Bookmarker

Privacy

Privacy Policy

Last updated: 15 March 2026

1. Overview

This Privacy Policy explains how we collect, use, and protect your information when you use our application (“Service”).

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information we collect

We may collect the following categories of information:

2.1 Account information

  • Email address
  • Authentication-related information

Authentication, user management, and primary data storage are provided by Supabase. We store only the data needed to create and maintain your account and provide the Service.

2.2 Usage data and analytics

We may collect data about how you access and interact with the Service, such as:

  • IP address and approximate location (city/region level).
  • Browser type and version.
  • Device information.
  • Pages visited and actions performed within the app.
  • Timestamps and error logs.

We use PostHog for product analytics to understand how users interact with the Service. PostHog collects:

  • Page views and navigation patterns.
  • Feature usage and interactions (such as sign-ups, logins, and checkout events).
  • Device and browser information.

PostHog data is used solely to improve the Service and is not sold or shared for advertising purposes.

Our hosting provider Vercel may also collect logs and performance metrics as part of providing hosting and infrastructure.

2.3 Security and abuse prevention

We use Cloudflare Turnstile to protect our forms and services from automated abuse. Turnstile may process technical signals such as your IP address, browser details, and device characteristics to determine whether requests are legitimate.

2.4 Content you provide

When you use the Service, you may save:

  • Bookmarks and related metadata.
  • Collections and their structure.
  • Optional notes and other content.
  • AI Assistant chat conversations and message history.
  • Profile information, including avatar images.
  • Images uploaded to the Canvas feature.
  • Bookmark export files you upload for import (HTML, CSV, JSON, or TXT).
  • Artwork saved from third-party museum collections (such as the Metropolitan Museum and Rijksmuseum).
  • Images saved from external websites via the browser extension.

This data is stored in our database managed via Supabase and accessed through Drizzle ORM (our data-access layer). Drizzle itself does not permanently store your data; it is a tool we use to interact with the database.

Avatar images and other files may be stored in Supabase Storage or similar storage services.

Images uploaded to our Canvas feature are stored on Cloudflare Images for fast, global delivery. Cloudflare may process metadata associated with these images as part of their hosting service.

2.5 AI-powered features

We use third-party AI services to provide optional AI-powered features:

Google Gemini (via the Gemini API) is used for image analysis, automatic tag generation, bookmark summarization, and semantic search embeddings. When you use these features:

  • Images and bookmark text may be sent to Google's servers for analysis.
  • Webpage content may be fetched and analyzed to generate summaries and key insights for the preview panel.
  • Google may process and temporarily store data as part of providing the AI service.
  • Analysis results (such as generated titles, descriptions, summaries, tags, and color palettes) are stored in our database.

Anthropic (Claude) powers the AI Assistant's conversational interface. When you use the Assistant:

  • Your chat messages are sent to Anthropic's Claude API for processing.
  • Library metadata (bookmark titles, tags, collection names) is included for contextual responses.
  • Anthropic may process and temporarily store data as part of providing the AI service.

These providers' processing of your data is subject to their own privacy policies. We do not use AI features to train models on your personal data.

We also use Cloudinary for image upscaling features. When you use the upscale feature, your image is processed by Cloudinary's AI services and temporarily stored on their infrastructure.

2.6 Webpage content and article extraction

When you preview a bookmark, the Service may fetch and extract content from the bookmarked webpage to display a readable article view. This extraction happens on our servers using open-source tools and is used solely to present content within the Service. We do not redistribute or republish extracted content.

During bookmark import, the Service checks whether bookmarked URLs are still accessible. URLs that return permanent error responses (such as HTTP 404 or 410) may be automatically removed from your library.

2.7 Third-party content sources

The Service allows you to browse and save artwork from public museum collections, including the Metropolitan Museum of Art and Rijksmuseum. Artwork metadata and images from these sources are fetched from their public APIs and stored in our database for fast access. When you save an artwork, a copy of the image is stored on Cloudflare Images as part of your library.

2.8 Payment and billing information

Subscriptions and payments are processed by Stripe, our payment provider.

  • Stripe may collect your name, email address, payment method details, billing address, VAT or tax information, and transaction history.
  • We do not store your payment card details on our own servers.

Your payment data is handled according to Stripe’s own terms and privacy policy.

3. How we use your information

We use your information to:

  • Provide, maintain, and improve the Service.
  • Authenticate users and manage sessions.
  • Store your bookmarks, collections, and related data.
  • Process payments and manage subscriptions (through Stripe).
  • Monitor usage and performance to ensure stability.
  • Detect, prevent, and address technical or security issues.
  • Communicate with you about updates, changes, or support requests.

We do not sell your personal information.

