Log in Get started

Privacy Policy

Last updated: 2026-01-01.

In plain English: We collect what we need to run the service (your email, X tokens, usage counters). Tokens are AES-256-GCM encrypted. We don't sell data, don't run analytics trackers, and use one first-party cookie to keep you logged in.

What we collect

  • Account info — email, password (hashed with scrypt + per-user salt), display name.
  • X account credentials — auth tokens and proxy strings you connect. Stored AES-256-GCM encrypted at rest.
  • Usage — per-slot daily counters, module run history, system logs (no message bodies in long-term storage).
  • Payments — handled by our payment processor. We retain transaction IDs and amounts; we never see card numbers.
  • Server logs — standard request logs (IP, user-agent, path, response code) retained for ≤30 days for abuse detection.

What we don’t collect

  • We don't read your X DMs or private content beyond what is needed to execute the modules you've enabled.
  • We don't share data with third parties for advertising. Period.
  • We don't sell, rent, or trade your data.

How we use it

  • To operate the service (run your modules, show your dashboard).
  • To bill you and enforce plan limits.
  • To detect abuse, prevent attacks, and respond to support requests.
  • To send transactional email (account confirmation, password reset, plan expiry).

Sharing

We share data only with the minimum set of vendors needed to run the service:

  • Hosting / database provider.
  • Email delivery provider (transactional email).
  • Payment processor.

Your rights (GDPR / CCPA)

You can request:

  • A copy of your data (data export).
  • Correction of inaccurate data.
  • Deletion of your account (we retain billing records as required by law, typically 6 years).
  • Withdrawal of consent for non-essential processing.

Email requests to [email protected].

Cookies

We use a single first-party session cookie (HttpOnly, SameSite=Strict) to keep you logged in. No analytics, no tracking, no third-party cookies.

Data retention

  • Account data — kept while your account is active, deleted on request.
  • Usage counters and logs — auto-purged after 30 days.
  • Billing records — retained as required by law (typically 6 years).

Security

X auth tokens and proxy credentials are AES-256-GCM encrypted at rest. Passwords are scrypt-hashed with a per-user salt. Session cookies are HttpOnly + SameSite=Strict. We use HTTPS throughout. See Security docs for details.

Contact

Privacy questions: [email protected].