Privacy Policy

Legal Disclaimer: This Privacy Policy should be reviewed by a legal professional before production use to ensure compliance with GDPR, CCPA, and other applicable privacy regulations in your jurisdiction.

Last updated: 7/5/2026

1. Introduction

X Trust Radar ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our trust verification service for X (formerly Twitter) accounts.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

The Service does not require an account. There is no sign-up, no login, and no payment. The only information you actively provide is:

  • X Username: The public X (Twitter) handle you ask us to analyze. We use it solely to look up publicly available account data and generate a trust report.
  • Communication Data: If you contact us via email or support channels, we collect the content of your communications and contact information.

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

  • IP Addresses: We use your IP address to enforce a per-IP rate limit that prevents abuse. It is held in server memory only and cleared automatically; it is not stored in a database.
  • Usage Data: We may log which usernames are looked up and whether a cached or fresh result was served, to keep the Service running and prevent abuse.
  • Device and Browser Information: We may collect information about your device, browser type, and operating system for security and compatibility purposes.
  • Session Storage: Your browser's session storage is used to preserve your most recent search result during your visit. This stays in your browser and is not sent to us.

2.3 Public Data from Third Parties

When you request a verification, we fetch publicly available data about X accounts from a third-party data provider accessed via RapidAPI. This includes:

  • Account metadata (username, display name, profile picture, bio)
  • Account statistics (follower count, following count, tweet count)
  • Account status (verification status, account type, creation date)
  • Engagement metrics (likes, media posts, favorites)

This data is publicly available on X and is not considered personal information under privacy laws. However, we process it to generate trust reports, which are cached in server memory for up to 24 hours to improve service performance.

2.4 Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal bases:

  • Contract Performance: Processing necessary to provide the Service, i.e. verification processing.
  • Legitimate Interests: Processing for security, fraud prevention, service improvement, and enforcing a per-IP rate limit.
  • Consent: Where you have provided explicit consent, such as for optional marketing communications (if applicable).
  • Legal Obligations: Processing required to comply with legal obligations, such as tax record keeping under German law.

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Process verification requests and deliver trust reports.
  • Enforce Usage Limits: Apply a per-IP rate limit to prevent abuse and ensure fair access to the Service.
  • Improve Service Quality: Analyze usage patterns, optimize caching strategies, and enhance the trust scoring algorithm.
  • Ensure Security: Detect and prevent fraud, unauthorized access, and other security threats.
  • Communicate with You: Send authentication emails, respond to support requests, and notify you of important service updates.
  • Comply with Legal Obligations: Maintain records as required by law, including tax records under German GoBD requirements.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Data Storage and Security

The Service is stateless: we do not operate a user database. Verification results (public X data and trust reports) are held in server memory for up to 24 hours and then discarded. We implement appropriate technical and organizational measures in accordance with GDPR Article 32 (Security of Processing), including:

  • Encryption of data in transit (TLS/SSL)
  • No long-term storage of personal data or account credentials
  • Regular security assessments and updates

Data Location: Data is stored within the European Economic Area (EEA) where possible. When data is processed outside the EEA, we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data in accordance with GDPR requirements.

Despite our security measures, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

5. Data Sharing and Third-Party Services

We share information with a single third-party service provider:

5.1 RapidAPI

We use a third-party X (Twitter) data API accessed through RapidAPI to fetch publicly available account data. We send the username you ask us to check; the provider returns public account metadata. RapidAPI's privacy policy: https://rapidapi.com/privacy

5.2 Other Disclosures

We may disclose your information in the following circumstances:

  • Legal Requirements: When required by law, court order, or government regulation
  • Protection of Rights: To protect our rights, property, or safety, or that of our users or others
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to users)
  • With Your Consent: When you have provided explicit consent for specific disclosures

6. Your Privacy Rights

Under applicable data protection laws (GDPR, CCPA, and others), you have the following rights:

6.1 Right to Access (GDPR Article 15, CCPA)

You have the right to request a copy of your personal data that we hold. This includes information about what data we have, why we have it, and who we share it with.

6.2 Right to Rectification (GDPR Article 16)

You have the right to request correction of inaccurate or incomplete personal data. You can update your email address and account information through the Service interface or by contacting us.

6.3 Right to Erasure (GDPR Article 17, "Right to be Forgotten")

You have the right to request deletion of your personal data. We will delete your account and associated data within 30 days, subject to legal retention requirements (e.g., tax records must be retained for 10 years under German law).

6.4 Right to Restrict Processing (GDPR Article 18)

You have the right to request that we limit how we use your personal data in certain circumstances, such as when you contest the accuracy of the data.

6.5 Right to Data Portability (GDPR Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another service provider.

6.6 Right to Object (GDPR Article 21)

You have the right to object to processing of your personal data based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

6.7 Right to Withdraw Consent (GDPR Article 7)

Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

6.8 CCPA-Specific Rights (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

6.9 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@xtrustradar.com. We will respond to your request within 30 days (or as required by applicable law).

We may need to verify your identity before processing your request to protect your privacy and security.

7. Data Retention

We retain your personal data only for as long as necessary to provide our services and comply with legal obligations:

  • IP Addresses: Held in server memory only and cleared automatically. Not persisted to a database. Used solely for enforcing the rate limit.
  • Verification Results: Public verification data (X account metadata and trust reports) is cached in server memory for up to 24 hours to improve performance. This data is publicly accessible and not considered personal information.
  • Communication Records: Support emails and communications are retained for up to 3 years for customer service and legal purposes.

After the retention period expires, we will securely delete or anonymize your personal data, except where we are required to retain it for legal compliance.

8. Cookies and Browser Storage

We do not use cookies, and we set no advertising, analytics, or cross-site tracking technologies of any kind.

The Service stores one thing in your browser's session storage — your most recent search result — so it survives a page refresh during your visit. It is cleared when you close your browser, stays on your device, and is never sent to us. You can clear it at any time through your browser settings.

9. Children's Privacy

Our Service is not intended for children under the age of 16 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will delete that information.

10. Data Breaches

In the event of a data breach that may affect your personal information, we will:

  • Notify the relevant supervisory authority (in Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit) within 72 hours as required by GDPR Article 33
  • Notify affected users without undue delay if the breach poses a high risk to their rights and freedoms, as required by GDPR Article 34
  • Document all breaches and our response measures
  • Take immediate steps to contain and remediate the breach

We maintain incident response procedures and regularly review our security measures to prevent breaches.

11. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other legally recognized transfer mechanisms

Our service providers may process data in various locations:

  • RapidAPI (and the underlying X data provider): May process requests in various locations. See RapidAPI's privacy policy for details.

We ensure all transfers comply with GDPR and applicable German data protection laws. If you have questions about specific data transfers, please contact us.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Updating the "Last updated" date at the top of this page
  • Posting a notice on our Service
  • Sending an email notification (for significant changes)

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using the Service and request deletion of your account.

13. Supervisory Authority

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with a supervisory authority. In Germany, this is:

Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Graurheindorfer Str. 153
53117 Bonn, Germany
Website: www.bfdi.bund.de

If you are located in another EU member state, you may also lodge a complaint with your local data protection authority.

14. Contact Information

For questions about this Privacy Policy, to exercise your privacy rights, or to report a privacy concern, please contact us at:

Privacy Inquiries: privacy@xtrustradar.com

General Support: support@xtrustradar.com

(Note: Update these email addresses with your actual contact information before production deployment)