XScoutXScout
PricingInstall Extension

Privacy Policy

Last updated: February 4, 2026

1. Introduction

XScout ("we", "our", or "us") is a Chrome Extension for X (Twitter) lead generation with AI-powered outreach. This Privacy Policy explains how we collect, use, and protect your personal data when you use our service.

2. Data Controller

Lukas van Uden
Lichtenrader Str. 55
12049 Berlin, Germany
Email: hello@xscout.app

3. Data We Collect

3.1 Account Data

  • Email address (for authentication)
  • X/Twitter username (to associate your scraped leads)
  • Subscription tier and usage statistics

3.2 Lead Data

When you use XScout to scan X search results, we collect publicly available profile information that X displays to you:

  • Display name and username (@handle)
  • Bio/description
  • Follower count
  • Recent tweets (for AI personalization)
  • User ID (for DM links)

Important: XScout does not scrape X. It only reads data that X already sends to your browser while you manually scroll through search results.

3.3 Generated Messages

AI-generated outreach messages are stored to enable the queue workflow and allow you to review/edit them before sending.

3.4 Payment Data

Payment processing is handled entirely by Stripe. We do not store credit card numbers or banking details. We only receive confirmation of successful payments and your subscription status.

4. How We Use Your Data

  • To provide the XScout service (lead scanning, AI message generation)
  • To authenticate you and manage your account
  • To track usage against your subscription limits
  • To process payments and manage subscriptions
  • To improve our service and fix bugs

5. Third-Party Services

We use the following third-party services to operate XScout:

5.1 Supabase (Database & Auth)

Location: EU (Frankfurt)
Purpose: User authentication, data storage
Privacy Policy: supabase.com/privacy

5.2 Stripe (Payments)

Location: USA (with EU data processing)
Purpose: Payment processing, subscription management
Privacy Policy: stripe.com/privacy

5.3 OpenAI (AI Generation)

Location: USA
Purpose: Generating personalized outreach messages
Privacy Policy: openai.com/privacy

Note: Lead data (bio, tweets) is sent to OpenAI to generate personalized messages. OpenAI does not use API data for training as per their data usage policy.

5.4 Vercel (Hosting)

Location: USA (with global edge network)
Purpose: Website and API hosting
Privacy Policy: vercel.com/legal/privacy-policy

6. Data Retention

  • Account data: Retained until you delete your account
  • Lead data: Retained until you delete it or your account
  • Generated messages: Retained until you delete them or your account
  • Usage logs: 90 days

7. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Object: Object to certain types of processing

To exercise these rights, contact us at hello@xscout.app.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS)
  • Row-level security in our database
  • Secure authentication via Supabase Auth
  • No storage of payment credentials

9. Cookies

The XScout Chrome Extension uses Chrome Storage API (not cookies) to store your preferences and session data locally. Our website may use essential cookies for authentication purposes only.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the extension.

11. Contact

For privacy-related questions or requests, contact us at:
hello@xscout.app