Privacy Policy

Last updated: May 2026

Data we collect

X Article Markdown Paste does not collect, store, or transmit any personal data, browsing data, or article content to our servers.

What the extension accesses

• Clipboard data on x.com/compose/articles/*: when you press Ctrl+V inside the X article editor, the extension reads the pasted Markdown text from the clipboard. It is parsed and rendered into the editor entirely within your browser.
• Image URLs you paste: if your Markdown contains http(s) image links, the extension's background script fetches each image so it can be uploaded into your X article via X's own media pipeline. Only URLs that you wrote into your Markdown are fetched.
• Local image files (optional): if you grant access to a local directory via the File System Access API, the extension reads referenced image files from that directory only when needed for upload. The directory handle is stored in IndexedDB; files themselves never leave your device until X uploads them.
• chrome.storage.local: used solely to store your license activation state, device ID, and a non-sensitive UI preference. Stored locally on your device only.

License validation

License keys are validated against our payment provider (Creem) via a privacy-preserving Cloudflare Worker proxy. The Worker sees only your license key and a randomly-generated device ID — never your name, email, IP-derived location, or any usage data.

What the extension does NOT do

• Does not collect any personal information
• Does not read your X account credentials, cookies, or sessions
• Does not track browsing history
• Does not access pages outside x.com/* and twitter.com/*
• Does not inject ads or third-party analytics
• Does not transmit your article content to any third party

Third-party services

• X (Twitter): all article writing happens through X's own editor and your active X session. The extension does not impersonate or bypass X.
• Image hosts: when you paste a Markdown link to an external image, that host's server will see one HTTP request — the same as if you visited the image URL directly in your browser.
• Creem (payment processor): handles purchases and license issuance. See Creem's privacy policy.

Data deletion

To delete all extension data, uninstall the extension from chrome://extensions. This removes the license, device ID, and any local preferences. To revoke your license server-side, email lengkuxiaomao@gmail.com.

Contact

For questions about this privacy policy, email lengkuxiaomao@gmail.com.

隐私政策

最后更新：2026 年 5 月

我们收集的数据

X 文章 Markdown 一键导入扩展不收集、存储或将任何个人数据、浏览数据或文章内容传输到我们的服务器。

扩展访问什么

• 在 x.com/compose/articles/* 上的剪贴板：你在 X 文章编辑器里按 Ctrl+V 时，扩展读取剪贴板中的 Markdown 文本。所有解析和渲染完全在你浏览器内完成。
• 你粘贴的图片 URL：如果 Markdown 含 http(s) 图片链接，扩展的 background 脚本会下载这些图片，再走 X 自己的媒体上传通道传入文章。仅下载你 Markdown 里写的 URL。
• 本地图片文件（可选）：如果你通过 File System Access API 授权了本地目录，扩展只在需要时读取该目录里被引用的图片文件。目录句柄存在 IndexedDB，文件本身只在 X 上传时离开你的设备。
• chrome.storage.local：仅存激活状态、设备 ID 和一些非敏感的 UI 偏好。仅本地存储。

激活码校验

激活码通过我们的 Cloudflare Worker 代理向支付平台（Creem）校验。Worker 只看到激活码和随机生成的设备 ID——不会拿到你的姓名、邮箱、IP 推断的位置或任何使用数据。

扩展不会做什么

• 不收集任何个人信息
• 不读取你的 X 账号密码、Cookie 或会话
• 不追踪浏览历史
• 不访问 x.com/* 和 twitter.com/* 之外的页面
• 不注入广告或第三方统计
• 不向任何第三方传输你的文章内容

第三方服务

• X（Twitter）：文章写作完全通过 X 自己的编辑器和你的登录态完成，扩展不冒充或绕过 X。
• 图片托管方：你粘贴外链图片时，对方服务器会看到一次 HTTP 请求——跟你直接在浏览器打开该图片 URL 相同。
• Creem（支付平台）：处理购买和激活码签发。见 Creem 隐私政策。

删除数据

到 chrome://extensions 卸载扩展即可清除所有本地数据（激活码、设备 ID、UI 偏好）。如需服务端吊销激活码，请邮件 lengkuxiaomao@gmail.com。

联系

关于本隐私政策的问题，请邮件 lengkuxiaomao@gmail.com。