Privacy Policy

Effective Date: January 17, 2026

xchar.art ("we", "us", "our") is a simple web application that lets users generate and display a personalized pixel-art warrior character based on their X (formerly Twitter) profile picture and follower count.

We are committed to protecting your privacy. This Privacy Policy explains what information we collect when you use our service, how we use it, and your rights regarding that information.

This policy complies with applicable data protection laws.

1. Information We Collect

We collect only the minimum data necessary to provide the service.

Data we receive directly from X via Sign in with X (OAuth 2.0):

  • Your X username / handle
  • Your public profile image URL
  • Your public follower count (public_metrics.followers_count)
  • Your X user ID (for internal linking and to prevent duplicates)

We do not request or receive:

  • Your email address
  • Your X posts, DMs, likes, or any private/non-public data
  • Any other personal information beyond the above

Data we collect automatically when you use the site:

  • IP address (for security, abuse prevention, and basic analytics)
  • Browser type, device type, approximate location (country/region only), and basic usage data (pages visited, timestamps)
  • Cookies or local storage (only technical/functional – no tracking/advertising cookies)

We do not use any third-party trackers.

2. How We Use Your Information

We use the collected data only for the following purposes:

  • To authenticate you via Sign in with X and generate your unique character page
  • To display your character, title/rank, and profile image on your personal shareable page (xchar.art/@yourhandle)
  • To show the correct tier/title based on your current follower count (fetched only when you log in/sync)
  • To prevent abuse (rate limiting, duplicate claims, spam detection)
  • To operate, maintain, and improve the service (very limited server logs)

We do not:

  • Sell your data
  • Share your data with any third parties such as marketers or advertisers
  • Use your data for profiling, behavioral advertising, or AI training
  • Build user profiles beyond what's needed for the character page

3. Data Sharing & Disclosure

We share your information only in these limited cases:

  • With X (Twitter) as required by the Sign in with X OAuth flow (standard and controlled by X's own privacy policy)
  • With hosting/security providers (e.g., Vercel, Cloudflare) under strict data processing agreements
  • If legally required (court order, subpoena, etc.)

Your character page (including your X username, profile image, and generated title) is public by design — anyone who knows the URL can view it. This is the core purpose of the service.

4. Data Storage & Security

  • Data is stored only as long as your character page remains claimed (or until you request deletion).
  • We keep minimal data: username, user ID, last known follower count, profile image URL, and generated character assets.
  • We use industry-standard security measures (HTTPS, secure OAuth, access controls).
  • Data is hosted in the EU or with EU-compliant providers where possible.

5. Your Rights (GDPR & Similar Laws)

If you are in the EU/EEA (or similar protections apply), you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data (and your character page)
  • Restrict or object to processing
  • Data portability
  • Withdraw consent (though OAuth login itself is consent-based)

To exercise any rights, contact us at dbm.extensions@gmail.com. We will respond within one month (free of charge in most cases).

You can also delete your character at any time by contacting support.

6. Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect data from children under 13.

7. Changes to This Policy

We may update this policy occasionally. We will post the new version here with a new effective date. Significant changes will be communicated via the site or X announcement.

8. Contact Us

Questions about this Privacy Policy?