Privacy Policy

Last updated: 2026-01-16

This Privacy Policy explains how Web3 AI Reply (“we”, “our”, “the Extension”) collects, uses, stores, and shares information when you use our Chrome extension on x.com / twitter.com.

Summary

• The Extension helps you generate AI-powered reply suggestions and may like or send replies depending on the selected mode.
• Compliant Mode requires manual send; Automation Mode can auto-like and auto-send replies.
• The Extension runs only when you click and only in the active tab.
• To generate AI replies, your submitted text and required public tweet context are sent to our backend and then to our AI provider.
• We do not collect your X/Twitter password, do not access your private messages (DMs), and do not sell personal data.
• Minimal security/operational logs (e.g., timestamps, error codes, IP address, user-agent) may be processed for abuse prevention and reliability.

Scope & roles

• Controller / Provider: Web3 AI Reply
• The Extension operates on x.com / twitter.com only after you initiate an action. Scripts are injected only into the active tab upon user request.

Information we collect / process

1) User-provided content

• Tweet URLs you paste, select, or submit.
• Text you submit for AI reply generation (including any prompt/settings you provide).
• Optional feedback you type into the Extension UI.

2) Public page context (X/Twitter)

• Publicly visible tweet text, author handle, and visible metadata needed to generate a reply or perform a requested action.
• The current page URL and the specific tweet URL you are interacting with.

We do not access your private messages (DMs) and do not read content unrelated to your requested action.

3) Local extension storage

• Settings and preferences you configure in the Extension.
• Selected operation mode (Compliant / Automation).
• Stored locally via chrome.storage to persist behavior across sessions.

4) Account, authentication, credits (if enabled)

• Email address (to identify your account).
• Auth/session tokens (to keep you signed in).
• Credit balance, credit usage, and transaction status (to provide credits-based functionality).

5) Technical & security data (minimal)

• Request timestamps, basic diagnostics (error codes/messages), and extension version.
• IP address and user-agent may appear in standard server logs for security, rate limiting, and abuse prevention.

Information we do NOT collect

• Your X/Twitter password.
• Your private messages (DMs).
• Your full browsing history (beyond the active tab URL required to run your requested action).
• Personal data for advertising or resale.
• Sensitive personal data unless you explicitly type it into a prompt yourself.

How we use information

• To generate AI replies and perform actions you explicitly request (e.g., prepare a reply, like a tweet).
• To store your preferences and keep the Extension functional.
• To authenticate users and manage credits (if enabled).
• To prevent abuse, ensure stability, troubleshoot issues, and debug errors.

Permissions & why they are needed

• storage: to store your settings and preferences locally using chrome.storage.
• sidePanel: to display the Extension UI in the browser side panel.
• activeTab: to run only on the current tab after you click.
• scripting: to inject the Extension’s bundled scripts into the active tab after you initiate an action.
• Host permission: https://us-central1-web3-ai-reply.cloudfunctions.net/api/* — to communicate with our backend API (AI replies, authentication/credits if enabled).
• Optional host permissions: https://x.com/* and https://twitter.com/* — requested only when you initiate actions on those sites.

Third-party services & sharing

We share data only as necessary to provide the features you explicitly request. We do not sell personal data and we do not share data for advertising purposes.

• 1) Backend API (Google Cloud / Firebase Cloud Functions)
  Endpoint: https://us-central1-web3-ai-reply.cloudfunctions.net/api/*
  We may send the tweet URL, required public tweet context, and your selected settings/prompt to this endpoint to generate replies and provide features such as authentication or credits (if enabled).
  As part of hosting and operating this backend, Google Cloud/Firebase may process data as our infrastructure provider (including operational logging/monitoring).
• 2) AI Provider (third-party)
  To generate AI replies, our backend forwards the text you submit (prompt/settings) and the minimum required public tweet context to an AI provider for processing and response generation.
• 3) X (Twitter) / x.com
  When you choose to post a reply or like a tweet, those actions occur on the X website in your browser. X receives the submitted reply content and the like action as part of normal platform operation.
• 4) Payment processor (only if you sell credits/subscriptions)
  If payments are enabled, we may share necessary billing data with our payment processor to complete transactions. We do not store full payment card details.

Third-party services process data under their own policies. We only share the minimum data needed to provide the Extension’s functionality.

Remote code

The Extension does not download or execute remote JavaScript/Wasm code at runtime. All executable logic is bundled within the Extension package. The Extension communicates with external services only to send user-requested input and receive response data.

Data retention

• Local data: stored on your device until you clear extension data or uninstall.
• AI prompts and generated replies: we do not store the prompts you submit or the AI-generated replies in our database. They are processed transiently to fulfill your request.
• Account/credits data (if enabled): retained while your account is active and as needed to provide credits-based functionality. You may request deletion of account-related data, subject to limited retention required for legal, security, or fraud-prevention purposes.
• Logs (security/operations): minimal operational logs (e.g., timestamps, error codes, IP address, user-agent) may be retained for up to 30 days for security, abuse prevention, and troubleshooting, then rotated/deleted.

Security

We use HTTPS/TLS and reasonable safeguards to protect data in transit and at rest. While no system is 100% secure, we apply standard measures such as access controls and least-privilege practices.

Your choices

• You may uninstall the Extension at any time.
• You can clear stored settings via Chrome extension controls.
• You may request deletion of account-related backend data by contacting us.

Children’s privacy

The Extension is not intended for children under 13 (or the minimum age required in your country). We do not knowingly collect personal data from children.

Contact

• Email: web3aibot@gmail.com
• Website: https://web3aibot.github.io/Web3AIBot/

Changes to this policy

This Privacy Policy may be updated from time to time. The “Last updated” date will always reflect the most recent version.