Privacy Policy

Last updated: December 8, 2025

Introduction

Welcome to Xhancer ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our browser extension and website at xhancer.com (collectively, the "Service"). We are committed to protecting your privacy and ensuring transparency about our data practices.

Xhancer is a browser extension that enhances your X/Twitter web experience with features like export/archive, video download, @mention enhancement, search enhancement, user remarks, friend impressions, hot posts analytics, and more.

By using Xhancer, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

Information We Collect

1. Information You Provide to Us

Account Information:

• Email address (for account creation and authentication)
• Username and password (encrypted)
• X/Twitter account information (when using X login)
• Google account information (when using Google login)

Payment Information:

• Billing details and payment information (processed securely through Stripe)
• Subscription and purchase history
• Transaction records

User-Created Content:

• Remarks you add to X/Twitter users (nicknames, tags, descriptions)
• Friend Impressions (public comments about other users)
• Custom tags and categories you create
• Exported data preferences

Communications:

• Messages, inquiries, or feedback you send to us
• Customer support interactions

2. Information Automatically Collected

Browser Extension Usage:

• Extension installation and activation status
• Feature usage statistics
• Settings and preferences

Local Data (Stored on Your Device):

• Following list with pinyin transliterations
• User remarks and tags
• Browsing history within X/Twitter (videos watched, posts viewed for 30+ seconds)
• Daily browsing duration statistics
• Follower growth tracking data

Website Usage:

• Device information (operating system, device type)
• Browser information and settings
• Cookies and similar tracking technologies
• Page views, clicks, and navigation patterns
• Referral sources

Subscription and Authentication Data:

• Login timestamps and session information
• Subscription status and plan details
• API authentication tokens

3. Hot Posts Analytics Data

When you enable the Hot Posts Analytics feature:

• Posts with over 500 impressions that you view are recorded
• Post metadata including impressions, likes, retweets, comments, and follower counts
• This data is stored on our servers (Redis) for up to 1 month
• You will be informed when this feature is actively collecting data

4. Information from Third Parties

We may receive information from:

• X/Twitter (when you use X login authentication)
• Google (when you use Google login)
• Payment processors (Stripe) for transaction verification

How We Use Your Information

We use the collected information for the following purposes:

Service Provision

• Authenticate your identity and manage your account
• Verify your subscription status for premium features
• Process your payments and manage subscriptions
• Provide customer support and respond to inquiries
• Store and sync your remarks, tags, and preferences
• Display Friend Impressions to other users
• Calculate and display hot posts rankings

@Mention Enhancement

• Store your following list locally with pinyin transliterations
• Provide enhanced user matching when you type @ in posts
• This data is processed locally and helps match Chinese nicknames

Search Enhancement

• Provide quick access to advanced search features
• Enable profile-specific searches

Analytics and Statistics

• Track your daily X/Twitter browsing duration
• Monitor follower growth over time
• Record browsing history (videos watched, posts with 30+ second view time)

Service Improvement

• Analyze usage patterns to improve user experience
• Debug issues and optimize extension performance
• Develop new features and enhancements
• Conduct research and analytics

Communication

• Send service-related notifications and updates
• Provide subscription renewal reminders
• Deliver important security or policy updates
• Send promotional emails (with your consent, which you can withdraw)

Security and Compliance

• Detect and prevent fraud, abuse, or security incidents
• Enforce our Terms of Service
• Comply with legal obligations and regulations
• Protect our rights and property

How We Handle Your Data

Local Data Storage

The following data is stored locally on your device:

• Following list with pinyin transliterations (for @mention enhancement)
• User remarks, tags, and notes
• Browsing history and statistics
• Extension settings and preferences
• Draft posts and saved content

This locally stored data:

• Remains on your device unless you choose to sync or backup
• Can be exported and imported through the dashboard
• Is under your control and can be deleted at any time

Server-Stored Data

The following data is stored on our servers:

• Account information and authentication data
• Subscription and payment records
• Remarks and tags (synced for backup and cross-device access)
• Friend Impressions (public comments)
• Hot Posts Analytics data (when feature is enabled)

Friend Impressions

When you use the Friend Impressions feature:

• Your comments are public and visible to other Xhancer users
• Comments are displayed based on: mutual follows first, then users you follow, then high-follower accounts, then by recency
• We do not share your Friend Impressions outside of Xhancer
• You can delete your own Friend Impressions at any time

Data Storage and Security

Security Measures

We implement industry-standard security measures to protect your information:

