Logo

BlockAI Connect — Privacy Policy

Last updated: May 23, 2026

BlockAI Connect is a Chrome extension published by BlockAI (operator of blockmm.ai). It exists to link a user's X (Twitter) account to their BlockAI subscription so BlockAI's server-side worker can perform the actions the user has explicitly subscribed to — currently just the follow / unfollow actions inside the “GeniusX Follow” product.

This page describes exactly what the extension does, what data it touches, where it sends it, and how long we keep it. If you have any questions, email support@blockmm.ai.

1. What the extension does

The extension has exactly one function: capture your X session credentials when you click the extension button and submit them to BlockAI alongside a one-time setup code you generated in the BlockAI Mini App on Telegram.

It does not:

  • Run continuously in the background
  • Inject scripts into any web page (no content scripts)
  • Read or modify any web page content
  • Track your browsing
  • Communicate with any service other than blockmm.ai
  • Capture or transmit your X password
  • Perform any action on X.com itself (no clicks, no follows from within the extension)

2. What data we access

When you explicitly click the extension button and submit a setup code, the extension reads two cookies belonging to x.com:

  • auth_token — your X session token, issued by X when you logged in
  • ct0 — X's CSRF token, paired with auth_token

We do not access any other cookies, any localStorage, any session data, or any history. The Chrome cookies permission is the only permission the extension requests.

3. How the data is transmitted

The two cookies are sent via a single HTTPS POST request to https://www.blockmm.ai/api/genius-follow/cookies/submit, along with the 8-character setup code you generated in the Mini App. The request is encrypted in transit using HTTPS/TLS. No other endpoints are contacted, and no analytics or telemetry is sent anywhere else.

4. How the data is stored and used

On receipt, BlockAI validates the cookies against X's own API to confirm they belong to your X account, then stores them in MongoDB Atlas, encrypted at rest. The cookies are used exclusively by BlockAI's server-side worker to perform the follow / unfollow actions inside the product you subscribed to.

We do not use the cookies to read your DMs, change your profile, post tweets, like, retweet, or perform any action you did not explicitly subscribe to. The worker's permitted scope is documented in the public BlockAI codebase.

5. How long the data is kept

Stored cookies are deleted automatically when any of the following happens, whichever comes first:

  • You log out of X (which invalidates the session cookies upstream — they become useless to us)
  • You disconnect your account from inside the BlockAI Mini App
  • Your subscription is cancelled or expires
  • 30 days after capture (X session cookies are typically short-lived; we ask you to reconnect after this window)

You can revoke our access at any time without contacting us: just log out of x.com on the device that issued the cookies. Your session ends, the stored cookies stop working immediately, and our worker auto-pauses your subscription within minutes.

6. Third parties

We do not share, sell, rent, or otherwise transfer your X session cookies to any third party. The cookies are used only by BlockAI's own infrastructure and the licensed X-API backend BlockAI uses to dispatch follow operations.

7. Your rights

You can request deletion of any stored data at any time by emailing support@blockmm.ai. We will delete all stored cookies and associated subscription data within 7 days of request.

8. Compliance with Chrome Web Store policies

This extension complies with Chrome Web Store's User Data Policy, including the Limited Use requirements. Specifically:

  • User data is only used to provide or improve the user-facing features of the BlockAI service
  • User data is not transferred to others except as necessary to provide the service, comply with applicable law, or as part of a merger / acquisition
  • User data is not used for any advertising
  • Human reading of user data is allowed only for security purposes, to comply with law, or with the user's explicit consent

9. Changes to this policy

If we materially change how we handle data, we will update this page and update the “Last updated” date at the top. If the change reduces user privacy in any way, we will also notify existing connected users via Telegram before the change takes effect.

10. Contact

BlockAI
support@blockmm.ai