X AI Assistant · Chrome Extension

Privacy Policy_

This page explains exactly what data the X AI Assistant Chrome extension collects, where it goes, and how it is stored. Plain English, no dark patterns.

Last updated: May 7, 2026

The short version

→ We don't sell, rent, or share your data with advertisers.
→ We don't ask for your X login. The extension reads tweets that are already on screen, nothing else.
→ If you bring your own API key, your tweets go straight from your browser to your AI provider. We never see them.
→ If you use the Pro plan, prompts pass through our proxy so we can run the model on your behalf and count usage against your quota.
→ Anonymous, aggregated usage events go to Google Analytics so we know what to improve.
→ You can uninstall the extension at any time and all local data goes with it.

1. Who we are

X AI Assistant (the “extension”) is a Chrome extension built and maintained by Frédéric Legrand. This privacy policy applies to the extension and the supporting services running on fredericlegrand.me.

Questions, requests, or complaints? Email flegrand31@gmail.com.

2. What the extension does

The extension adds a small panel under the X (Twitter) reply box. When you click generate, it reads the tweet (and surrounding thread, if relevant), sends that text to an AI provider of your choice, and shows the suggested reply back to you. You decide whether to post it. Nothing is posted, liked, followed, or messaged automatically.

3. What data we process

a) Tweet content you ask us to work on. When you click generate, the visible tweet text and thread context are sent to your selected AI provider so it can write a reply. On the Pro plan, that request transits our proxy at fredericlegrand.me only so we can forward it to the model and count it against your quota.

b) Your API key (free / bring-your-own-key mode). If you choose to use your own OpenAI, Anthropic, or Google Gemini key, the key is encrypted (AES) and stored locally in Chrome's synced storage so it follows your Chrome profile. It is never transmitted to our servers; the extension talks directly to the AI provider from your browser.

c) Your settings. Tone preferences, points of interest, default style, creativity level, and similar configuration are stored in Chrome's synced storage. They never leave your Chrome profile.

d) Local analytics. Counts such as “how many replies you generated this week” are stored only on your machine via Chrome's local storage. You can wipe them in the extension settings or by removing the extension.

e) Pro account data. If you subscribe to Pro, we collect your email address (for license activation and the Stripe billing portal), an activation token, and monthly usage counters. Payments themselves are handled by Stripe — we never see your card details.

f) Anonymous product analytics. The extension sends anonymous usage events (e.g. “reply generated”, “tone selected”) to Google Analytics 4 via the Measurement Protocol. Each install gets a random UUID stored locally so we can deduplicate. We don't link this ID to your identity, your X handle, or the content of your tweets.

4. What data we do NOT collect

Your X / Twitter password or session cookies. The extension does not log you in or act on your behalf.
Your direct messages, follower list, or private timeline data.
Your browsing history outside x.com / twitter.com.
Your name, location, IP address (beyond what your AI provider and Stripe see for their own infrastructure), or device fingerprint.
Card or payment details — those go straight to Stripe.

5. Where your data goes

When you generate a reply, the relevant tweet text travels to one or more of the following destinations, depending on your configuration:

OpenAI (api.openai.com) — if you pick GPT models with your own key.
Anthropic (api.anthropic.com) — if you pick Claude models with your own key.
Google (generativelanguage.googleapis.com) — if you pick Gemini models with your own key.
Our proxy (fredericlegrand.me) — if you are on the Pro plan, so we can call the model on your behalf and count the call against your quota.
Google Analytics (www.google-analytics.com) — for anonymous, aggregated usage events.
Stripe — for Pro subscriptions, accessed through the customer portal link returned by our backend.

Each provider has their own privacy policy. By using the extension with that provider, you also accept their terms.

6. Storage and security

API keys are encrypted at rest using AES before being written to chrome.storage.sync. Settings, analytics counters, and subscription state live in Chrome storage and stay on your devices. Server-side data related to the Pro plan (email, activation token, usage counters) is stored in a Supabase Postgres database accessible only to the maintainer.

