What Does Twitter/X Collect? Key Privacy Facts Users Should Know

Quick Summary

What They Collect: Account info, posts, DMs, device/browser data, location, payment, ad interactions, and inferred profiles. (X)
How They Use & Share It: Personalize content and ads, measure performance, share with advertisers, service providers, and affiliates.
Your Rights: Access, correct, download, deactivate/delete account, withdraw consent, and limited opt-outs in settings.

Why You Should Care About Twitter/X's Privacy Practices

X collects high-risk data including direct message contents, device identifiers, location, and payment details, increasing exposure if breached.
Your data is used for profiling and targeted advertising and may be used to train machine learning models, affecting personalization and privacy.
Data is transferred internationally and shared with many third-party partners and advertisers, raising risks from cross-border data flows.
Some identifiers are retained indefinitely (e.g., for suspended accounts), limiting how fully you can erase your presence or history.

Privacy Highlights

What They Collect

Account information (display name, username, password, email, phone)
User content and files (posts, photos, videos, replies, bookmarks, lists, Communities)
Direct Messages (message contents, recipients, metadata)
Demographic information (age, inferred identity)
Feedback data / communications with support (emails, help requests)

How They Share Data

Business affiliates / corporate affiliates (data shared among group companies)
Service providers (payment processors, hosting, analytics, fraud detection)
Third-party partners (video/content partners, integrations, developer API clients)
Advertising partners and ad tech vendors (to deliver and measure ads)

Data Retention

Profile info and usage data kept for the duration of the account; payment records retained while using paid services (transactions longer as required); communications (emails) up to 18 months; cookies and similar tech up to 13 months; ad-view/interactions and partner-shared info up to ~12 months; some identifiers (e.g., for suspended accounts) may be kept indefinitely; can retain longer for legal, safety, or enforcement reasons.

Your Rights

Access data (view and download Your X Data)
Rectify data (edit profile and account settings)
Erase or limit processing (deactivate account, request deletion)
Object to processing / Restrict processing (object or restrict in certain contexts)

Detailed Analysis

Concerning Practices

Shares data with many third parties including advertisers, partners, and affiliates (broad sharing)
Collects extensive personal data (DM contents, device IDs, location, payment data)
Uses data for profiling and personalization including ML training and ad targeting
Transfers data internationally and relies on cross-border mechanisms (SCCs, DPF participation)
Retains some identifiers indefinitely for enforcement (suspended accounts) and keeps various data long periods
Limited opt-outs: some sharing (service providers, legal disclosures) is not controlled by the business-partner opt-out setting

Personal Data Types

Account information (display name, username, password, email, phone) User content and files (posts, photos, videos, replies, bookmarks, lists, Communities) Direct Messages (message contents, recipients, metadata) Demographic information (age, inferred identity) Feedback data / communications with support (emails, help requests) Payment information (credit/debit card number, CVV, billing address, transaction records) Profile information (public profile, professional account contact details) Sales and marketing data (ad interactions, ad-viewing history, audiences) Support data (communications with X, appeal records) Browser information (IP address, browser type, language, operating system) Geolocation information (approximate location, optional precise location) Service usage information (how you interact, viewing/listening history, device IDs, advertising ID) Website usage data / logs (referring page, access times, pages visited, X-generated identifiers, cookies) Information from other users and connected services (address book, data from linked accounts) Publicly available information (public posts accessible via APIs and embeds) Biometric information (collected based on consent for safety/identification) Inferred data and machine-learning derived profiles (interests, identity signals)

Tracking Methods

Essential cookies and similar technologies (X-generated identifiers) Analytics cookies (used for measurement and product improvement) Advertising cookies and ad technology (to serve & measure ads on and off X) Social media cookies / cross-site identifiers (via partners and embeds) Pixel tags and web beacons (implied by ad measurement and partner integrations) Local storage and device identifiers (device advertising ID, app identifiers)

Third Parties

Business affiliates / corporate affiliates (data shared among group companies) Service providers (payment processors, hosting, analytics, fraud detection) Third-party partners (video/content partners, integrations, developer API clients) Advertising partners and ad tech vendors (to deliver and measure ads) Third-party collaborators and data consumers (may use data for their own purposes, including AI training) Government authorities and law enforcement (when required by law or to prevent harm)

User Controls

Access data (view and download Your X Data) Rectify data (edit profile and account settings) Erase or limit processing (deactivate account, request deletion) Object to processing / Restrict processing (object or restrict in certain contexts) Data portability (download a copy of your posts and data) Withdraw consent (where processing is consent-based) Opt-out of marketing / Data sharing with business partners (in Privacy & Safety settings) Delete account (deactivate and queue for deletion; 30-day restore window) Authorized agent requests (agents may submit access/modification/deletion requests)

Twitter/X Privacy Summary