ex. TweetScout
  • Main page
  • Trending
  • Early projects
  • Most searched
  • VC trends
  • Watchlist
API
Get started
Upgrade now

Sorsa Privacy Policy

Last updated: December 24, 2025

This Privacy Policy explains how Sorsa ("Sorsa", "we", "us", "our") collects, uses, discloses, and protects information when you use our websites, web applications, mobile versions of those services, and APIs (collectively, the "Services").

Not affiliated with X. Sorsa is an independent service and is not affiliated with, endorsed by, or sponsored by X Corp. References to "X" or "Twitter" are for descriptive purposes only.

If you do not agree with this Policy, do not use the Services.

1. Who we are and how to contact us

For privacy questions or requests, contact: [email protected].

Sorsa acts as a data controller for personal data processed through our Services as described in this Policy.

2. What this Policy covers

This Policy covers:

  • visitors of our landing pages (including API landing pages),
  • users of our web app (including API web app),
  • users of mobile versions of the above,
  • developers and customers using our APIs.

This Policy does not cover third-party websites, platforms, or services you access through links or integrations.

3. Information we collect

3.1 Information you provide

We collect the minimum data needed to create and manage an account, authenticate you, provide paid access, and support you.

Depending on how you sign up or log in, this may include:

  • Email address and password (if you use email and password)
  • Google OAuth data (typically your email and basic profile information, as provided by Google and authorized by you)
  • Crypto wallet address and authentication signatures (if you sign in with a wallet)
  • Telegram account identifiers (such as Telegram user ID, username, and other data Telegram shares via its login flow)
  • Support communications: messages you send via support chat or tickets, and any attachments you choose to provide

3.2 Payment information

Payments are processed by third parties:

  • Stripe (fiat payments)
  • Cryptomus (crypto payments)

We do not store your full card details or full payment credentials. We typically receive and store limited payment-related metadata such as:

  • payment status (successful/failed/refunded),
  • timestamps,
  • plan/subscription identifiers,
  • invoice or transaction identifiers,
  • amount and currency (where provided to us).

3.3 Information we collect automatically

When you use the Services, we collect technical and usage data such as:

  • IP address
  • user agent (browser and device info)
  • device identifiers (where available)
  • approximate location derived from IP (country/region level)
  • log data (access times, pages or screens viewed, referring URLs)
  • events and clicks (usage analytics)
  • performance and error data

3.4 Cookies and similar technologies

We use cookies and similar technologies for:

  • strictly necessary functionality,
  • preferences and features,
  • analytics,
  • marketing (where enabled).

See Section 7.

4. Public data from X and similar sources

A core part of Sorsa is analytics based on publicly available information from X (formerly Twitter) and other public web sources.

We may collect, store, and analyze public information such as:

  • handles and user IDs,
  • profile data visible publicly (name, bio, avatar, public metrics),
  • publicly visible posts and engagement metrics,
  • publicly visible follower/following relationships and related metadata (where accessible publicly),
  • derived analytics and scores generated from public inputs.

Important notes:

  • We do not claim ownership of third-party public content.
  • Our analytics may be probabilistic and not perfectly accurate.
  • We do not intentionally infer or use special category data (for example, political views, religion, health) as defined under GDPR.

If you believe we display inaccurate information about an account or want to raise a privacy concern, contact [email protected].

5. How we use information

We use information to:

  • provide and operate the Services (including authentication and account management),
  • deliver features, analytics, and API responses,
  • process subscriptions and confirm payment status,
  • provide customer support and respond to requests,
  • monitor, prevent, and investigate abuse, fraud, security incidents, and violations of our terms,
  • improve performance, reliability, and user experience (including debugging),
  • send service messages (important updates, security notices),
  • send marketing communications where permitted by law and based on your choices,
  • comply with legal obligations and enforce our rights.

6. Legal bases for processing (EEA/UK and similar regimes)

Where required by applicable law (including GDPR/UK GDPR), we process personal data based on:

  • Contract necessity: to provide the Services you request (account, subscription, APIs).
  • Legitimate interests: security, fraud prevention, service improvement, analytics, and maintaining and protecting our Services (balanced against your rights).
  • Consent: for optional cookies and similar technologies, and for marketing communications where consent is required.
  • Legal obligations: to comply with lawful requests and applicable laws.

You can withdraw consent at any time for activities based on consent (for example, marketing emails or non-essential cookies). Withdrawal does not affect processing that occurred before withdrawal.

