Is Xenopic Safe?
Short answer: yes. Xenopic connects to X to do exactly one thing — keep your banner image (and, on paid plans, your profile picture and details) up to date. It never posts, likes, follows, replies, or sends DMs. This page explains precisely what we can and cannot touch, and how to undo anything at any time.
The one-line summary
Xenopic has read-only access to your X data, plus the single permission to update your banner image. That's it. We never post on your behalf.
What Xenopic can do
When you sign in with X, you authorize the app to:
- Read your public profile data (name, bio, follower counts, avatar, banner) so widgets can show real numbers.
- Update your banner image — the rendered canvas of your widgets, pushed on a schedule.
- On Pro and Premium plans only, optionally update your profile picture and profile details (name, bio, website URL, location) — and only for the fields you explicitly turn on.
Every write Xenopic makes is one of those profile-image or profile-field updates. There is no code path that creates a post, a like, a follow, or a message.
What Xenopic will never do
- ❌ Post tweets, threads, or replies
- ❌ Like, retweet, or bookmark
- ❌ Follow or unfollow accounts
- ❌ Read or send direct messages
- ❌ Change your password, email, or login settings
Your profile is backed up automatically
The first time you sign in, Xenopic captures a snapshot of your profile — your name, bio, website URL, location, avatar, and your current banner image. This happens in the background and is stored so you always have a clean original to return to.
You can also re-capture a fresh backup anytime from Settings → Profile Backup, and delete it whenever you like.
Why this matters
Before Xenopic ever changes your banner, there's already a saved copy of how things looked. Nothing is one-way.
One-click restore
From Settings → Profile Backup, the Restore dialog lets you put any saved fields back on X. You choose exactly what to restore with checkboxes:
| Field | Restorable |
|---|---|
| Display name | ✅ (off by default) |
| Bio / description | ✅ |
| Website URL | ✅ |
| Location | ✅ |
| Banner image | ✅ |
| Profile picture | ✅ (off by default) |
Pick the fields you want, hit Restore Selected, and Xenopic writes those values straight back to your X profile. You can also Compare your current profile against the backup to see what's changed before deciding.
You're always in control of access
- Revoke anytime from X. Go to your X settings under Settings → Security and account access → Apps and sessions → Connected apps, find Xenopic, and remove access. From that moment Xenopic can no longer touch your account, even though your saved backup stays available to you.
- Logging out clears your session. Xenopic stores your session in secure,
httpOnlycookies (access_tokenandrefresh_token) — meaning JavaScript on the page can't read them. Logging out deletes those cookies and revokes the refresh token on our side. - Turn off any update. Each segment — banner, profile picture, profile details — has its own on/off switch. Turn one off and Xenopic stops touching it entirely.
Tip
Want belt-and-suspenders peace of mind? Save a fresh backup before your first banner goes live, and you can revert to it in seconds.
Trust, by design
Xenopic only ever updates images and the few profile fields you opt into. Coins are build capacity included with your plan, not cash, and any sponsorship earnings are billed by verified display time, not clicks — none of which requires extra access to your account. The permissions stay minimal on purpose.
Next steps
- Getting Started — connect X and build your first banner
- Account & Data — what we store and how to remove it
- Plans & Billing — what each plan unlocks