Privacy Policy
Last updated: March 10, 2026
1. Introduction
This Privacy Policy explains how Twigest ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our platform. We are committed to protecting your privacy and handling your data transparently.
2. Data We Collect
We collect the following types of data: • Account Information: Email address, name, and password (hashed) when you register. • Usage Data: Tracked X/Twitter accounts, keywords, digest preferences, delivery channel settings, and timezone. • Payment Data: Billing information is processed securely by Paddle. We do not store your credit card numbers or full payment details. • Technical Data: IP address, browser type, and device information for security and analytics purposes. • Digest Content: AI-generated summaries based on publicly available X/Twitter content you choose to track.
3. How We Use Your Data
We use your data to: • Provide and improve the Service — tracking accounts, generating digests, and delivering notifications. • Process payments and manage subscriptions via Paddle. • Send transactional emails (account verification, password resets, digest delivery). • Analyze usage patterns to improve the platform (aggregated, anonymized data only). • Ensure security and prevent abuse of the Service.
4. Data Sharing
We do not sell, rent, or trade your personal data. We share data only with: • Paddle — for payment processing (as Merchant of Record). • OpenAI — tweet content is sent to generate AI summaries. No personal data (email, name) is included in AI requests. • Email/Notification Providers — your email address or Telegram chat ID is used to deliver digests. All third-party services are bound by their own privacy policies and data processing agreements.
5. Cookies & Tracking
We use essential cookies for authentication (JWT session tokens). We do not use advertising cookies or third-party tracking pixels. Our website may use basic analytics to understand traffic patterns, but no personally identifiable information is shared with analytics providers.
6. Data Storage & Security
Your data is stored on secure servers hosted in Europe (Hetzner, Germany). We implement industry-standard security measures including: • Password hashing with bcrypt. • HTTPS encryption for all data in transit. • HMAC-verified webhook authentication. • HTML sanitization of AI-generated content to prevent XSS. • Access controls and audit logging for administrative actions.
7. Data Retention
We retain your data for as long as your account is active. Tweet data used for digest generation is retained for up to 90 days. If you delete your account, your personal data will be permanently removed within 30 days. Aggregated, anonymized analytics data may be retained indefinitely.
8. Your Rights
Depending on your jurisdiction, you may have the right to: • Access your personal data. • Correct inaccurate data. • Delete your account and associated data. • Export your data in a portable format. • Withdraw consent for data processing. • Lodge a complaint with a data protection authority. To exercise any of these rights, contact us at [email protected].
9. GDPR Compliance
For users in the European Economic Area (EEA), we process personal data based on: (a) your consent when you create an account; (b) contractual necessity to provide the Service; and (c) legitimate interest for security and improvement. You can withdraw consent at any time by deleting your account.
10. Children's Privacy
The Service is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. The "Last updated" date at the top of this page reflects the most recent revision.
12. Contact
For questions or concerns about this Privacy Policy, contact us at [email protected].