Last updated: July 13, 2026
This policy explains what personal data Xquik handles, why it uses that data, who receives it, and which choices may apply. Xquik is an independent third-party service. Not affiliated with X Corp. "Twitter" and "X" are trademarks of X Corp.
This policy explains how Xquik handles personal data when you use its websites, dashboard, application programming interface (API), webhooks, Model Context Protocol (MCP) server, and support channels. It covers account holders, visitors, API users, people who contact Xquik, and people whose public X data a user requests through a feature. It does not control the privacy practices of X Corp or other third parties.
Xquik collects account and contact data, including your email address, session records, and API key records. If you use Google sign-in, Xquik may receive your name and profile image. Xquik stores workflow data such as extractions, draws, monitors, webhooks, drafts, media, usage, and action history. Security systems may process an Internet Protocol address, device or browser details, request timing, errors, and abuse signals.
Billing data includes your plan, transactions, invoices, and payment status, but Xquik does not store complete card numbers. Support requests may contain messages and files you choose to provide.
Requesting a guest checkout does not require an Xquik account or email address. Under its privacy terms, Stripe may collect payment, billing, tax, and contact data and set cookies on the hosted page. Xquik may access transaction references, requested amounts, payment status, and related billing, contact, refund, or dispute data. Xquik uses this data to activate credits, reconcile balances, prevent abuse, manage tax, and meet legal duties.
When you connect an account, Xquik processes the credentials, session material, account identifiers, and permissions needed to maintain that connection. Xquik also processes drafts, posts, messages, media, action requests, and action results that you submit. Xquik encrypts connected-account credentials and limits access to them, but no security measure removes every risk.
Xquik receives data directly from you when you create an account, configure a workflow, connect an account, contact support, or make a payment. Xquik receives public content and account information from X when a feature requests it. Connected platforms provide data when you authorize access. Payment, email, security, and infrastructure providers return transaction and delivery records.
Xquik uses personal data to authenticate you, provide requested tools, execute connected-account actions, and deliver workflow results. At your direction, Xquik processes public X data for searches, extractions, monitors, and draws. Xquik also uses data to process billing, provide support, send transactional messages, maintain reliability, prevent abuse, enforce terms, and meet legal duties. Xquik does not use your data for third-party marketing.
Xquik processes data to perform a contract when it provides requested features and manages your account. Legitimate interests support security, fraud prevention, support, service improvement, and legal claims when those interests do not override your rights. Xquik relies on consent when required and on legal obligations for tax, accounting, compliance, and valid government requests. You may withdraw consent without affecting earlier lawful processing.
Xquik shares data with providers that support payment processing, transactional email, infrastructure, content delivery, storage, and security. Current providers include Stripe, Resend, and Cloudflare. Providers may use data only under their contracts and applicable law. At your direction, Xquik returns workflow results through the dashboard, API, MCP client, exports, or configured webhooks. Xquik may also disclose data to follow law, protect users or systems, investigate abuse, handle a business transaction, or act on your instructions.
Xquik and its providers may process personal data across national borders. Privacy protections and government access rules may differ between locations. Xquik uses contractual and technical safeguards when required for international transfers.
Xquik keeps account and connected-account data only while your account or requested feature requires it. Persistent service and failure logs generally remain for up to 30 days, while API call and usage records generally remain for 90 days. Support, workflow, billing, dispute, security, and compliance records may remain longer when service delivery, law, or a legitimate claim requires them. Deleted data may persist temporarily in restricted backups before scheduled removal.
Unpaid guest checkout links expire after 60 minutes. Xquik deletes eligible abandoned guest state after 45 days when it has no payment, credits, refund, dispute, or recovery activity.
Xquik uses transport encryption, credential protection, access controls, rate limits, monitoring, and restricted operational access. API keys and session tokens are stored as one-way hashes, while connected-account credentials are encrypted. No system can guarantee complete security. Report a suspected security issue to security@xquik.com.
Xquik uses first-party cookies for sign-in, security, authentication handoffs, and language preferences. The primary session cookie expires after 90 days. Temporary authentication cookies expire sooner, while the language preference cookie may remain for up to 1 year. Security-sensitive cookies use HttpOnly, Secure, and SameSite controls where applicable. Xquik does not use advertising or third-party analytics cookies. Blocking authentication cookies may prevent sign-in or authenticated features from working.
Depending on applicable law, you may request access, correction, deletion, restriction, objection, or portability. You may withdraw consent and complain to a competent data protection authority. Xquik may verify your identity, clarify a request, retain exempt data, or deny a request where law permits. Email privacy@xquik.com to submit a request.
California residents may request access, correction, deletion, or practice details directly or through a verified authorized agent. Xquik does not sell your account, connected-account credential, billing, support, or workflow data or share it for cross-context behavioral advertising. Paid tools may return public X data at a user's direction. Xquik will assess each request based on the data and applicable law without discriminating against you for exercising a privacy right.
Xquik is not directed to children under 13, and Xquik does not knowingly collect their personal data. Contact privacy@xquik.com if you believe a child provided personal data. Xquik will review the report and delete data when required.
Xquik may update this policy when data practices, features, or legal requirements change. Material changes appear here with a new effective date. Xquik will provide additional notice when applicable law requires it.
Xquik is the controller for personal data covered by this policy unless a separate written agreement states otherwise. Email privacy@xquik.com to ask a privacy question or exercise a right. Include enough detail to identify your request, but never send passwords, API keys, or connected-account credentials.