Privacy Policy

X-Reply Guy is a Chrome extension that helps you draft replies on X (Twitter) using AI providers you configure. This policy explains what data the extension and our backend collect, why, and how you can control it.

1. What we collect

• Email (Pro purchasers only): If you buy Pro via Paddle, we store the email you provide to verify your purchase, send one-time activation codes (OTP), and validate Pro status across devices.
• Anonymous device identifier (free tier): We use a Firebase Anonymous Auth user ID to track your daily free generation count in Firestore. This ID is not linked to your name unless you later activate Pro with an email.
• Daily usage count: For free users, we store how many successful AI generations you used per UTC day (max 50) to enforce the free tier limit.
• Pro purchase metadata: Purchase date, price paid, Paddle transaction ID, and license status (active/refunded).
• API keys & settings: Stored locally on your device only (Chrome storage). Never sent to our servers.
• Reply history & dislikes: Stored locally on your device only.
• Tweet content you reply to: Read from the X page and sent directly to your chosen AI provider (OpenAI, Anthropic, Gemini, DeepSeek, OpenRouter, etc.) to generate replies. We do not store tweet text on our servers.

2. How data is used

• Enforce free-tier daily limits (50 generations per UTC day).
• Activate and verify Pro licenses (OTP email, JWT session).
• Process Paddle payment webhooks and handle refunds.
• Generate AI replies through providers you select with your own API keys.

3. Third-party services

• AI providers (user-configured): OpenAI, Anthropic, Google Gemini, DeepSeek, OpenRouter, and optional custom endpoints.
• Firebase (Google): Anonymous Authentication, Cloud Firestore, Cloud Functions.
• Paddle: Payment processing for Pro purchases.
• Resend (or equivalent): Transactional email for Pro OTP codes.

We do not sell your data. We do not use your data for advertising.

4. Data retention & deletion

• Local extension data is removed when you uninstall the extension or clear extension storage.
• Free-tier usage records expire naturally as daily counters reset at 00:00 UTC.
• OTP sessions expire after 10 minutes.
• To request deletion of Pro purchase records tied to your email, contact mozuno+xreplyguy@proton.me.

5. Security

All communication with our backend and AI providers uses HTTPS. Pro activation uses email OTP verification. OTP codes are stored hashed on our servers.

6. Children

X-Reply Guy is not directed at children under 13, and we do not knowingly collect personal information from children.

7. Changes

We may update this policy. The “Last updated” date below will change when we do.

8. Contact

Operator: X-Reply Guy (sole proprietor)
Questions about privacy: mozuno+xreplyguy@proton.me

← Back to homepage

Last updated: June 22, 2026