Your prompts are not used to train any model and are not shared with third parties beyond the AI provider that handles the request.

7. Permissions the extension requests

storage — to save your settings, encrypted API key, and local counters.
activeTab — so the panel can read the tweet you are currently looking at when you click generate.
Host access to x.com, twitter.com, the AI provider domains listed above, fredericlegrand.me, and www.google-analytics.com.

The extension does not request access to other websites, your downloads, your bookmarks, or your file system.

8. Your rights

You can:

Remove your API key and reset settings from the extension popup at any time.
Uninstall the extension. This wipes everything stored locally, including encrypted keys and analytics counters.
Cancel a Pro subscription from the Stripe customer portal, reachable from the extension.
Request deletion of your Pro account data (email, activation token, usage history) by emailing flegrand31@gmail.com. If you are in the EU/UK, you also have the rights granted by GDPR / UK GDPR — including access, rectification, and erasure.

9. Children

The extension is not directed at children under 13 (or under 16 in the EU). If you believe a child has provided personal data to us, contact us and we will delete it.

10. Changes to this policy

If this policy changes in a material way, the “Last updated” date at the top will move and a notice will be posted on this page. Continued use of the extension after a change means you accept the new version.

11. Contact

For privacy questions, deletion requests, or anything else, email flegrand31@gmail.com.

← Back to X AI Assistant Chrome Web Store →

The short version

→ We don't sell, rent, or share your data with advertisers.

→ We don't ask for your X login. The extension reads tweets that are already on screen, nothing else.

→ If you bring your own API key, your tweets go straight from your browser to your AI provider. We never see them.

→ If you use the Pro plan, prompts pass through our proxy so we can run the model on your behalf and count usage against your quota.

→ Anonymous, aggregated usage events go to Google Analytics so we know what to improve.

→ You can uninstall the extension at any time and all local data goes with it.

2. What the extension does

3. What data we process

c) Your settings. Tone preferences, points of interest, default style, creativity level, and similar configuration are stored in Chrome's synced storage. They never leave your Chrome profile.

4. What data we do NOT collect

Your X / Twitter password or session cookies. The extension does not log you in or act on your behalf.
Your direct messages, follower list, or private timeline data.
Your browsing history outside x.com / twitter.com.
Your name, location, IP address (beyond what your AI provider and Stripe see for their own infrastructure), or device fingerprint.
Card or payment details — those go straight to Stripe.

5. Where your data goes

When you generate a reply, the relevant tweet text travels to one or more of the following destinations, depending on your configuration:

OpenAI (api.openai.com) — if you pick GPT models with your own key.
Anthropic (api.anthropic.com) — if you pick Claude models with your own key.
Google (generativelanguage.googleapis.com) — if you pick Gemini models with your own key.
Our proxy (fredericlegrand.me) — if you are on the Pro plan, so we can call the model on your behalf and count the call against your quota.
Google Analytics (www.google-analytics.com) — for anonymous, aggregated usage events.
Stripe — for Pro subscriptions, accessed through the customer portal link returned by our backend.

Each provider has their own privacy policy. By using the extension with that provider, you also accept their terms.

6. Storage and security

Your prompts are not used to train any model and are not shared with third parties beyond the AI provider that handles the request.

7. Permissions the extension requests

storage — to save your settings, encrypted API key, and local counters.
activeTab — so the panel can read the tweet you are currently looking at when you click generate.
Host access to x.com, twitter.com, the AI provider domains listed above, fredericlegrand.me, and www.google-analytics.com.

The extension does not request access to other websites, your downloads, your bookmarks, or your file system.

8. Your rights

You can:

Remove your API key and reset settings from the extension popup at any time.
Uninstall the extension. This wipes everything stored locally, including encrypted keys and analytics counters.
Cancel a Pro subscription from the Stripe customer portal, reachable from the extension.
Request deletion of your Pro account data (email, activation token, usage history) by emailing flegrand31@gmail.com. If you are in the EU/UK, you also have the rights granted by GDPR / UK GDPR — including access, rectification, and erasure.