← Back to Rex

Privacy Policy

Last updated: March 2026

1. Introduction

Rex ("the Service") is operated by the Rex Team ("we", "us", "our"). This Privacy Policy explains how we collect, use, store, and protect your information when you use the Service. By using Rex, you consent to the practices described here.

2. Information We Collect

We collect the following types of information:

  • Account information: Your X/Twitter username, display name, profile picture, and email address (when provided).
  • X/Twitter data: Your tweets, engagement metrics (likes, retweets, replies, impressions), follower/following counts, and profile metadata accessed via the X API.
  • OAuth tokens: Access and refresh tokens required to maintain your X/Twitter connection. These are stored securely and encrypted at rest.
  • Voice profile data: An AI-generated analysis of your writing style, tone, and content patterns derived from your tweets.
  • Usage data: Chat conversations with Rex, generated content, and interaction history within the Service.
  • Waitlist and billing: Email address for waitlist signup, and payment information processed through Stripe (we do not store card details directly).

3. How We Use Your Information

  • To build and maintain your voice profile for personalized content suggestions.
  • To generate AI-powered tweet drafts, thread ideas, and coaching recommendations.
  • To display engagement analytics and growth metrics within the Service.
  • To post content to X/Twitter on your behalf when you explicitly request it.
  • To send you coaching emails, product updates, and account notifications.
  • To improve the Service and develop new features.

4. AI Processing

Rex uses AI models via OpenRouter to analyze your writing and generate content. Your tweets and voice profile data are sent to AI model providers for processing. We do not use your data to train third-party AI models. AI-generated content is associated with your account and not shared with other users.

5. Third-Party Services

We use the following third-party services to operate Rex. Each has its own privacy policy:

  • Supabase — Database hosting, authentication, and data storage.
  • OpenRouter — AI model routing for content generation and voice analysis.
  • Stripe — Payment processing for subscriptions. We do not store credit card numbers; Stripe handles all payment data.
  • Vercel — Application hosting and deployment.
  • Resend — Transactional and coaching emails.
  • Inngest — Background job processing for token refresh, metrics collection, and scheduled tasks.

6. Cookies & Local Storage

Rex uses cookies for authentication (session management and OAuth PKCE flow). We may use local storage to persist UI preferences. We do not use third-party tracking cookies or advertising pixels.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account or revoke X/Twitter access, we will delete your OAuth tokens, voice profile, and personal data within 30 days. Anonymized, aggregated usage data may be retained for analytics purposes.

8. Data Security

We implement reasonable security measures to protect your data, including encryption of OAuth tokens at rest, secure HTTPS connections, and access controls on our infrastructure. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Your Rights

  • Access: You can request a copy of the data we hold about you.
  • Deletion: You can request deletion of your account and associated data.
  • Revocation: You can revoke Rex's access to your X/Twitter account at any time through your X/Twitter settings.
  • Portability: You can request an export of your data in a standard format.

10. Children's Privacy

Rex is not intended for users under 18 years of age. We do not knowingly collect information from children. If we learn we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Continued use of Rex after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, please reach out to the Rex Team via the contact methods provided on our website.