Privacy Policy

Data We Collect

The Extension collects and processes the following data:

  • Telegram User ID and Display Name used for authentication and account identification.
  • X/Twitter Post URLs that you provide or import for the bot to engage with.
  • X/Twitter Post Content including text and images, temporarily read to generate contextual AI replies. This content is not stored permanently.
  • Usage Counts including daily and monthly reply counts to enforce usage limits.
  • Device Fingerprint which is a locally generated identifier used to derive per-device security keys. This never leaves your device in raw form.
  • Extension Settings including your preferences such as voice preset, speed mode, and language, stored locally in your browser.

How We Use Your Data

  • Authentication: Your Telegram ID verifies your identity and subscription status.
  • AI Reply Generation: Post content is sent to third-party AI providers to generate contextual replies.
  • Usage Tracking: Reply counts are tracked to enforce daily and monthly limits.
  • Security: Device fingerprints and cryptographic signatures protect against unauthorized access.

Data Storage

  • Cloud Storage: Account data and usage counts are stored in Google Firebase (Firestore), hosted in the United States.
  • Local Storage: Extension settings, authentication tokens, and session state are stored locally in your browser using Chrome's storage API.
  • Retention:
    • Usage counts reset daily and monthly.
    • Security nonces are automatically deleted after 24 hours.
    • Account data is retained while your account is active.
    • Post content is processed in memory and not stored permanently.

Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Your data is only shared with the following services as necessary for the Extension to function:

  • Google Firebase for cloud infrastructure, data storage, and serverless functions.
  • Third-party AI providers for generating replies (see AI Providers section).
  • Telegram Bot API for authentication verification.

Third-Party AI Providers

Post content is sent to one or more of the following AI providers to generate replies:

OpenAI (GPT) Google (Gemini) Anthropic (Claude) DeepSeek xAI (Grok)

Each provider has its own privacy policy governing how they handle data sent to their APIs. Post content is sent only for the purpose of generating a reply and is subject to each provider's data retention policies.

Data Security

We implement the following security measures:

HMAC-SHA256 request signing
One-time nonces
Rate limiting on all endpoints
Firestore security rules
Per-device derived keys
HTTPS encryption

Your Rights

  • Access: You can view your usage data through the Extension.
  • Deletion: Uninstalling the Extension removes all locally stored data. To request deletion of server-side data, contact us via Telegram.
  • Opt-out: You can stop using the Extension at any time by disabling or uninstalling it.

Permissions

The Extension requires the following Chrome permissions:

  • activeTab / tabs: To interact with X/Twitter pages for posting replies.
  • storage: To save your settings and session state locally.
  • sidePanel: To display the Extension's user interface.
  • alarms: To schedule auto-session checks.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected on this page. Continued use of the Extension after changes constitutes acceptance of the updated policy.

Contact

For questions or concerns about this Privacy Policy, contact us via Telegram: @TogiXbt