Privacy Policy

Region Hover for X / Twitter — Last updated: May 2026

What this extension does

Region Hover for X / Twitter shows you the X-determined "based in" region for any account whose profile picture you hover over. It does this by reusing the authentication tokens that your browser already holds from your own X session, to query X's own GraphQL API on your behalf.

Data we collect

This extension collects no personal data. Specifically:

• No data is sent to any server operated by the extension developer.
• No analytics, telemetry, or crash reporting is collected.
• No browsing history or tweet content is read or stored.

Data stored locally

The extension stores the following in your browser's local session storage only:

• Your X auth token and CSRF token — captured from your existing browser requests to X, used solely to make on-demand API calls to X on your behalf. These are never transmitted outside your browser session.
• GraphQL query IDs observed from X's own traffic — used to construct well-formed API requests.
• A short-lived in-memory cache of region results (30-minute TTL) — stored only in page memory for the current tab session, never persisted to disk.

All session storage is cleared when you close the browser.

Permissions used

• webRequest — to observe outgoing request headers from your browser to X's API. This is how the extension captures your existing auth token without requiring you to enter credentials. The extension reads headers only; it does not modify, block, or redirect any requests.
• storage — to persist the captured tokens across service worker sleep cycles within the same browser session.
• Host permissions for x.com / twitter.com — required to inject the hover UI and to make authenticated API calls to X on your behalf.

Third-party services

When you hover a profile picture, the extension calls X's GraphQL API at x.com/i/api/graphql/… using your own credentials. This request is governed by X's Privacy Policy. The extension developer has no involvement in or visibility into that request.

Children's privacy

This extension is not directed at children under 13 and does not knowingly collect any information from them.

Changes to this policy

If the extension's data practices change materially, this page will be updated and the extension version will be bumped.

Contact

Questions? Open an issue on the GitHub repository.