WhatDoTheyCollect
Back to Home
Twitter/X logo

Twitter/X Privacy Summary

x.comLast updated: 03/17/2026
Social Media
High Exposure

X is a real-time social networking platform for short public posts, conversations, media sharing, advertising, and developer APIs to distribute public content.

This summary was generated using AI and may contain errors or omissions. Learn about our methodology. Always refer to the original privacy policy for legal purposes.

Quick Summary

X (formerly Twitter) collects extensive data on users and non-users alike — including signed-out visitors tracked by device fingerprints and email hashes. Your posts, DMs, location, device activity, ad interactions, and even inferred identity are used to build behavioral profiles for advertising. Grok AI is now explicitly trained on your data.

Read the full privacy policy

Why You Should Care About Twitter/X's Privacy Practices

X tracks you even when you're not logged in — it links your browser and device to an account or builds a profile without one. Your email address is hashed and matched against data from third-party advertisers to infer who you are. Grok, X's AI assistant, uses your content and interactions as training data. DMs are not end-to-end encrypted by default, meaning X can read them. Data is shared broadly with advertisers, business partners, and affiliates — and in an M&A scenario, all your data transfers to the new owner.

Why High Exposure?

  • Collects 18 types of personal data
  • 9 concerning practices identified
  • Shares data with 8 third parties
  • 9 tracking methods used
  • Limited user controls for data management
Learn more about our methodology →

Privacy Highlights

What They Collect

  • Account info (name, email, phone number, date of birth, password)
  • Profile content (bio, profile picture, header image, location field)
  • Posts, replies, retweets, quotes, and DMs (content and metadata)
  • Media uploads (photos, videos, GIFs, audio)
  • Payment info (credit/debit card for subscriptions and purchases)
  • Device info (browser type, OS, IP address, device ID, cookie data)
  • Usage and log data (views, searches, clicks, interactions, session duration)
  • Location data (GPS if permitted, IP-derived location always)
  • Ad interaction data (what ads you see, click, or engage with)
  • Cross-device identity inference (email hash matching, browser linking)
  • Signed-out user tracking (browsers and devices linked without an account)
  • Third-party partner data (advertiser data, linked account data)
  • Grok AI interaction data (your prompts and conversations with Grok)
  • Communications with X support

How They Share Data

  • Advertisers (targeted ad delivery and measurement)
  • Third-party service providers (infrastructure, analytics, fraud prevention)
  • Business partners (API partners, integrated services)
  • Law enforcement and government (legal requests, subpoenas, court orders)
  • Other users (your public profile, posts, and follower/following lists)
  • Affiliated companies (X Corp subsidiaries and partners)
  • Buyers or successors (in mergers, acquisitions, or asset sales)
  • Researchers (aggregated or de-identified data for public interest research)

Data Retention

Account data retained while active; after deletion, a grace period of up to 30 days applies before permanent removal. Legal holds, fraud investigations, and regulatory requirements can extend retention indefinitely.

Your Rights

  • Access your data (download your full archive)
  • Delete your account and content
  • Manage ad preferences and opt out of interest-based ads
  • Control location sharing and device permissions
  • Adjust notification and communication preferences
  • Two-factor authentication and account security settings
  • Opt out of Grok AI data use (via Privacy & Safety settings)

Detailed Analysis

Concerning Practices

  • Tracks signed-out users — builds profiles on people without accounts via browser/device fingerprinting
  • Email hash identity inference — matches your email against advertiser databases to infer identity and build cross-platform profiles
  • DMs are NOT end-to-end encrypted by default — X can technically read direct messages
  • Grok AI explicitly trained on your content and interactions (opt-out required, not opt-in)
  • Cross-device tracking even across devices you haven't linked
  • Real-time bidding shares behavioral data with ad partners at the moment you view content
  • Full data transfer to new owner in any M&A scenario — no consent required
  • Location inferred from IP even if you deny GPS permission
  • Third-party advertiser data merged with your X profile for targeting

Personal Data Types

Name, email address, phone number, date of birthProfile info (bio, picture, header image, location text)Posts, replies, quotes, retweets (content + timestamps)Direct messages (content and metadata — not E2E encrypted by default)Media (photos, videos, GIFs, audio recordings)Payment card data (for subscriptions like X Premium)Device identifiers (browser fingerprint, OS, device ID)IP address and network dataGPS location (if permission granted)IP-derived approximate location (always collected)Browsing and usage logs (pages viewed, searches, clicks, duration)Ad impression and click dataCross-device linked identity (email hash matching)Signed-out browser/device tracking dataGrok AI conversation content (prompts and responses)Third-party advertiser data (matched against your identity)Linked account data (if you sign in via X on other apps)Support and communication records

Tracking Methods

Cookies and similar tracking technologiesDevice fingerprinting (browser, OS, hardware characteristics)IP address and location inferenceCross-device identity linking (email hashes, browser pairing)Signed-out user tracking (non-account browser/device profiles)Ad interaction tracking (impressions, clicks, conversions)Real-time bidding data shared with ad partnersBehavioral profiling for ad targetingGrok AI usage tracking

Third Parties

Advertisers (behavioral targeting and conversion measurement)Ad measurement and analytics partnersThird-party app developers (via X API and OAuth integrations)Data broker and identity resolution partnersInfrastructure and cloud service providersLaw enforcement and government authoritiesX Corp affiliates and subsidiary companiesAcquirers (M&A transfers)

User Controls

No data available

Frequently Asked Questions About Twitter/X

Legal Disclaimer

This analysis is provided for informational purposes only and should not be used as legal advice. Privacy Exposure ratings and summaries are AI-generated assessments based on publicly available privacy policies — they are not statements of fact and may contain errors. Learn how ratings are determined. Consult with legal professionals for matters requiring legal guidance.