XWarden 隐私政策

最后更新：2026-05-07

XWarden 是一款帮助 X（原 Twitter）用户屏蔽中文垃圾营销账号的浏览器扩展。我们重视你的隐私，本政策说明扩展会收集哪些数据、如何使用以及你的权利。

1. 我们收集的数据

1.1 仅在本地存储（不会上传）

• 服务端同步名单缓存与白名单（用户名、user id）
• 拉黑统计、最近活动记录（最多 500 条）
• 扩展配置项（后端地址、举报开关等）
• 匿名贡献者 ID（随机 UUID，用于去重，不关联你的 X 账号）

以上数据保存在浏览器的 chrome.storage.local，仅你本机可读取。卸载扩展即清除。

1.2 当你启用「加入举报众包」时上报到我们的服务器

仅当你主动点击评论区的 XWarden 屏蔽图标时，扩展会向我们的服务器（xwarden-api.richcalls.xyz）上传：

• 被举报账号的 user id、用户名（screen name）、昵称（display name）、头像 URL、个人简介
• 触发举报的那条评论的文本内容
• 匿名贡献者 ID、扩展版本号

我们不收集你自己的 X 账号信息、cookie、token、浏览历史或任何能直接识别你身份的资料。

1.3 X 原生屏蔽请求

当你主动点击 XWarden 屏蔽图标时，扩展会在 x.com 页面内使用当前登录会话调用 X 原生屏蔽接口，将目标账号加入你的 X 屏蔽列表。相关 cookie、token 和请求头只用于这次页面内请求，不写入本地存储，不上传到我们的服务器。

1.4 黑名单同步

扩展会定期从我们的服务器拉取「众包黑名单增量」。免费用户用于本地隐藏，Pro 用户可选择批量同步到本人 X 屏蔽列表；这一过程只会下载数据。

2. 使用目的

• 将你主动选择的账号加入本人 X 屏蔽列表
• 评估被举报账号是否为垃圾营销账号（由 LLM 自动复核）
• 维护并分发众包黑名单
• 改进过滤算法、修复 bug

我们不会将上述数据用于广告、用户画像、出售或与第三方共享（除按法律要求需配合执法机构外）。

3. 数据存储与保留

• 服务器位于 Cloudflare Workers / D1，数据存储在境外节点
• 原始举报记录最多保留 12 个月，之后仅保留聚合统计
• 众包黑名单条目长期保留，仅记录 user id 与最少必要字段

4. 你的权利

• 访问与导出：设置页「数据」标签可导出所有本地数据（JSON）
• 删除：设置页「重置全部」清空所有本地数据；卸载扩展同等效果
• 停止贡献：设置页关闭「加入举报众包」即可停止任何上报
• 申诉移除：若你发现自己的账号被错误纳入黑名单，可发邮件到下方联系方式申请人工复核

5. 第三方服务

• X / x.com — 执行你主动触发的原生屏蔽请求
• Cloudflare（Workers / D1 / 日志）— 用于运行后端服务
• DeepSeek（LLM 推理）— 自动复核举报内容是否属于垃圾营销，仅传输被举报账号的公开信息和评论文本，不传输你的身份信息

6. 儿童隐私

本扩展不针对 13 岁以下儿童设计，且不会有意收集儿童数据。

7. 政策更新

政策若有重大变更，我们会在发布新版本扩展时通过更新说明告知。生效时间以本页面顶部「最后更新」日期为准。

8. 联系方式

如有疑问或需要申请数据删除/账号申诉，请联系：
Email: [email protected]
GitHub Issues: github.com/richcalls/XWarden/issues

XWarden Privacy Policy

Last updated: 2026-05-07

XWarden is a browser extension that helps X (formerly Twitter) users hide Chinese spam/marketing accounts. This policy describes what data the extension collects, how it is used, and your rights.

1. Data We Collect

1.1 Stored locally only (never uploaded)

• Server-synced blocklist cache and allowlist (usernames, user ids)
• Block statistics and recent activity (up to 500 entries)
• Extension settings (backend URL, reporting toggle, etc.)
• An anonymous contributor ID (random UUID for deduplication; not linked to your X account)

The above is stored in chrome.storage.local, readable only on your device. Uninstalling the extension clears it.

1.2 Sent to our server only when "Join the report crowdsourcing" is enabled

Only when you actively click the XWarden block icon in a comment, the extension uploads to xwarden-api.richcalls.xyz:

• The reported account's user id, screen name, display name, avatar URL, and bio
• The text of the comment that triggered the report
• Anonymous contributor ID and extension version

We do not collect your own X account info, cookies, tokens, browsing history, or any directly identifying personal data.

1.3 Native X block request

When you actively click the XWarden block icon, the extension uses the current logged-in x.com session within the page to call X's native block endpoint and add the target account to your X block list. Related cookies, tokens, and request headers are only used for that in-page request; they are not written to local storage or uploaded to our server.

1.4 Blocklist sync

The extension periodically pulls a crowdsourced blocklist delta from our server. Free users use it for local hiding; Pro users can choose to sync it into their own X block list. This flow only downloads data.

2. Purpose

• Add accounts you choose to your own X block list
• Determine whether a reported account is a spammer (auto-reviewed by an LLM)
• Maintain and distribute the crowdsourced blocklist
• Improve filtering algorithms and fix bugs

We do not use this data for advertising, user profiling, sale, or sharing with third parties — except as required by law.

3. Storage & Retention

• Servers run on Cloudflare Workers / D1, hosted at Cloudflare's global network
• Raw report records are retained for at most 12 months; aggregated stats may be kept longer
• Blocklist entries are kept long-term, recording only the user id and minimum necessary fields

4. Your Rights

• Access & export: Options → Data tab lets you export all local data as JSON
• Delete: Options → "Reset everything" clears all local data; uninstalling the extension does the same
• Stop contributing: Toggle off "Join the report crowdsourcing" to stop all uploads
• Removal request: If your account was wrongly listed, contact us below for manual review

5. Third-party Services

• X / x.com — performs native block requests you actively trigger
• Cloudflare (Workers / D1 / logs) — runs our backend
• DeepSeek (LLM inference) — auto-reviews reported content for spam; only public info of the reported account and comment text is sent. Your identity is never sent.

6. Children's Privacy

This extension is not directed at children under 13 and does not knowingly collect their data.

7. Updates

If this policy changes materially, we will note it in the next extension release. The effective date is the "Last updated" date at the top.

8. Contact

For questions or to request data deletion / account appeal, reach out at:
Email: [email protected]
GitHub Issues: github.com/richcalls/XWarden/issues