How does Twitter login work? Do you store my password?

We never see or store your password. When you log in with Twitter, you're redirected to Twitter's secure login page. Twitter handles your authentication and then sends us a temporary token that proves you're logged in. This token is stored securely in your browser (not our database) and expires automatically. We have no access to your Twitter password, only Twitter does.

Do you store my login credentials or authentication tokens?

Just to reiterate, no. We don't store passwords, authentication tokens, or any login credentials in our database. When you log in, Twitter provides us with a temporary session token that's stored securely in your browser's cookies. This token expires automatically and is never saved to our database.

What permissions does your app have?

Our Twitter Developer app only has Read permissions. This means:

• We can read your public profile information (username, name, profile picture)
• We can read your public tweets
• We cannot post on your behalf
• We cannot send DMs, follow accounts, or modify your profile

Even if we wanted to do more (which we don't), Twitter's API restrictions prevent us from doing anything beyond reading public information.

Can you post tweets on my behalf?

Again, no. Absolutely not. Our app only has read-only permissions. We physically cannot post, like, retweet, or interact with Twitter on your behalf. This is enforced by Twitter's API—we don't have the necessary permissions even if we wanted them.

You may have seen people sharing images of their rankings on Twitter. They did that themselves. Users download the image from their ranking page and upload it to Twitter themselves. We intentionally don't have any automatic posting features, as that would require write permissions we don't want or need. We believe in keeping our access to your account as minimal as possible.

What information do you save in your database?

Our database has only two tables:

• Products table: Contains product information (name, brand, images, etc.)
• Votes table: Contains your votes and rankings

Your username and Twitter ID are only saved in the votes table after you submit your list. If you log in but never create a ranking, we don't save your username in our database.

What analytics data do you collect?

We use Vercel Analytics to track:

• Your name (from Twitter profile) and a "logged in" status
• A "submitted" event when you submit your top 10 ranking
• General usage statistics (page views, country, browser type)

This data helps us understand how many people are using the app and how many complete their rankings. We use it solely to measure conversion rates and improve the user experience.

What is your data used for?

We use your data for a single, specific purpose: to record and display your product rankings. Your username appears on your public ranking page and in activity feeds, but only after you've submitted your list.

Do you sell or share my data?

No. We don't sell, rent, or share your personal data with third parties. The only data we collect is what's necessary to provide the voting service, and it's used exclusively for that purpose.

Can I delete my data?

Yes. If you'd like to have your data removed from our database, please contact us. We'll delete your votes and username from our system. Note that if you've shared your ranking publicly, you may want to consider that before deletion.

How is my data secured?

We use industry-standard security practices:

• All data is stored in Supabase, which uses encrypted databases
• Authentication is handled by Twitter's secure OAuth system
• We use HTTPS for all data transmission
• We follow the principle of data minimization: we only collect what we need

Is my ranking public?

Yes, once you submit your ranking, it becomes publicly viewable. Your ranking can be accessed via your username at /share/[your-username]. This is the core feature of the app, allowing people to see and share their top 10 product rankings. There is no way to disable this feature.