Privacy policy — Bookmark Minder

Bookmark Minder is a subscription product. You pay a flat fee; we store your bookmarks. We have no advertising business, no data-brokering side deals, and no interest in profiling you. This policy explains exactly what we collect, why, and what we do not do.

What we collect

Account data

Your email address and the display name you choose. We use your email address to send magic-link sign-in emails and, if you subscribe, receipts from Stripe. Nothing else.

Bookmark data

The URLs, titles, notes, and tags you save — the whole point of the service. All bookmark data is end-to-end encrypted client-side before it leaves your device. The server stores only ciphertext; we have no ability to read your URLs, titles, or notes.

End-to-end encryption

Every bookmark is encrypted in your browser using XChaCha20-Poly1305 before upload. Your encryption key is derived from a vault passphrase you set at signup using Argon2id — it never leaves your device. Canonical URL deduplication is performed using an HMAC-SHA256 digest, so the server can detect duplicates without reading plaintext URLs.

Technical logs

Request logs (timestamp, path, HTTP status, latency) and structured error logs retained for 30 days. IP addresses are hashed (HMAC-SHA256) before storage — we cannot reverse them to identify you. User-agent strings are hashed the same way.

Session tokens

A session token stored in an HttpOnly, Secure cookie on app.bookmarkminder.com. Sessions expire after 30 days of inactivity.

What we do not collect

Advertising identifiers or tracking pixels
Behavioral profiles or interest graphs
Third-party cookies or cross-site tracking
The plaintext content of your bookmarks (all data is encrypted client-side)
Your device's precise location

How data is stored

All data is stored in Cloudflare's infrastructure (D1 database, R2 object storage, KV). Data is encrypted at rest and in transit. Your bookmark data is additionally protected by client-side E2EE — Cloudflare's infrastructure operators cannot read it. Cloudflare's data centres are globally distributed; the primary database region is configured to the nearest Cloudflare location at Worker startup.

Who can see your data

Only you. Because bookmarks are end-to-end encrypted, neither we nor Cloudflare can read them. The only parties with technical access to infrastructure are Cloudflare (infrastructure provider) and, for billing, Stripe. See our Subprocessors page for the complete list.

Retention

Your data is retained for as long as your account is active. If you delete your account, data enters a 90-day freeze period (read-only) and is then permanently deleted. If you request immediate deletion, data is purged within 24 hours. Backups are rotated on a 30-day cycle; your data will be fully gone within 30 days of the purge date.

Your rights

You may export all your data at any time (JSON format) from the Settings page. You may request account deletion at any time, with the 90-day freeze or immediately. If you are in the EEA, UK, or California, you also have the right to:

Access a copy of the personal data we hold about you
Correct inaccurate data
Object to or restrict processing
Data portability

To exercise any of these rights, email [email protected].

Cookies

We set one cookie: bm_session, an HttpOnly, Secure, SameSite=Lax session cookie on app.bookmarkminder.com. We do not set any tracking, analytics, or advertising cookies. No third-party cookies are set by our service.

Changes to this policy

If we make a material change to how we collect or use data, we will notify registered users by email at least 14 days before the change takes effect. The current version is always at this URL.

Contact

Questions about this policy: [email protected].