Privacy Policy

BKMRK ("we", "us", "our") operates bkmrkapp.com. This policy explains what data we collect and how we use it.

1. Data We Collect

• X (Twitter) account data: When you sign in via X OAuth, we receive your username, display name, profile image, and access tokens to fetch your bookmarks.
• GitHub account data (optional): If you connect GitHub, we receive your username, access token, and fetch repository README files, file trees, and metadata (language, description) to build project context for analysis.
• Email address: Collected during agent onboarding or if you provide it in settings. Used for account identification and support.
• Bookmark content: We fetch your X bookmarks (tweet text, author info, metrics, linked articles, thread content) to analyze them.
• Submitted URLs: Any URL you submit via the dashboard or agent API, including the full extracted content (article text, YouTube transcripts, GitHub READMEs).
• Project data: Project names, descriptions, tech stacks, focus areas, analysis personas, and scoring biases you provide.
• Billing data: Stripe handles all payment processing. We store your Stripe customer ID, subscription status, and billing period dates, but never your credit card details.
• Usage data: Card states (staged, done, trashed), sync history, agent usage logs (URLs submitted, queries run), and feature usage for rate-limiting and service operation.

2. How We Use Your Data

• Fetch and store your X bookmarks for analysis
• Extract full content from linked URLs, including article text, YouTube video transcripts, X Article bodies, and GitHub READMEs
• Analyze bookmarks and submitted URLs against your projects using Claude AI (Anthropic)
• Display personalized insights, scores, and implementation suggestions in your dashboard
• Enforce usage limits (bookmark caps, sync limits, submission quotas)
• Process subscription payments via Stripe
• Improve the service

3. Content Extraction

When you sync bookmarks or submit URLs, we extract full content for analysis:

• Articles and blog posts: Full article text extracted from linked web pages.
• YouTube videos: Full video transcripts (auto-generated or manual captions) are extracted for analysis. Transcripts can be substantial in length (up to 80,000+ characters for long videos). To reliably fetch transcripts, we route requests through a residential proxy service (Webshare). See Webshare's privacy policy.
• X Articles: Full article body text extracted via the X API.
• Threads: Full thread text reconstructed from all reply tweets, including URLs found in every tweet.
• GitHub repos: README content and repository metadata.

All extracted content is sent to Claude AI for analysis and stored in our database. Content is not shared with any parties beyond what's listed in Section 4.

4. Third-Party Services

• Anthropic (Claude AI): Bookmark content, extracted articles, transcripts, and project context are sent to Claude for analysis. See Anthropic's privacy policy.
• Stripe: Payment processing. See Stripe's privacy policy.
• Supabase: Database hosting (United States region). See Supabase's privacy policy.
• Vercel: Application hosting. See Vercel's privacy policy.
• Railway: Background worker hosting for content enrichment and analysis. See Railway's privacy policy.
• X (Twitter) API: Bookmark and tweet data fetching. See X's privacy policy.
• GitHub API: Repository data fetching (if connected). See GitHub's privacy statement.
• Webshare: Residential proxy service used to fetch YouTube transcripts. See Webshare's privacy policy.
• Cloudflare DNS: When URLs are submitted, we check domain safety using Cloudflare Family DNS (1.1.1.3), which filters malware and adult content. See Cloudflare's privacy policy.

5. Data Storage & Region

Your data is stored in the United States. Our database is hosted on Supabase (US region), our application runs on Vercel (US), and our background worker runs on Railway (US). All connections use HTTPS encryption.

6. Data Retention

Your data is retained as long as your account is active. You can permanently delete your account and all associated data at any time from Settings. Account deletion is immediate and cascades to all bookmarks, analysis results, projects, agent usage logs, and card states. Bookmark data and analysis results are also deleted when you remove them from your library and empty the trash.

7. Data Security

We use industry-standard security measures including encrypted connections (HTTPS), secure token storage (encrypted at rest via Supabase), and access controls. X and GitHub OAuth tokens are stored in our database with Supabase's infrastructure-level encryption. Submitted URLs are checked against Cloudflare Family DNS to block malware and inappropriate content, and against a private IP blocklist to prevent internal network access.

8. Your Rights

• Access your data via the dashboard and API
• Export your data (JSON or Markdown) from the dashboard
• Delete your account and all data permanently from Settings
• Disconnect your X or GitHub accounts at any time
• Cancel your subscription via the billing portal

9. Cookies

We use a single authentication cookie (sb-access-token) to keep you signed in. No tracking cookies or third-party analytics.

10. Changes

We may update this policy. Changes will be posted on this page with an updated date.

11. Contact

Questions? Email support@bkmrkapp.com.