← tweetskill

Privacy Policy

Effective April 27, 2026

1. What We Collect

Account information: Your email address and name via Clerk (our authentication provider). Optionally, a username and avatar URL you set in Settings.

X data: When you analyze an X account, we fetch that account's public tweet history via the X API and store derived persona content (not raw tweets, except in a temporary cache). If you connect your own X account via OAuth, we store your encrypted access tokens to enable posting on your behalf.

Usage data: Draft counts, credit transactions, and feature usage — to enforce limits and credit you correctly.

Billing: Payment is handled entirely by Paddle. We store only a Paddle customer ID and subscription ID — never your card number or billing address.

Telegram: If you connect the Telegram bot, we store your Telegram chat ID to route messages to your account.

2. How We Use It

  • To provide and improve the Service
  • To enforce subscription limits and credit rewards
  • To process payments and manage subscriptions via Paddle
  • To send transactional emails (account-related only — no marketing without consent)
  • To display your public persona page at /p/[handle] if you opt in

3. Data Sharing

We do not sell your personal data. We share data only with:

  • Clerk — authentication and user management
  • Paddle — payment processing (Merchant of Record)
  • OpenRouter / LLM providers — tweet engagement stats sent for persona distillation (no personally identifiable information)
  • X (Twitter) — OAuth tokens used to fetch tweets and post on your behalf
  • Vercel — hosting infrastructure

4. Token Security

X OAuth tokens are encrypted at rest using AES-256-GCM before storage and are never returned in any API response or logs. The encryption key is stored as a secret environment variable separate from the database.

5. Public Profiles

If you choose to make a profile public, the extracted persona content and your username are visible to anyone at /p/[handle] and in the /explore gallery. You can make it private again at any time from your profile settings.

6. Data Retention

We retain your data for as long as your account exists. If you delete your account, your profiles, drafts, and personal data are deleted within 30 days. Cached tweet data (public tweets) may be retained longer as it is not personally identifiable.

7. Your Rights

You may request a copy of your data, correction of inaccurate data, or deletion of your account by emailing hello@tweetskill.com. EU/UK residents have additional rights under GDPR/UK GDPR — contact us to exercise them.

8. Cookies

We use only functional cookies required for authentication (set by Clerk) and OAuth flow state (temporary, cleared after login). No advertising or tracking cookies.

9. Changes

We may update this policy. Material changes will be communicated via email or an in-app notice. Continued use after changes constitutes acceptance.

10. Contact

Privacy questions: hello@tweetskill.com