Skip to main content
API Preview
Developers

X

Pairing X lets ~Alter recognise the shape of your social graph and the kinds of conversations you take part in: who you reach for, what surfaces you contribute to. The content of your posts stays on X; only the structure is read.

What pairing does not authorise

Pairing this connector is a read commitment, not delegation. Specifically, ~Alter cannot use this pairing to:

  • Post, repost, quote, reply, or like anything on your behalf.
  • Send direct messages or read existing DM threads.
  • Follow, unfollow, block, or mute any account.
  • Change your profile, header, bio, or any account setting.
  • Read posts you have not made publicly visible, or anything from a private account you do not follow.
  • Share your social-graph data with any third party without a separate consent row scoped to that recipient.

The OAuth or attestation scope we request is the minimum required to recognise the pattern described in What we read. Anything beyond that is structurally refused at the connector boundary, not promised by trust. How pairing works.

What we read

  • Public profile fields the OAuth scope exposes: ~handle, display name, account creation date, public bio.
  • Public follower / following counts: magnitudes, not lists.
  • Public posting cadence aggregated to weekly buckets: when you contribute, not the prose.
  • A coarse interest-cluster derived from the public communities you visibly take part in.

What we don't read

~Alter explicitly refuses these fields even when the OAuth scope or API permits them. Every refusal is enforced at the connector boundary, not by trust.

  • Direct messages of any kind, sent or received.
  • Post bodies, replies, or quote-text. Only timing and presence are read.
  • Per-account follow / follower lists (only the counts).
  • Private list memberships, muted accounts, or blocked accounts.
  • Email address or phone number, even when the OAuth scope exposes them.

Where it lives

Evidence is stored in ~alter's pairing ledger keyed to your ~handle, encrypted at rest, with a tier badge (T1 OAuth-attested or T2 ownership-confirmed). The OAuth token is encrypted at rest, never exposed to any other surface, and cleared the moment you revoke. Summary patterns feed your identity vector only after a separate consent row is granted.

How to revoke

Revocation is immediate. Ask the AI client you paired through to revoke this connector, or revoke it from your consent surface over the same connection. Either path revokes the provider token, stops all further reads, and purges the derived signals this connector fed into your identity vector. An audit row records the revocation.

One thing is kept on purpose. The connector retains a record that this account was paired and when it was disconnected, so the same account cannot be unpaired and re-paired in quick succession to churn your identity vector. That cooldown record holds the raw profile snapshot until the window passes. It is never read into a new signal while disconnected, and it is not shared with anyone.

Prefer the command line? The CLI is the optional deeper path and revokes the same connector:

CLI (optional)

alter pair revoke x

Pairing this connector does not enrol you in any matching, ranking, or matching surface. Every downstream use requires its own consent row. See the consent model.