Privacy Policy

PostFrame Chrome Extension · Last updated: June 2025

PostFrame is a Chrome extension that lets you snapshot any X (formerly Twitter) post as a clean, shareable PNG card. This policy explains what data the extension accesses and how it is handled.

What data does PostFrame access?

When you are on x.com or twitter.com, PostFrame reads the following from the page DOM in your browser:

Post text, author display name, and @handle of the post you click to snapshot
The post's timestamp, engagement counts (replies, reposts, likes, views), and any attached image
The author's profile picture URL (fetched to render it correctly in the exported card)

This data is used solely to render the card preview and generate the PNG you download. It is not stored beyond the lifetime of the current browser session.

Avatar image fetching

To render the author's profile picture correctly in the exported PNG, PostFrame's background service worker fetches the avatar image from X's image CDN (pbs.twimg.com) and converts it to a data URL in memory. This fetch happens entirely within your browser — the image data is not sent to any PostFrame server or stored anywhere.

Does PostFrame collect or transmit personal data?

No personal data is collected or transmitted. PostFrame does not record, store, or share any X post content, usernames, or browsing activity with any PostFrame server or third party.

What is stored locally?

PostFrame uses chrome.storage.local solely to store your UI preferences (such as light or dark theme). This data never leaves your device and can be cleared at any time by removing the extension.

Permissions explained

activeTab — required to read the X post you are viewing in order to extract content for the card.
storage — used only for local UI preference storage as described above.
Host permission (x.com, twitter.com) — required for the content script to run on X pages and inject the snapshot button. The extension is completely inactive on all other websites.
Host permission (pbs.twimg.com) — required for the background service worker to fetch profile avatar images for correct rendering in the exported card.

Third-party services

PostFrame uses the following third-party services:

Sentry — for crash and error reporting. If the extension encounters an unhandled error, a report containing the error message and stack trace may be sent to Sentry. This report does not contain any X post content or personally identifiable information. See sentry.io/privacy.
PostHog — for anonymous usage analytics. PostFrame sends anonymised events (such as "snapshot taken") to PostHog to help understand how the extension is used. No post content, usernames, or personally identifiable information is included in these events. See posthog.com/privacy.

Children's privacy

PostFrame is not directed at children under 13 and does not knowingly collect any information from children.

Changes to this policy

If this policy changes materially, the "Last updated" date above will be updated. Continued use of the extension after any changes constitutes acceptance of the updated policy.

Contact

Questions about this policy can be sent to snow.650@gmail.com.

PostFrame is an independent project and is not affiliated with X Corp., Twitter, or any related entities.