• Encryption: All data transmitted between your device and our servers uses TLS/SSL encryption
• Secure Storage: Passwords are hashed using bcrypt; sensitive data is encrypted at rest
• Access Controls: Strict access controls limit who can access user data
• Regular Audits: Periodic security assessments and vulnerability testing
• Secure Infrastructure: Hosting on Cloudflare Pages/Workers with enterprise-grade security

Data Retention

• Account Data: Retained while your account is active, or as long as needed to provide services
• Payment Records: Retained as required by law and accounting regulations
• Hot Posts Data: Retained for up to 1 month in Redis
• Usage Logs: Typically retained for 90 days for security and analytics purposes
• Deleted Accounts: Data is permanently deleted within 30 days of account deletion request

Data Location

Your data may be processed and stored in various locations, including:

• Cloudflare's global network (primary infrastructure)
• Database servers (Cloudflare D1)
• Redis servers (for Hot Posts Analytics)
• Backup systems

Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

We share data with trusted third-party service providers who assist us:

• Stripe: Payment processing and subscription management
• Authentication Providers: X/Twitter and Google for social login
• Hosting Services: Cloudflare for infrastructure and CDN

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

Friend Impressions (Public Content)

• Your Friend Impressions are visible to other Xhancer users
• This is a core feature of the Service
• You control what you post and can delete your content

Legal Requirements

We may disclose your information if required to:

• Comply with applicable laws, regulations, or legal processes
• Respond to lawful requests from public authorities
• Enforce our Terms of Service or investigate violations
• Protect the rights, property, or safety of Xhancer, our users, or the public

Business Transfers

If Xhancer is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

With Your Consent

We may share your information for other purposes with your explicit consent.

Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences and settings
• Analyze usage patterns and improve our service
• Provide personalized experiences

Types of Cookies

• Essential Cookies: Required for authentication and core functionality
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how users interact with our service

You can control cookies through your browser settings. Note that disabling certain cookies may limit functionality.

Your Privacy Rights

Depending on your location, you may have the following rights:

Access and Portability

• Request a copy of your personal data
• Receive your data in a structured, machine-readable format
• Export your remarks, tags, and other data through the dashboard

Correction and Deletion

• Correct inaccurate or incomplete information
• Request deletion of your personal data (subject to legal retention requirements)
• Delete your Friend Impressions at any time

Objection and Restriction

• Object to processing of your personal data
• Request restriction of processing under certain circumstances
• Disable specific features (like Hot Posts Analytics) through settings

Withdrawal of Consent

• Withdraw consent for data processing where consent is the legal basis
• Opt-out of marketing communications
• Disable optional features through the extension settings

Do Not Sell My Personal Information

• We do not sell personal information (California residents)

To exercise these rights, please contact us at support@xhancer.com. We will respond within 30 days.

X/Twitter Integration

Xhancer integrates with X/Twitter to enhance your experience. Important:

• We access X/Twitter through your browser session
• We do not store your X/Twitter password
• Your interactions with X/Twitter are subject to X/Twitter's Terms of Service and Privacy Policy
• We recommend reviewing X/Twitter's privacy policies

Xhancer acts as an enhancement layer and is not affiliated with X Corp. or Twitter.

Children's Privacy

Xhancer is not intended for users under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will take steps to delete such information.

International Data Transfers

If you access our Service from outside the region where our servers are located, your data may be transferred across international borders. We ensure appropriate safeguards are in place for such transfers, including:

• Standard contractual clauses approved by relevant authorities
• Compliance with applicable data protection regulations
• Security measures to protect data in transit and at rest

California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: What personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information
• Right to Non-Discrimination: Equal service regardless of privacy rights exercise

To exercise these rights, contact us at support@xhancer.com or visit your account settings.

European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Legal Basis for Processing: We process data based on consent, contract performance, legal obligations, and legitimate interests
• Data Protection Officer: Contact dpo@xhancer.com for privacy concerns
• Right to Lodge a Complaint: You may file a complaint with your local supervisory authority

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. We will notify you of material changes by:

• Posting the updated policy on our website
• Updating the "Last updated" date at the top
• Sending an email notification for significant changes (if you have an account)
• Displaying a prominent notice in the extension

Your continued use of Xhancer after changes become effective constitutes acceptance of the updated policy.

Data Breach Notification

In the event of a data breach that may compromise your personal information, we will:

• Investigate and assess the scope of the breach
• Notify affected users within 72 hours of discovery
• Provide information about what data was affected
• Offer guidance on protective measures
• Notify relevant authorities as required by law

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: support@xhancer.com
• Website: https://xhancer.com

We will respond to your inquiry within 30 days.

Consent

By using Xhancer, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, please discontinue use of our Service immediately.