XReplyAI legal

Privacy Policy

Last updated: May 6, 2026

XReplyAI is a Chrome extension that helps you generate and polish reply drafts for X/Twitter posts. This policy explains what data the extension handles, why it handles that data, where it is stored, and when it is shared with third-party services.

Data XReplyAI collects or processes

XReplyAI only processes data needed to provide the extension's reply-generation and draft-polishing features:

  • Gemini API key: if you choose to save your own Google Gemini API key, the extension stores it locally in your browser profile so it can make requests to the Gemini API on your behalf.
  • Post content: when you click the XReplyAI button, the extension reads the text of the X/Twitter post you are replying to, the visible author display name, limited visible thread context, and up to four visible post image URLs when images are present.
  • Draft text: when you use the polish feature, the extension processes the text currently in your reply composer.
  • Preferences and usage state: the extension stores settings such as selected tone, reply length, default tone, license status, license key, free quota count, and last validation time.

How XReplyAI uses data

XReplyAI uses this data only to provide user-requested extension features:

  • To generate reply suggestions for the post you chose.
  • To polish a draft you typed into the reply composer.
  • To remember your extension settings between browser sessions.
  • To verify API access, quota state, and license status when applicable.
  • To insert a selected generated reply into the X/Twitter reply box or copy it to your clipboard when you choose that action.

Where data is stored

XReplyAI does not operate its own user account system or server-side database for extension content. Your Gemini API key, preferences, quota state, and license state are stored locally using chrome.storage.local in your browser profile. Generated replies and polished drafts may be cached temporarily in extension memory during the current background service worker session to avoid duplicate requests, but they are not saved by XReplyAI to a remote server.

Data sharing

XReplyAI does not sell, rent, or trade your personal data. XReplyAI does not use extension data for advertising, creditworthiness, or unrelated profiling. Data is shared only as needed to provide features you request:

  • Google Gemini API: when you request reply generation, XReplyAI sends the prompt, selected tone and length, post text, author display name, limited visible thread context, and any included post images to Google's Gemini API. When you request draft polishing, XReplyAI sends the draft text and selected polish style to Gemini. Requests are made directly from the extension using the Gemini API key saved in your browser.
  • X/Twitter media CDN: when a post includes images, XReplyAI may fetch the visible image files from pbs.twimg.com so they can be included in the Gemini request for multimodal reply generation.
  • Dodo Payments: if licensing or checkout is enabled for the build you use, license keys may be sent to Dodo Payments for validation and checkout may open on Dodo Payments. Payment details are handled by Dodo Payments, not by XReplyAI.

Data XReplyAI does not collect

  • XReplyAI does not collect your X/Twitter password.
  • XReplyAI does not read private messages or unrelated browser tabs.
  • XReplyAI does not track your browsing history outside supported X/Twitter pages.
  • XReplyAI does not store generated replies, tweet content, drafts, or API keys on an XReplyAI server.
  • XReplyAI does not sell user data or transfer it for advertising purposes.

Chrome permissions

XReplyAI requests the minimum permissions needed for its features. Thestorage permission stores local settings and keys. Content script access for x.com and twitter.com allows the extension to add the reply UI and read the post you are replying to on supported pages. Host permissions for generativelanguage.googleapis.com allow calls to the Gemini API. Host permissions for pbs.twimg.com allow the extension to fetch visible post images when you request image-aware reply generation. Host permissions for live.dodopayments.com allow license-key validation for paid lifetime unlocks.

User control and deletion

You can remove locally stored extension data by deleting saved values in the extension settings, clearing extension storage in your browser, or uninstalling the extension. If you use your own Gemini API key, you can revoke or rotate that key in your Google account. If you purchased through Dodo Payments, contact support for billing or license questions.

Security

XReplyAI stores settings in your local browser profile and uses HTTPS endpoints for third-party API requests. You should keep your Gemini API key and license key private and avoid using the extension on content you do not want sent to Gemini for processing.

Changes to this policy

We may update this Privacy Policy when the extension changes or when legal, platform, or operational requirements change. The "Last updated" date above will be updated when material changes are made.

Contact

Questions or privacy requests can be sent to tobiburofficial@gmail.com.