Privacy Policy

Last updated: April 2026

Zero-Knowledge Architecture

MyBookmark is built on a strict zero-knowledge principle. All encryption and decryption happens entirely within your browser on your device. Your master password never leaves your device under any circumstances. We are technically incapable of accessing, reading, or recovering your stored vault data — by design.

What Data We Collect

We collect and store only the minimum data necessary to provide the service:

Your email address — used for account authentication only
Encrypted data blobs — completely unreadable without your master password
Basic session tokens — required for authentication, cleared on logout

We do not collect your name, phone number, IP address logs, device fingerprints, or any behavioral tracking data beyond basic anonymous analytics.

What We Cannot Access

Due to our zero-knowledge encryption architecture, we are technically unable to read your stored passwords, notes, or bookmarks. Your master password is never transmitted to our servers. Your encryption key exists only in your browser's memory during an active session and is never persisted anywhere on our infrastructure.

Analytics

We use Google Analytics to understand general, anonymous usage patterns such as page views and session counts. This data contains no information about your vault contents or any personal data. Google Analytics data is governed by Google's privacy policy. If you wish to opt out, you may use the Google Analytics Opt-out Browser Add-on.

Third-Party Services

We use Supabase for authentication infrastructure and encrypted data storage. Supabase operates as a data processor on our behalf. They handle authentication tokens and store the encrypted blobs we send them — but have no ability to decrypt or read vault contents. Their privacy policy applies at the infrastructure level.

Cookies

We use only the minimal session cookies required for authentication. These cookies are strictly necessary for the service to function. We do not use advertising cookies, tracking pixels, or any third-party marketing cookies.

Data Retention

Your account data is retained for as long as your account is active. If you request account deletion by contacting us, all associated data including encrypted blobs will be permanently deleted from our systems within 30 days.

Children's Privacy

MyBookmark is not directed at children under 13 years of age and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be reflected in the "Last updated" date at the top of this page. Continued use of MyBookmark after changes constitutes acceptance of the revised policy.

Contact

For privacy-related questions or data deletion requests, contact us via our contact page.