Privacy Policy

Last updated: July 5, 2026

This Privacy Policy explains how squidX, operated by Axel Schapmann, an individual based in France ("we", "us"), collects and uses personal data. For any privacy question or request, contact axel.schapmann@gmail.com. We are the data controller for the processing described here.

1. Data we collect

  • Account data: your email address, used to sign you in and contact you about the Service.
  • Workspace configuration: the website, product description, keywords, and competitors you add so squidX knows what to monitor.
  • X connection: if you connect your X account, we store read-only access tokens so squidX can read your own posts and the people who engage with them. We never post, follow, or message on your behalf. You can disconnect at any time to revoke this.
  • Content we surface: public posts and public profile information (name, handle, bio, follower count, avatar) of people on X whose posts match your monitors or who engage with you. This is third-party personal data, discussed in section 4.
  • Payment data: handled by Stripe. We do not store your card number; we keep a customer reference and your plan status.
  • Usage data: basic, privacy-friendly analytics about how the site is used, via DataFast.

2. How we use your data

  • to provide, operate, and secure the Service;
  • to run the monitoring, classification, and lead features you set up;
  • to process payments and manage your subscription;
  • to communicate with you about your account and support requests;
  • to understand and improve how squidX is used.

3. Legal bases (GDPR)

We process your data to perform our contract with you (providing the Service), on the basis of our legitimate interest in operating and improving squidX and in monitoring public conversations, and, where required, on your consent (which you can withdraw at any time).

4. Data about people who are not our users

squidX processes publicly available information from X about people who are not squidX users, so that our customers can find relevant leads. We rely on legitimate interest for this and only process public data. If you are one of these people and want your data removed from squidX, email axel.schapmann@gmail.com and we will delete it.

5. Service providers we share data with

We share data only with providers that help us run the Service, under agreements that protect your data:

  • Supabase: database, authentication, and hosting.
  • Vercel: application hosting.
  • Stripe: payments and subscription management.
  • OpenAI: classifies inbox posts by intent. Post text is sent for classification and is not used to train their models.
  • Resend: transactional and product emails.
  • DataFast: privacy-friendly website analytics.
  • X (formerly Twitter): the source of monitored posts.

We do not sell your personal data.

6. International transfers

Some of our providers are located outside the European Economic Area (for example in the United States). Where that is the case, transfers are covered by appropriate safeguards such as the European Commission's Standard Contractual Clauses.

7. Retention

We keep your account and workspace data while your account is active. We delete or anonymize personal data when it is no longer needed, when you delete your account, or on a valid deletion request, subject to any legal obligations to retain certain records.

8. Your rights

We offer the following rights to all users, regardless of where you live: access to your data, correction, deletion, export (portability), objection to or restriction of processing, and withdrawal of consent. To exercise any of these, email axel.schapmann@gmail.com. If you are in the EU and believe we have mishandled your data, you can also lodge a complaint with your local authority (in France, the CNIL).

9. Cookies and analytics

We use a minimal set of cookies needed to keep you signed in. Our analytics provider, DataFast, is designed to be privacy-friendly and does not build advertising profiles of you.

10. Security

We take reasonable technical and organizational measures to protect your data, including access controls and encryption in transit. Sensitive credentials such as X tokens are stored server-side and are never exposed to the browser. No system is perfectly secure, but we work to keep your data safe.

11. Children

squidX is not intended for anyone under 18, and we do not knowingly collect data from children.

12. Changes

We may update this Policy from time to time. We will update the date above and, for material changes, notify you where appropriate.

13. Contact

For any privacy question or request, email axel.schapmann@gmail.com.