← Back to Rex

Privacy Policy

Last updated: March 2026

1. Introduction

Rex ("the Service") is operated by the Rex Team ("we", "us", "our"). This Privacy Policy explains how we collect, use, store, and protect your information when you use the Service. By using Rex, you consent to the practices described here.

2. Information We Collect

We collect the following types of information:

  • Account information: Your X/Twitter username, display name, profile picture, and email address (when provided).
  • X/Twitter data: Your tweets, engagement metrics (likes, retweets, replies, impressions), follower/following counts, and profile metadata accessed via the X API.
  • OAuth tokens: Access and refresh tokens required to maintain your X/Twitter connection. These are managed by Clerk and are not stored in Rex's application database.
  • Voice profile data: An AI-generated analysis of your writing style, tone, and content patterns derived from your tweets.
  • Usage data: Chat conversations with Rex, generated content, and interaction history within the Service.
  • Waitlist and billing: Email address for waitlist signup, and payment information processed through Clerk Billing (we do not store card details directly).

3. How We Use Your Information

  • To build and maintain your voice profile for personalized content suggestions.
  • To generate AI-powered tweet drafts, thread ideas, and coaching recommendations.
  • To display engagement analytics and growth metrics within the Service.
  • To post content to X/Twitter on your behalf when you explicitly request it.
  • To send you coaching emails, product updates, and account notifications.
  • To improve the Service and develop new features.

4. AI Processing

Rex uses AI models via OpenRouter to analyze your writing and generate content. Your tweets and voice profile data are sent to AI model providers for processing. Conversation summaries may also be sent to third-party memory services (such as Supermemory) to maintain coaching context across sessions. We do not use your data to train third-party AI models. AI-generated content is associated with your account and not shared with other users.

5. Third-Party Services

We use the following third-party services to operate Rex. Each has its own privacy policy:

  • Clerk — Authentication, user management, and OAuth token handling.
  • Supabase — Database hosting and data storage.
  • OpenRouter — AI model routing for content generation and voice analysis.
  • Clerk Billing — Payment processing for subscriptions. We do not store credit card numbers; Clerk Billing handles payment data.
  • Vercel — Application hosting and deployment.
  • Resend — Transactional and coaching emails.
  • Inngest — Background job processing for metrics collection, onboarding sync, and scheduled tasks.
  • Supermemory — Third-party memory service used to store and retrieve conversation summaries for improved coaching context.

6. Cookies & Local Storage

Rex uses cookies for Clerk-managed authentication and OAuth session management. We may use local storage to persist UI preferences. We do not use third-party tracking cookies or advertising pixels.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account or revoke X/Twitter access, we will delete your OAuth tokens, voice profile, and personal data within 30 days. Anonymized, aggregated usage data may be retained for analytics purposes.

8. Data Security

We implement reasonable security measures to protect your data, including database-level encryption for stored credentials, secure HTTPS connections, and access controls on our infrastructure. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Your Rights

  • Access: You can request a copy of the data we hold about you.
  • Deletion: You can request deletion of your account and associated data.
  • Revocation: You can revoke Rex's access to your X/Twitter account at any time through your X/Twitter settings.
  • Portability: You can request an export of your data in a standard format.

10. Children's Privacy

Rex is not intended for users under 18 years of age. We do not knowingly collect information from children. If we learn we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Continued use of Rex after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, please reach out to the Rex Team via the contact methods provided on our website.