1. Introduction
This Privacy Policy describes how XLens ("we", "our", or "us") collects, uses, and protects your information when you use our browser extension and related services.
XLens is operated by Obsidian IT Consulting SRL, a company registered in Belgium.
2. Information We Collect
2.1 Data Collected from Twitter/X
When you hover over a Twitter/X profile while using XLens, we collect publicly available information:
- Public username (@handle) — stored locally + sent to server (cached)
- Public bio/description — stored locally + transmitted to server for AI analysis (not stored, only hash kept)
- Public follower count — stored locally + transmitted to server for AI analysis (not stored)
- Profile image URL — stored locally only
- Follow relationship status — stored locally only
Important: We only collect publicly available information that is visible to anyone on Twitter/X. We do not access private messages, protected tweets, or any non-public data.
2.2 Data You Provide
- Account information: Email address and display name when you create an account
- API key: For authenticating your extension with our backend
- Filter preferences: Your custom filtering settings (minimum follower count, whitelist/blacklist, niche description)
2.3 Data Stored Locally (IndexedDB)
The following data is stored locally in your browser's IndexedDB and never leaves your device:
- Twitter profile data: bio, follower/following counts, profile image URL, follow relationship status
- Cached niche scores (calculated server-side but stored locally)
- Your filter preferences
- Extension settings
2.4 Data Transmitted to Our Servers
- API key (for authentication)
- Filter preferences (for synchronization across devices)
- Twitter username (stored in cache for niche score)
- Twitter bio and follower count (transmitted for niche score calculation, not stored — only a hash of the bio is kept to detect changes)
3. How We Use Your Data
| Data Type | Storage | Purpose |
|---|---|---|
| Twitter username | Server (cached) | Identify profiles for niche score cache |
| Twitter bio & follower count | Transmitted only (not stored) | Calculate niche relevance scores via AI |
| Twitter profile data (image, relationship) | Local only (IndexedDB) | Display filtering insights in the extension |
| API key | Server | Authenticate your subscription and sync preferences |
| Filter preferences | Server | Apply your filtering rules across devices |
| Account information | Server | Manage your subscription and send important notifications |
4. Data Sharing
4.1 We Do NOT:
- Sell your data to third parties
- Share data with advertising platforms
- Share data with data brokers
- Use data for personalized advertisements
4.2 We May Share Data With:
- AI Service Providers: We use OpenRouter (with Google Gemini) to calculate niche relevance scores. Only the Twitter bio and follower count are sent for analysis - no personally identifiable information about you is shared.
- Hosting Providers: Hetzner (Germany/EU) for infrastructure hosting.
- Legal Authorities: If required by law or to protect our rights.
5. Data Security
- All data transmission uses HTTPS/TLS encryption
- API keys are securely hashed before storage
- Local data uses browser's built-in IndexedDB security
- Server infrastructure is hosted in the EU (Hetzner, Germany)
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Cached profiles (local) | Until you clear browser data |
| Server-side preferences | Until account deletion |
| Niche score cache | 30 days |
| Inactive accounts | Automatically deleted after 1 year of inactivity |
7. Your Rights
7.1 All Users
- Access: Request a copy of your data
- Deletion: Delete your account via the dashboard settings
- Export: Request data export by contacting us
- Opt-out: Uninstall the extension at any time
7.2 European Users (GDPR)
Under the General Data Protection Regulation (GDPR), you have additional rights:
- Right to rectification
- Right to data portability
- Right to object to processing
- Right to lodge a complaint with a supervisory authority
Legal basis for processing: Legitimate interest (providing the extension's core functionality). The processing of Twitter data is necessary to deliver the filtering and niche scoring features you signed up for.
7.3 California Users (CCPA)
- Right to know what data we collect
- Right to delete your data
- Right to opt-out of data sale (Note: We do not sell data)
- Right to non-discrimination
8. Children's Privacy
XLens is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
9. Third-Party Services
XLens interacts with the following third-party services:
- Twitter/X: Subject to Twitter's Terms of Service
- OpenRouter/Google Gemini: For AI-powered niche score calculations
- Polar: For subscription and payment processing
10. Limited Use Disclosure
XLens's use and transfer to any other app of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be communicated via:
- Updated "Last updated" date on this page
- Email notification for significant changes
- Extension update notes (when applicable)
12. Contact Us
For privacy-related questions or to exercise your rights, please contact us at:
- Email: al@obsidian-it.be
- Website: https://getxlens.com
Data Controller:
Obsidian IT Consulting SRL
Belgium