Mass Tweet Deleter — Privacy Policy

Last updated: 2026-04-30 · Effective worldwide

This page describes what data the Mass Tweet Deleter Chrome extension and its supporting backend collect, why, and how it is handled. Compliant with Chrome Web Store Developer Program Policies and EU GDPR (Regulation 2016/679).

1. Identity of the data controller

Sydney Boisseau, sole proprietor (entreprise individuelle) registered in France, located in Mérignac (33700). Contact: contact@sydney-boisseau.com.

2. What this extension does

Mass Tweet Deleter is a privacy-focused Chrome extension whose single purpose is to let the authenticated user bulk-delete their own content on a single target platform. It does not access, scrape, or process content owned by other users.

3. Data we collect — by Chrome Web Store category

Category	Collected?	What & why
Personally identifiable information	No	We never collect names, addresses, phone numbers, IP addresses, or platform usernames.
Health information	No	Not collected.
Financial and payment information	No (handled by Stripe)	Card details are entered on Stripe's secure checkout page — we never see them. We receive only an anonymized customer ID and the user's email after purchase, via Stripe webhook.
Authentication information	Yes (license key only)	A randomly generated UUID we use as your license key. It is not tied to any external account.
Personal communications	No	We never read or transmit your messages, posts, comments, or any other communications.
Location	No	We do not request geolocation. We do not log IP addresses.
Web history	No	We do not track which pages you visit.
User activity	Aggregate counts only	We count the number of deletion actions per device per day to enforce the free-tier quota. We do NOT store what was deleted, the platform's item IDs in cleartext, or any content body.
Website content	No	The content you delete (posts, comments, conversations, tweets) is processed entirely in your browser and never reaches our servers.

4. Local-only data (stays in your browser)

Anonymous device ID: a random UUID generated on first install, stored in chrome.storage.local. Used to bind your license to this browser without requiring a user account.
License key: a UUID we generate and you receive after purchase. Stored locally so you stay Premium across browser restarts.
Session state (some extensions): wizard progress in chrome.storage.session — wiped automatically when you close the browser.

5. Data we send to our backend

The only data sent from your browser to our backend (mass-tweet-deleter.sydney-boisseau.com) is:

Your device_id (UUID) and license_key (UUID) for license verification
An anonymous count of deletion actions, plus the platform's opaque item IDs (e.g. tweet ID, comment ID), for free-tier quota enforcement and audit. The text/content of the items is never sent.

6. Third-party processors

Processor	Purpose	Data shared
Stripe (Ireland)	Payment processing	Email, payment method, country (Stripe collects directly from the checkout page). See stripe.com/privacy.
OVHcloud (France)	VPS hosting (backend)	License keys + anonymous counters as described above. See ovh.com/privacy.

We do not use any analytics SDK, advertising tracker, A/B testing tool, or third-party JavaScript.

7. How we use your data

To verify your license tier (free vs Premium) on each session
To enforce the free-tier deletion quota
To process your payment via Stripe (if you upgrade)
To send you a transactional receipt by email (Stripe handles delivery)
To respond to your support requests (if you email us)

We do not profile, segment, or sell any data. We do not perform automated decision-making producing legal effects on you.

8. Data retention

License records: kept for the lifetime of your subscription + 1 year (French accounting/legal compliance)
Anonymous deletion counters: kept 90 days then purged
Stripe payment records: handled by Stripe under their retention policy
Support emails: kept for 3 years

9. Your GDPR rights

If you reside in the European Economic Area (EEA), the United Kingdom, or California, you have the right to:

Access the data we hold on you (Art. 15 GDPR / CCPA right to know)
Rectify incorrect data (Art. 16)
Erase your data (Art. 17 — right to be forgotten)
Export your data in a portable format (Art. 20)
Object to processing or restrict it (Art. 18, 21)
Lodge a complaint with your supervisory authority (CNIL in France: cnil.fr)

To exercise any of these, email contact@sydney-boisseau.com with your license key. We respond within 30 days. The extension also exposes API endpoints GET /api/v1/me/export and DELETE /api/v1/me for direct programmatic access.

10. International data transfers

All data is stored on servers located in France (OVHcloud). Stripe processes payments through their infrastructure (EU + US, with Standard Contractual Clauses for transfers).

11. Cookies and tracking

The extension does not set any cookies. The backend does not set tracking cookies. No browser fingerprinting or device tracking takes place.

12. Children

Mass Tweet Deleter is not directed to children under 13. We do not knowingly collect data from minors.

13. Changes to this policy

We may update this Privacy Policy. Material changes will be surfaced in the extension's popup. Continuing to use the extension after a change constitutes acceptance.

14. Contact

Sydney Boisseau (EI) — Mérignac (33700), France
Email: contact@sydney-boisseau.com