Privacy Policy

Effective: January 1, 2025

Last updated: March 2025

Version: 1.2

Contents

  1. Information We Collect
  2. How We Use Your Information
  3. Twitter / X OAuth Data
  4. The Exchange Marketplace
  5. Credits & Payments
  6. Data Sharing & Third Parties
  7. Data Retention
  8. Your Rights & Choices
  9. Security
  10. Contact Us

TestimonialX is a platform that helps businesses collect and display social proof. This policy explains what data we collect, why we collect it, and how you can control it. We are committed to being transparent and not selling your personal data.

1. Information We Collect

We collect the following categories of information when you use TestimonialX:

  • Account information — your name, email address, and profile photo, provided via Twitter/X OAuth during sign-in.
  • Twitter/X identity data — your Twitter/X username, user ID, and public profile details returned by the Twitter OAuth 2.0 API.
  • OAuth tokens — access tokens and refresh tokens issued by Twitter/X to enable actions on your behalf (e.g., posting tweets in the Exchange).
  • Testimonial content — testimonials you submit, receive, or display through our platform, including associated metadata (timestamps, source URLs).
  • Credit and transaction records — your credit balance, purchase history, and exchange activity.
  • Usage data — pages visited, actions taken, device type, browser, IP address, and referrer.
  • Payment information — billing details processed by Dodo Payments (we do not store full card numbers).

2. How We Use Your Information

We use the information we collect to:

  • Authenticate you and maintain your account session securely.
  • Operate the testimonial collection, display, and embedding features.
  • Facilitate the Exchange marketplace, including matching requests, executing tweets on your behalf, and awarding credits.
  • Process credit purchases and payouts through Dodo Payments.
  • Generate programmatic SEO pages for your testimonial widgets.
  • Send transactional emails (account activity, credit changes, exchange completions).
  • Detect and prevent fraud, abuse, or policy violations.
  • Improve platform performance and develop new features (using anonymised or aggregated data).

We do not use your data for advertising or sell it to third parties for marketing purposes.

3. Twitter / X OAuth Data

When you connect your Twitter/X account via OAuth 2.0, we receive and store:

  • Your Twitter user ID and username.
  • A short-lived access token and a refresh token used to act on your behalf.
  • Basic public profile information (display name, avatar URL).

We use these tokens exclusively to enable Exchange features where you have explicitly opted in. We never post tweets outside of Exchange actions you have approved. You may revoke access at any time from your Twitter/X account settings or from your TestimonialX profile — doing so will immediately disable Exchange participation and we will delete your stored tokens.

4. The Exchange Marketplace

The Exchange is a feature where TestimonialX users agree to post tweets on each other's behalf in return for credits. By participating, you understand that:

  • You explicitly authorise TestimonialX to post a specific tweet on your behalf at the time you accept an exchange request.
  • The tweet content is determined by the requesting user and reviewed against our content guidelines before posting.
  • Each exchange action is logged and associated with your account for transparency.
  • Other participants in an exchange will see your Twitter username as the posting account.

5. Credits & Payment Data

TestimonialX uses a credit-based system. Credits can be earned through the Exchange or purchased. Payment processing is handled by Dodo Payments, a PCI-compliant payment processor. We receive a transaction confirmation and billing metadata (amount, currency, last 4 digits of card) but do not store full payment card details on our servers. Your credit balance and transaction history are stored in our database and associated with your account.

6. Data Sharing & Third Parties

We share your data only in the following circumstances:

  • Dodo Payments — for processing credit purchases.
  • Twitter/X API — for OAuth authentication and Exchange actions.
  • Infrastructure providers — Convex (database), Vercel (hosting). These processors handle data on our behalf under appropriate data processing agreements.
  • Legal requirements — if required by law, court order, or to protect the rights and safety of our users.

We do not sell, rent, or trade your personal data.

7. Data Retention

We retain your account data for as long as your account is active. If you delete your account:

  • OAuth tokens are revoked and deleted immediately.
  • Testimonials you submitted to others may be retained in a de-identified form unless the receiving user also deletes them.
  • Transaction records are retained for 7 years to comply with financial regulations.
  • All other personal data is deleted within 30 days.

8. Your Rights & Choices

Depending on your location, you may have rights including:

  • Access to the personal data we hold about you.
  • Correction of inaccurate data.
  • Deletion of your account and personal data.
  • Portability of your data in a machine-readable format.
  • Objection to or restriction of certain processing.
  • Withdrawal of OAuth authorisation at any time.

To exercise these rights, contact us at the address below or use the account settings in your dashboard.

9. Security

We implement industry-standard security measures including RS256-signed JWTs for session authentication, server-side identity verification for all data operations, HTTPS-only data transmission, and encrypted storage of OAuth tokens. No system is completely secure; we encourage you to use a strong, unique password and to review connected applications in your Twitter/X settings regularly.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Email: testimonialxmail@gmail.com