4. Third-party providers

We rely on the following third-party providers:

  • Supabase – authentication, database, and storage. Your account data, bookmarks, collections, and media may be stored on Supabase-managed infrastructure.
  • Drizzle ORM – data-access layer. It facilitates secure access to the database but does not independently store long-term copies of your data.
  • Stripe – billing, payment processing, and tax handling. All subscription and payment workflows go through Stripe.
  • Vercel – hosting and infrastructure. Vercel may process your IP address, request logs, and basic usage data as part of serving the app.
  • Cloudflare Turnstile – bot and abuse prevention on forms. It may process technical signals (such as IP address, browser information, and device characteristics) to assess request legitimacy.
  • Cloudflare Images – image hosting and delivery for the Canvas feature. Images you upload are stored and served globally via Cloudflare's infrastructure.
  • Google Gemini – AI-powered image analysis, tag generation, and semantic search embeddings. Images and bookmark text are processed by Google's AI services.
  • Anthropic (Claude) – AI-powered conversational assistant. Your messages and library metadata are processed by Anthropic's Claude API.
  • Cloudinary – image processing and AI upscaling. When you use the upscale feature, images are processed by Cloudinary's infrastructure.
  • PostHog – product analytics. PostHog collects usage data to help us understand how the Service is used. Data is processed on PostHog's US-based infrastructure.
  • Metropolitan Museum of Art API – provides public artwork metadata and images for the art discovery feature.
  • Rijksmuseum API – provides public artwork metadata and images for the art discovery feature.

These providers process data under their own terms and privacy policies. We choose providers that are reputable and that take security and privacy seriously.

5. Legal bases for processing (if applicable)

If you are located in the European Economic Area (EEA), the United Kingdom, or a similar jurisdiction, we process your personal data on the following legal bases:

  • Contract – to provide the Service you request.
  • Legitimate interests – to operate, secure, and improve the Service.
  • Consent – where required for certain optional features or communications.
  • Legal obligations – to comply with tax, accounting, or other legal requirements.

6. Data retention

We retain your personal data for as long as necessary to:

  • Provide the Service and maintain your account.
  • Comply with legal obligations (for example, tax and accounting records via Stripe).
  • Resolve disputes and enforce agreements.

When you delete your account, we will:

  • Remove or anonymize your personal data from our primary systems within a reasonable time, subject to legal retention requirements.
  • Retain data where we are legally required to do so (e.g., invoices and payment records handled by Stripe).

Backups may retain some data for a limited period before being overwritten.

7. Data security

We take reasonable technical and organizational measures to protect your information, including:

  • Access controls and authentication.
  • Use of reputable infrastructure providers (Supabase, Vercel).
  • Use of Drizzle ORM as a structured data-access layer to interact with the database securely.

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

8. International data transfers

Our providers (Supabase, Drizzle ORM, Stripe, Vercel, Cloudflare, Google, Anthropic, Cloudinary, PostHog, and third-party museum APIs) may store and process data in multiple countries.

By using the Service, you acknowledge that your personal data may be transferred to and processed in jurisdictions outside your country, which may have different data protection laws.

We take reasonable steps to ensure that such transfers comply with applicable data protection requirements.

9. Your rights

Depending on your jurisdiction, you may have some or all of the following rights:

  • Access – to request a copy of the personal data we hold about you.
  • Correction – to request correction of inaccurate or incomplete data.
  • Deletion – to request deletion of your personal data, subject to legal retention requirements.
  • Restriction – to request that we limit certain uses of your data.
  • Portability – to receive your data in a structured, commonly used, and machine-readable format, where technically feasible.
  • Objection – to object to certain processing activities, including direct marketing (if any).

You can exercise some of these rights by:

  • Managing your account settings within the app.
  • Deleting your account.
  • Contacting us at support@1984.design.

We may need to verify your identity before responding to certain requests.

10. Cookies and similar technologies

We may use cookies or similar technologies to:

  • Keep you logged in.
  • Remember your preferences.
  • Measure performance and usage.

Third-party providers (Supabase, Vercel, Stripe) may also use cookies or similar technologies as part of their services.

You may adjust your browser settings to refuse cookies, but this may impact certain features of the Service.

11. Children’s privacy

The Service is not directed to children under 16, and we do not knowingly collect personal information from children under 16.

If you believe that a child under 16 has provided us with personal information, please contact us so we can take appropriate action.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

When we make changes, we will update the “Last updated” date at the top of this page. If the changes are significant, we will take reasonable steps to notify you (for example, through the app or by email).

Your continued use of the Service after the updated Privacy Policy becomes effective constitutes your acceptance of the changes.

13. Contact

If you have questions or requests related to this Privacy Policy, you can contact us at:

Email: support@1984.design
1984 Design & Development LLC

Start for free.
No credit card required.