Security Approach

1. Posts go through X's official API

tweetloom doesn't log into your account with your password, doesn't mimic a browser, and doesn't use unofficial automation. You authorize your X account via OAuth; all posts go through X's official API with the permission you grant — the same path Hootsuite, Buffer, and TweetDeck have used for years.

You can revoke the authorization at any time from X settings or within tweetloom. You can also use it without ever connecting your X account: it copies the drafts, and you post them yourself.

2. Autonomous mode opens up gradually (trust ramp)

When you hire loom, it doesn't start posting automatically. There are three modes: manual (it won't generate unless you ask), approval (every draft comes to you first), and autonomous. Even if you turn on autonomous mode, it doesn't kick in immediately on a new account:

• Up to the first 10 approved drafts, loom behaves like 'approval' mode — it needs to get to know you first.
• Autonomous posting only happens for drafts that score 75+ on algorithm fit; anything below goes to your approval.
• Quote drafts ALWAYS go to approval — they're never posted autonomously.
• The authority level is gradual: first only tweets, then threads and replies as trust grows.

3. Dual safety gate

Every piece of content to be posted autonomously passes through two separate checks:

• Rule gate: sensitive topics (politics, death/disaster, health claims, financial advice) and unverified-claim patterns are caught.
• Model gate: content that passes the rules is asked of a separate AI check before posting, with the question 'is this fit to publish unsupervised?'

Content that trips either gate is NOT posted automatically — it goes to the approval queue, and you make the call. The same happens if the safety check itself is unreachable: the system runs on the principle 'if unsure, don't post' (fail-closed).

4. The brake is always yours

• Pause: with one click, pause for 1 hour or until the end of the day — scanning, generation, and autonomous posting stop; posts loom scheduled in advance are also held until the pause ends. The ones you scheduled manually are unaffected.
• Stop: you can turn loom off entirely; your data and what it learned stop, but aren't deleted.
• Posting hours: loom only posts within the time range you choose.
• Daily draft limit and daily credit budget: you cap the generation volume, and loom can't exceed it.

5. No black box: the decision log

For every draft, the panel shows step by step which source it started from, what it remembered from its memory, which score it gave and why, whether it tripped the safety gate, and how it made the posting decision. If you connect Telegram, drafts land in your pocket with their content — nothing happens without your knowledge.

6. Your data

Your styles, drafts, and learned preferences are tied only to your account; they're protected by row-level access control (RLS) and are NOT used to generate content for other users. Apart from anonymous, structural statistics (e.g. 'short opening sentences get approved more'), none of your content is shared.

You can delete your account yourself from settings — your content data is fully erased. For details, see the privacy policy: tweetloom.com/en/gizlilik