legal

PRIVACY
POLICY.

LAST UPDATED: APRIL 18, 2026

1. INTRODUCTION

SaveSync ("we", "our", or "us") is built on a simple principle: your bookmarks are yours alone. This Privacy Policy outlines how we collect, use, and safeguard your information when you use our website, application, browser extensions, and mobile apps (collectively, the "Service"). By using SaveSync, you consent to the data practices described in this policy. We adhere to global privacy standards, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. DATA WE COLLECT

We collect the absolute minimum amount of data required to provide our Service — nothing more:

■Account Information — When you authenticate via our secure provider (Supabase), we collect your email address to establish and secure your vault.
■Saved Content — We store the URLs, titles, descriptions, and associated metadata of the links you explicitly choose to save to your vault.
■Payment Information — If you subscribe to Pro or purchase a Lifetime plan, payment is processed entirely by Stripe. We never see or store your full card number.

3. WHAT WE DO NOT COLLECT

Unlike most services, SaveSync has zero tracking infrastructure. We want to be explicit about what we do not do:

■No Analytics — We do not use Google Analytics, Microsoft Clarity, Mixpanel, or any analytics platform. We have no usage tracking whatsoever.
■No Tracking Pixels — We do not embed tracking pixels in our emails or web pages.
■No Advertising IDs — We do not collect Apple IDFA, Google Advertising ID, or any device fingerprint.
■No Cookies for Tracking — We use only essential session cookies for authentication. No marketing cookies, no analytics cookies, no third-party cookies.
■No Browsing History — We never read, store, or transmit your browsing history.
■No Data Selling — We do not sell, rent, or share your personal data with data brokers, advertisers, or any third party.

This is not a marketing claim — it is an architectural decision. The tracking code does not exist in our codebase.

4. BROWSER EXTENSION PERMISSIONS

To function correctly, the SaveSync browser extension requires specific permissions. We are strictly bound by the developer agreements of the Chrome Web Store and Mozilla Add-ons store:

■Tabs Permission — The extension reads the URL and title of your currently active tab only when you click the Save button, use the right-click menu, or press the keyboard shortcut. We do not read your browsing history, do not track navigation, and do not store URLs from tabs you have not chosen to save.
■Scripting Permission — When you save a page from a supported platform (YouTube, Twitter/X, Reddit, Instagram, GitHub, LinkedIn, Pinterest, TikTok), the extension injects a small content script that extracts the page title, author, publish date, and thumbnail URL. Scripts run only after you click Save and the extracted metadata is sent only to your own SaveSync vault.
■Storage Permission — We store your SaveSync authentication token locally in your browser so you do not have to re-authenticate every time. We also store bulk import progress so imports can resume if your browser restarts.
■Context Menus Permission — Adds a "Save to SaveSync" entry to your right-click menu for quick saving.
■Alarms Permission — Used during bulk imports to process items with paced delays, required because Chrome Manifest V3 service workers can be suspended between steps.
■Host Permissions — The extension has access only to specific URLs on supported platforms so it can extract metadata when you save a page. The extension never reads pages outside these platforms and never sends page content anywhere except your own SaveSync vault.

5. AI & SEMANTIC SEARCH

SaveSync uses AI-powered semantic search to help you find your saved content. Here is how your data is handled: Your saved URLs, titles, and descriptions are processed to generate vector embeddings using Voyage AI. These embeddings are numerical representations used exclusively for your personal search functionality. Search summaries are generated using Groq. Your data is never used to train public AI models. You can export or delete all your data at any time from your account settings.

6. HOW WE USE YOUR DATA

Your data is used strictly for operational purposes:

■To synchronise your saved links across your authorised devices.
■To automatically generate rich metadata (titles, images, descriptions) for the links you save.
■To power AI-based semantic search within your personal vault.
■To process payments and manage your subscription status.
■To send transactional emails (magic links, account notifications). We do not send marketing emails.

We do not, and will never, sell your personal data or your saved links to third parties or data brokers.

7. THIRD-PARTY SERVICES

We use the following third-party services to operate SaveSync. Each receives only the minimum data required for its function:

■Supabase — Database hosting, authentication, and real-time sync. Stores your account and saved content.
■Stripe — Payment processing for Pro and Lifetime subscriptions. Receives only payment details, never your saved content.
■Voyage AI — Generates vector embeddings for semantic search. Receives titles and descriptions only, not full page content.
■Groq — Powers AI search summaries. Receives search queries and relevant bookmark metadata only.
■Resend — Transactional email delivery (magic links, account notifications). Receives only your email address.
■Render — Application hosting and deployment. Processes requests but does not store user data independently.
■Upstash — Rate limiting infrastructure. Processes anonymised request counts only, no personal data.

None of these services receive analytics data, browsing history, or tracking information — because we do not collect any.

8. YOUR RIGHTS (GDPR & CCPA)

Regardless of your location, we extend these rights to all users:

■Right to Access — You can view all data we hold about you directly in your vault and account settings.
■Right to Erasure — You may delete individual links, folders, or permanently delete your entire account and all associated data.
■Right to Data Portability — You can export your entire vault as JSON or CSV at any time from Settings.
■Right to Rectification — You can edit any saved content directly in your dashboard.
■Right to Object — You can opt out of AI processing by contacting support.

9. DATA SECURITY & RETENTION

Your data is transmitted securely via HTTPS and stored in encrypted, access-controlled databases hosted on Supabase infrastructure. Authentication uses industry-standard protocols with magic link and OAuth flows — we never store passwords. We retain your data only for as long as your account is active. Deleted items are held in trash for 30 days, then permanently purged. If you delete your account, all data is permanently and irreversibly removed from our servers within 30 days.

10. COOKIES

SaveSync uses only essential cookies required for authentication (session management). We do not use:

■Analytics cookies
■Marketing cookies
■Third-party tracking cookies
■Advertising cookies
■Social media tracking cookies

You do not need to accept a cookie banner on SaveSync because we have no optional cookies to consent to.

11. CHILDREN'S PRIVACY

SaveSync is not directed at children under the age of 13. We do not knowingly collect personal information from children. If we become aware that a child under 13 has provided us with personal data, we will take steps to delete it immediately.

12. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. CONTACT US

If you have any questions, concerns, or data requests regarding this Privacy Policy, please contact us at support@savesync.org.

YOUR DATA, YOUR RULES.

Export or delete your data anytime from your account settings.

GO TO SETTINGS

PRIVACYPOLICY.