7. Cookies and choices

We use the following categories of cookies and similar technologies:

  • Strictly necessary: required for core functionality (login, security, session management).
  • Functional: remember preferences and improve usability.
  • Analytics: understand how the Services are used and improve them.
  • Marketing: measure marketing effectiveness or support remarketing where enabled.

Your choices:

  • You can manage cookies via our cookie banner (where shown) and your browser settings.
  • Blocking certain cookies may impact functionality.

8. Sharing and disclosure

We treat personal data as confidential and share it only as needed for the purposes described in this Policy.

We may disclose information to:

8.1 Service providers

We may share data with vendors who help us run the Services (for example, hosting, analytics, security, customer support tooling). They are permitted to process data only on our instructions and for the agreed services.

8.2 Payment processors

Stripe and Cryptomus process payments. They process data under their own privacy terms where applicable.

8.3 Legal and safety

We may disclose information if we believe it is reasonably necessary to:

  • comply with law, regulation, legal process, or governmental request,
  • enforce our terms and protect our rights,
  • protect users and the public from harm, fraud, or security risks.

8.4 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to appropriate safeguards.

8.5 Aggregated or de-identified data

We may share aggregated or de-identified data that cannot reasonably identify you.

We do not sell personal data in exchange for money. If you are in a jurisdiction where "sale" or "sharing" has a broader legal meaning, contact us and we will address your request consistent with applicable law.

9. International data transfers

Your information may be processed in countries other than where you live, including countries that may have different data protection laws.

Where required, we use appropriate safeguards for cross-border transfers (for example, standard contractual clauses or other lawful mechanisms).

10. Security

We use reasonable administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, misuse, alteration, and destruction.

No method of transmission or storage is completely secure. You use the Services at your own risk.

11. Data retention

We retain personal data for as long as necessary to provide the Services and for legitimate business purposes, including security, dispute resolution, and legal compliance.

Typical retention logic:

  • Account data: retained while your account is active, and for a reasonable period after deletion to handle disputes, prevent abuse, and comply with legal obligations.
  • Logs and security records: retained for a limited period appropriate for security monitoring and incident investigation.
  • Support tickets: retained as needed to provide support and maintain service history.

You can request deletion as described below.

12. Your rights and choices

Depending on your location, you may have rights such as:

  • access to your personal data,
  • correction of inaccurate data,
  • deletion,
  • portability,
  • restriction or objection to certain processing,
  • withdrawal of consent (where applicable),
  • complaint to a data protection authority.

To exercise rights, email [email protected]. We may request reasonable information to verify your identity.

If you opt out of marketing emails, you may still receive service-related communications (for example, billing or security notices).

13. Business and API customers (B2B)

If you use Sorsa via an API or business plan, you may upload or provide lists, identifiers, or other data for processing.

In such cases:

  • you are responsible for ensuring you have a lawful basis to provide that data and to request processing,
  • we process such customer-provided data for the purpose of providing the Services and based on your instructions (where applicable),
  • we may retain limited records needed for security, billing, and compliance.

If you need a data processing addendum for enterprise procurement, contact [email protected].

14. Third-party links and services

Our Services may link to third-party websites or services (including X). Their privacy practices are governed by their own policies. We are not responsible for third-party content or practices.

15. Children

The Services are not directed to children and are not intended for individuals under the age required to consent to data processing in their jurisdiction (often 13 to 16). We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact [email protected].

16. Changes to this Policy

We may update this Policy from time to time. The updated version will be posted with a new "Last updated" date. Continued use of the Services after changes means you accept the updated Policy.

17. Contact

Email: [email protected]

Two blunt legal notes (so you do not get "openly" targeted)

  1. Not listing a legal entity and address can be a compliance issue in many places (GDPR transparency, consumer laws). Even a minimal controller identification is normally expected. If you keep it as-is, you are choosing risk.
  2. Saying "no subprocessors" is rarely true in SaaS because hosting, monitoring, email, and support tooling are almost always subprocessors. The policy above avoids that claim and stays accurate by describing categories instead.

If you want, I can also produce a matching Terms of Service in the same "short but not suicidal" style, so the two docs do not contradict each other.

Join our service
Join our service
Let's go!
E-mail
Twitter
Discord
Sorsa © 2026.ex. TweetScout
Privacy PolicyTerms of Service
X and the X logo are trademarks of X Corp.Sorsa is not affiliated with X Corp.