How to Protect Your Privacy on X (Twitter)

X, formerly known as Twitter, remains one of the most widely used social platforms in the world. But its default settings are designed to maximize engagement and data collection, not to protect your privacy. Following an updated Terms of Service and Privacy Policy that took effect in January 2026, X expanded its data collection and sharing practices even further. If you have not reviewed your privacy settings recently, your account is almost certainly sharing more than you realize. Here is a comprehensive guide to locking down your X account and taking control of your personal data.

Why X Privacy Settings Matter More Than Ever

X's business model depends on advertising revenue, and advertising revenue depends on data. The more the platform knows about you — your interests, location, browsing habits, and social connections — the more precisely it can target ads and the more it can charge advertisers. The January 2026 policy changes gave X broader latitude to share user data with business partners and to use your content, including posts and interactions, for training its AI products.

This means that every default setting on X is calibrated to collect as much data as possible. Unless you actively change these settings, you are opting in to extensive tracking, data sharing, and profiling. The good news is that X provides a robust set of privacy controls. The bad news is that almost none of them are enabled by default.

Step 1: Control Who Sees Your Posts

By default, everything you post on X is public. Anyone on or off the platform can see your posts, and search engines can index them. If you want to limit your audience, the most effective step is to protect your posts.

• Go to Settings > Privacy and Safety > Audience and Tagging
• Enable Protect your posts so only approved followers can see what you share
• Review Photo tagging settings in the same section and set it to "Only people you follow" or "Off" to control who can tag you in images

Keep in mind that protecting your posts means your content will not appear in public search results, and people will need to send you a follow request before they can see your timeline. This is the single most impactful privacy setting on the platform.

Step 2: Disable Data Sharing with Business Partners

X shares data with third-party business partners for advertising, analytics, and other commercial purposes. You can significantly reduce this by adjusting several settings under Privacy and Safety.

• Go to Settings > Privacy and Safety > Data sharing and personalization
• Disable Data sharing with business partners to prevent X from sending your information to external companies
• Turn off Personalization based on your inferred identity — this reduces cross-device tracking by preventing X from linking your activity across different devices and browsers
• Disable Location-based personalization to stop X from using your precise or approximate location for ad targeting and content recommendations
• Turn off Allow additional information sharing with business partners to further limit how your data flows to third parties

Why This Matters

Even if you never post anything, X tracks how you interact with the platform — what you read, what you linger on, what you search for, and what links you click. These behavioral signals are packaged into advertising profiles and shared with business partners unless you explicitly opt out. Disabling these settings does not eliminate all data collection, but it substantially limits what leaves the platform.

Step 3: Limit Discoverability

By default, anyone who has your email address or phone number can find your X account. This is a significant privacy risk, especially if your email or phone number has appeared in a data breach.

• Go to Settings > Privacy and Safety > Discoverability and Contacts
• Turn off Let people who have your email address find you
• Turn off Let people who have your phone number find you

Disabling both of these settings ensures that your X account cannot be linked to your other online identities by anyone who has obtained your contact information — whether from a data broker, a leaked database, or a mutual contact's synced address book.

Step 4: Secure Your Account with Two-Factor Authentication

A strong password is a baseline, but two-factor authentication (2FA) is essential. X removed free SMS-based 2FA for non-premium users, so you should use an authenticator app instead. Authenticator apps such as Google Authenticator, Authy, or the TOTP feature in your password manager are more secure than SMS anyway, since they are not vulnerable to SIM-swapping attacks.

• Go to Settings > Security and Account Access > Security > Two-factor authentication
• Select Authentication app and follow the setup process
• Save your backup codes in a secure location in case you lose access to your authenticator

Step 5: Control Your Direct Messages

X allows anyone to send you direct messages by default if your DMs are set to open. This creates opportunities for spam, phishing, and social engineering attacks.

• Go to Settings > Privacy and Safety > Direct Messages
• Restrict incoming messages to People you follow or disable DM requests from unknown accounts
• Consider disabling Read receipts so others cannot see when you have read their messages

Step 6: Manage Your Post History

Even after you delete a post on X, it may continue to exist in screenshots, web archives, and cached search engine results. This means that anything you have ever posted could potentially resurface. To reduce your exposure:

1. Periodically review and delete old posts that contain personal information, location data, or opinions you no longer want publicly associated with your name
2. Use X's built-in tools or third-party services to bulk-delete old posts if you have a long history on the platform
3. Think before you post — assume that anything you publish is permanent, even if you delete it later

This is especially important given X's expanded data usage policies. Posts you made years ago are now potentially being used in ways that did not exist when you originally shared them.

Complete X Privacy Checklist

Here is a summary of every setting you should review. Work through this list from top to bottom and you will have locked down your X account in about 15 minutes.

1. Protect your posts (Settings > Privacy and Safety > Audience and Tagging)
2. Restrict photo tagging permissions
3. Disable data sharing with business partners
4. Turn off personalization based on inferred identity
5. Disable location-based personalization
6. Turn off additional information sharing with business partners
7. Opt out of Grok AI data training (Settings > Privacy and Safety > Grok)
8. Disable discoverability by email and phone number
9. Enable two-factor authentication with an authenticator app
10. Revoke unused third-party app access
11. Restrict direct message access
12. Review and delete old posts

How PrivacyOn Helps Beyond Platform Settings

Adjusting your X privacy settings is essential, but it only addresses data that flows through the platform going forward. Your personal information — name, phone number, email, address, and more — may already be listed on hundreds of data broker websites, scraped from past social media activity, public records, and data breaches.

PrivacyOn continuously monitors and removes your personal information from these data broker sites, closing the gap that platform privacy settings cannot reach. While you control what X collects and shares from this point on, PrivacyOn tackles the information that has already escaped into the broader data ecosystem. Together, tight X privacy settings and ongoing data removal through PrivacyOn provide a comprehensive defense against unwanted exposure and identity misuse.

Take 15 minutes today to work through the checklist above. Every setting you change reduces the amount of personal data being collected, shared, and sold without your meaningful consent. Your privacy is not X's priority — but it can be yours.