrative access
• Regular security audits and penetration testing
• Automated monitoring for suspicious activity

Infrastructure

• Data stored in secure, SOC 2 compliant data centers
• Regular backups with encryption
• Disaster recovery and business continuity plans

4. Data Sharing

We Do NOT:

We MAY Share Data With:

Service Providers

• X/Twitter: As required by their API Terms (we act on your behalf)
• OpenAI: Tweet text for AI content generation (no personal identifiers)
• MongoDB Atlas: For secure database hosting
• Payment processors: For billing and payments (Stripe, PayPal, etc.)

Legal Requirements

• When required by law, regulation, or legal process
• To protect our rights, property, or safety
• To enforce our Terms of Service
• In connection with business transfers (mergers, acquisitions)

5. Third-Party Services

Our Service integrates with third-party services. Each has its own privacy policy:

X/Twitter

• Subject to X's Privacy Policy
• We use their API to post and read tweets on your behalf
• You can revoke our access anytime from your X account settings

OpenAI

• Subject to OpenAI's Privacy Policy
• We send tweet text for content generation (no personal data)
• OpenAI may use data to improve their models

MongoDB Atlas

• Subject to MongoDB's Privacy Policy
• Hosts our database with enterprise-grade security

6. Your Rights

You have the following rights regarding your personal data:

Access and Portability

• Access: Request a copy of your data
• Export: Download your data in a portable format
• Review: See what information we have about you

Correction and Deletion

• Correct: Update inaccurate or incomplete data
• Delete: Request deletion of your account and data
• Disconnect: Remove connected X accounts anytime

Control and Limitation

• Opt-out: Unsubscribe from marketing emails
• Restrict: Limit processing of your data
• Object: Object to certain types of processing

To exercise these rights, contact us at privacy@xautomation.com. We will respond within 30 days.

7. Data Retention

We retain your data for as long as necessary to provide the Service and comply with legal obligations.

Active Accounts

• Data retained while your account is active
• You can delete data anytime through account settings

Deleted Accounts

• Personal data: Deleted within 30 days of account deletion
• Activity logs: Retained for 90 days for security purposes
• Financial records: Retained for 7 years for tax/legal compliance
• Aggregated data: Anonymized data may be retained indefinitely

8. Cookies and Tracking

We use cookies and similar technologies to provide and improve our Service.

Essential Cookies

• Session cookies: For authentication and security
• Preference cookies: To remember your settings
• Security cookies: To detect fraud and abuse

Analytics Cookies

• Google Analytics: To understand usage patterns (anonymized)
• Performance monitoring: To track service reliability

Your Choices

• You can disable cookies in your browser settings
• Essential cookies are required for the Service to function
• Disabling analytics cookies won't affect functionality

9. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately at privacy@xautomation.com.

10. International Data Transfers

Your data may be processed in countries where our service providers operate. We ensure appropriate safeguards are in place:

• Standard contractual clauses approved by the EU Commission
• Privacy Shield framework (where applicable)
• Adequacy decisions for data transfers
• Binding corporate rules with service providers

11. GDPR Compliance (EU Users)

If you are in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing

• Contract: Processing necessary to provide the Service
• Consent: For marketing and optional features
• Legitimate interests: For service improvement and security
• Legal obligation: For compliance with laws

Additional GDPR Rights

• Right to be forgotten: Request complete deletion of your data
• Data portability: Receive your data in machine-readable format
• Right to object: Object to processing for legitimate interests
• Automated decision-making: Request human review of automated decisions
• Supervisory authority: Lodge complaints with your local data protection authority

EU Representative

For GDPR-related inquiries, contact our EU representative at gdpr@xautomation.com

12. CCPA Compliance (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

Your CCPA Rights

• Right to know: What personal information we collect, use, and share
• Right to delete: Request deletion of your personal information
• Right to opt-out: We do not sell personal information
• Right to non-discrimination: Equal service regardless of privacy choices

Categories of Personal Information

• Identifiers: Email, name, account IDs
• Commercial information: Subscription and payment history
• Internet activity: Usage data and interactions
• Inferences: Preferences derived from your activity

Disclosure

We do NOT sell personal information. We may share data with service providers as described in Section 4.

To exercise your CCPA rights, contact privacy@xautomation.com

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements.

How We Notify You

• Update the "Last Updated" date at the top of this page
• Send email notification for significant changes
• Display a notice in the Service for material changes
• Give you 30 days to review before changes take effect

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: