Operative1 Privacy Policy

Effective date: March 13, 2026

Last updated: March 13, 2026

This privacy policy describes how Operative1 ("we", "us", "our") collects, uses, and protects your information when you use our Chrome extension and web dashboard.

1. What We Collect

When you use the Operative1 Chrome extension, we collect:

  • Twitter/X authentication cookies (auth_token and ct0) when you click "Connect Twitter" in the extension
  • Your Operative1 account email for linking your Twitter connection to your account

We do NOT collect:

  • Browsing history
  • Personal messages or DMs
  • Location data
  • Financial information
  • Health data

2. How We Use Your Data

  • Authentication cookies are used solely to post replies and content you have approved through the Operative1 dashboard
  • Cookies are stored encrypted on our servers and linked to your Operative1 account
  • We never use your cookies to read your DMs, access your personal data, or perform any action you haven't approved

3. Data Storage and Security

  • All credentials are encrypted using industry-standard AES encryption before storage
  • Credentials are only decrypted at the moment of posting an approved reply
  • Our servers are hosted on Railway with encrypted connections (HTTPS/TLS)

4. Third-Party Sharing

  • We never sell, share, or transfer your credentials to any third party
  • We never share your Twitter session with advertisers, analytics providers, or any external service
  • The only external service that receives your credentials is Twitter/X itself, when posting content you approved

5. Your Controls

  • Disconnect anytime: Remove your Twitter account from the Operative1 Settings page
  • Permanent deletion: Disconnecting permanently deletes your stored credentials from our servers
  • Instant stop: Uninstalling the Chrome extension immediately stops all posting activity
  • Full transparency: Review all pending and posted content in your Operative1 dashboard

6. Chrome Extension Permissions

  • "cookies" permission: Used to read your Twitter/X authentication cookies when you click Connect. Only reads cookies from the x.com domain.
  • "activeTab" permission: Used to detect if you are logged into Twitter/X

The extension does not:

  • Access any other websites
  • Track your browsing history
  • Modify any web pages

7. Data Retention

  • Your credentials are stored as long as your Twitter account is connected
  • Upon disconnection, credentials are permanently deleted within 24 hours
  • Account deletion removes all associated data including credentials, posting history, and analytics

8. Contact

For privacy questions or concerns:

Email: faryar.ghazanfari@gmail.com

For data deletion requests, email us and we will process your request within 48 hours.

9. Legal Basis for Processing (GDPR)

  • We process your data based on your explicit consent when you click "Connect Twitter"
  • You may withdraw consent at any time by disconnecting your account in Settings
  • Upon withdrawal, all stored data is permanently deleted

10. International Data Transfers

  • Our servers are located in the United States (Railway hosting, AWS infrastructure)
  • Data is transferred securely using TLS/HTTPS encryption
  • By using Operative1, you consent to the transfer of your data to the United States

11. Children's Privacy

  • Operative1 is not intended for use by anyone under the age of 16
  • We do not knowingly collect data from children
  • If we learn we have collected data from a child under 16, we will delete it immediately

12. California Privacy Rights (CCPA)

  • California residents have the right to know what data we collect
  • You have the right to request deletion of your data
  • You have the right to opt out of the sale of your data — we never sell your data
  • To exercise these rights, contact us at the email above

13. Changes to This Policy

  • We may update this privacy policy from time to time
  • Changes will be posted on this page with an updated "Last updated" date
  • Continued use of Operative1 after changes constitutes acceptance of the updated policy

14. Data Breach Notification

  • In the event of a data breach affecting your credentials, we will notify affected users within 72 hours via email
  • We will immediately rotate or invalidate any compromised credentials
  • We will notify relevant authorities as required by applicable law

15. Cookies Used by the Extension

  • auth_token: Twitter/X session authentication token. Used to authenticate posting requests.
  • ct0: Twitter/X CSRF protection token. Required for secure API requests.

Important:

  • These cookies are READ from your browser, not created by our extension
  • No tracking cookies, analytics cookies, or advertising cookies are used by our extension

16. Open Source

  • The Operative1 Chrome extension source code is available at github.com/fg7000/operative1
  • Users can inspect exactly what the extension does before installing
← Back to Operative1