Do I need to disclose Twitter/X Pixel in my privacy policy?

Yes. Twitter/X Pixel collects personal data including IP addresses and device information tied to user behavior on your website. You must disclose this tracking in your privacy policy and explain its purpose under GDPR, CCPA, and similar privacy laws. Failure to disclose third-party tracking exposes you to regulatory penalties and violates user consent requirements.

What specific data does Twitter/X Pixel collect?

Twitter/X Pixel collects page views, conversion events (such as purchases or sign-ups), IP addresses, and device information including browser type and operating system. This data is used to identify which X/Twitter ads led to user actions on your website. No additional personal identifiers are collected by the pixel itself unless you send them through custom events.

Does Twitter/X Pixel require a cookie consent banner?

No. Twitter/X Pixel does not use cookies to function. However, you must still obtain consent before deploying tracking pixels under GDPR and many state privacy laws, as the pixel itself qualifies as tracking technology that requires disclosure and opt-in or opt-out mechanisms depending on your jurisdiction.

Who processes Twitter/X Pixel data and where is it stored?

X Corp, a United States company, acts as the data processor. Data collected by the pixel is transferred to and processed by X Corp's servers in the United States. If your users are in the EU, you must include Standard Contractual Clauses (SCCs) in your Data Processing Agreement with X Corp to ensure lawful data transfer under GDPR.

Advertising

Privacy policy clauses for Twitter/X Pixel

Twitter/X Pixel is a tracking code that websites install to measure the effectiveness of X/Twitter advertising campaigns. It records user actions like page views and conversions, enabling advertisers to understand campaign performance and retarget users.

Scan my site free →Copy sample clause ↓

Free scan · No signup · Results in 60 seconds

What data Twitter/X Pixel collects

Your privacy policy must disclose each of the following data types when you use Twitter/X Pixel.

Page views

Conversion events

IP address

Device info

When does Twitter/X Pixel trigger privacy obligations?

Installation Triggers Immediate Obligations

The moment Twitter/X Pixel code is deployed to your site or app, it begins collecting page views, conversion events, IP addresses, and device identifiers and transmitting them to X Corp (US-based processor). This triggers:

GDPR (if you have EU visitors): Article 6 (lawful basis) and Article 13/14 (transparency) obligations activate immediately. You are a controller; X Corp is a processor. Pixel installation without explicit consent violates GDPR Article 5(1)(a) (lawfulness principle) and ePrivacy Directive Article 5(3) (cookie/tracking rules). You must obtain affirmative, informed consent *before* the pixel fires.

CCPA (California visitors): CCPA Section 1798.100 grants consumers the right to know what personal information is collected. The pixel collects IP addresses and device info classified as personal information. You must disclose this in your privacy policy and honor opt-out requests (Section 1798.120) via Do Not Sell/Share links.

Privacy policy clauses for Twitter/X Pixel

What data Twitter/X Pixel collects

When does Twitter/X Pixel trigger privacy obligations?

Installation Triggers Immediate Obligations

Where data goes

Common compliance pitfalls

Pitfall 1: No Consent for Pixel Installation

Pitfall 2: Incomplete Privacy Policy Disclosure

Pitfall 3: Missing or Stale Data Processing Agreement

Sample privacy policy clause

What regulators look for

DPA Audit Priorities

Frequently asked questions

Do I need to disclose Twitter/X Pixel in my privacy policy?

What specific data does Twitter/X Pixel collect?

Does Twitter/X Pixel require a cookie consent banner?

Who processes Twitter/X Pixel data and where is it stored?

Don't ship without Bandit.