✍️X Remark

Privacy Policy

Last updated: April 2026

Your privacy is important to us. This Privacy Policy explains what data X Remark collects, how it is used, and how it is protected.

X Remark is designed for a single purpose: helping you add, view, manage, and optionally sync private remarks and tags for X/Twitter accounts. We collect and use data only as needed to provide that functionality, account authentication, billing, security, and service operation.

1. Data We Collect

Local-only users (no sign-in): Notes, tags, aliases, saved X/Twitter account identifiers, app settings, and sync status are stored on your device using browser storage such as the Chrome Extension Storage API and IndexedDB. No local-only remark data is transmitted to our servers unless you choose to sign in and enable cloud sync.

Signed-in users (cloud sync): When you sign in with X to enable cloud sync, we store the following on our servers:

  • Your X user ID and screen name (obtained via OAuth)
  • Your remarks, tags, aliases, and related saved account data, such as X/Twitter handles, display name snapshots, profile URLs, and platform user IDs for accounts you save remarks for
  • Session tokens used to authenticate API requests
  • Sync metadata, including timestamps, device identifiers, sync versions, conflict state, and deletion markers
  • Plan and entitlement information used to enable paid features

We may also process limited technical data, such as IP address, user agent, request timestamps, error details, and server logs, to operate, secure, debug, and protect the Service.

2. Data We Do Not Collect

  • We do not request permission to post to X/Twitter, send messages, or modify your X/Twitter account.
  • We do not intentionally collect your private messages, password, payment card details, or full X/Twitter timeline.
  • We do not sell user data, use it for advertising, or build advertising profiles.

3. How We Use Your Data

  • To save, display, search, edit, and delete your private remarks and tags
  • To provide and maintain the cloud sync feature
  • To authenticate your identity across sessions and devices
  • To enforce plan limits and enable paid features
  • To process payments via Paddle (for paid plan users)
  • To monitor reliability, prevent abuse, investigate errors, and secure the Service

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes.

4. Third-Party Services

We use the following third-party services to provide, host, secure, and operate the Service. These providers may process user data or request metadata only as needed for their role:

  • X (Twitter) OAuth: Used to verify your identity and obtain your X user ID and screen name. We do not request permission to post to your account, send messages, or modify your X/Twitter account.
  • Supabase: Cloud database used to store user data and sync state.
  • Paddle: Payment processor for paid plan subscriptions. Paddle is the Merchant of Record and handles all billing data.
  • Cloudflare: Hosting, API delivery, security, and operational infrastructure for the Service.
  • Render: Hosting for the OAuth proxy used to complete X/Twitter authentication requests.

5. Data Sharing

We share data only with the service providers listed above, when required to operate the Service, comply with law, prevent abuse, protect rights and security, or complete billing and account management. We do not transfer user data to third parties for purposes unrelated to the extension's single purpose.

6. Data Retention and Deletion

Local data remains on your device until you delete it in the extension, clear browser extension data, or uninstall the extension. Cloud sync data is retained while your account is active or as needed to provide the Service.

You may request deletion of your cloud account data at any time by contacting us. After deletion, some backup, security, billing, or operational records may remain for a limited period where required for legal, accounting, fraud prevention, or security purposes.

7. Security

We use industry-standard practices to protect your data, including HTTPS for all data transmission and access-controlled databases. However, no method of transmission over the internet is 100% secure.

8. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date when changes are made. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or data deletion requests, contact us at support@xremark.bid.