kbecks06

Maybe I'm misunderstanding this, but are you saying you pull all of a user's direct messages to put them on your site? If not you need have a chat with your developers because that isn't correct, if you are then you probably shouldn't do that. Either way you certainly don't need write access.

On Twitter's API you have to specifically request Direct Message access and write access. This is what your app permissions page looks like, I took this screenshot about 5 minutes ago. If you asked me for this I would close the tab and never look back. Either (a) I'm wrong, (b) you're wrong, (c) your devs are wrong, (d) you don't know what you're doing. None of these seem great given how you're marketing your service.

Link to Twitter's API docs that explain the direct message permission.

Also from your security page

We here at Quipist take your privacy very seriously. Starting off we will have ssh (encryption for connecting to Quipist)

Either your users are really jumping through hoops to connect to your service or this is a typo (SSL)?

If you've been working on this for 4 years and you're trying to sell yourselves on being privacy focussed you should really pay closer attention to what you're doing. Now I'm already left with the impression that this is sort of sketchy at best.

Edit:

I'm pretty sure what you're doing is also against the Twitter API Terms of Use so you'll probably have your access revoked at some point.

G. Avoid Replicating the Core Twitter Experience

Do not do the following: [...] Use Twitter Content or other data collected from users to create or maintain a separate status update or social network database or service.

Seems quite explicit.

"We want users to have control of their content!"

Immediately violates a user's right to control their content and breaks agreements with vendors, all during the signup process

You should probably fix this instead of asking people to just trust you, why should we? Especially given the way you're marketing this, you've already lost my trust here.