Overview
bookmarks.md (“we”, “us”, “our”) is a tool that syncs your X (Twitter) bookmarks and delivers them to you as email digests. This policy explains what data we collect, why we collect it, and how we handle it. We keep things simple: your data is used only to provide the service, never sold, and you can delete your account at any time.
Data we collect
Account information
When you sign in with X, we receive your X user ID, display name, username, and profile picture URL via OAuth. We store the minimum necessary to identify your account and display it in the dashboard.
OAuth tokens
We store your X OAuth access and refresh tokens so the app can fetch your bookmarks on your behalf. These tokens are stored securely in our database and are never shared with third parties.
Bookmark data
When you trigger a sync, we retrieve your X bookmarks through the X API and store the tweet text, author name, author username, profile image URL, tweet URL, and timestamps. This data belongs to you and is used solely to power your bookmark library and digest emails.
Email address
If you provide an email address in your settings, we use it to send your digest emails. We do not use it for marketing.
API tokens
If you generate API tokens, we store a hashed version along with a label and last-used timestamp. Raw tokens are shown only once at creation and are not recoverable.
Usage data
We do not run analytics or tracking scripts. Standard server logs (request paths, timestamps, error codes) may be retained by our hosting provider for operational purposes.
How we use your data
- To authenticate you and maintain your session
- To sync your X bookmarks when you request it
- To send digest emails at your chosen frequency
- To provide the API and bookmark search features
- To operate and improve the service
We do not use your data for advertising, profiling, or any purpose unrelated to providing bookmarks.md.
Third-party processors
We rely on a small number of trusted third-party services to operate bookmarks.md. Each processor handles your data only as needed to provide their service:
| Processor | Purpose |
|---|---|
| Vercel | Application hosting and serverless infrastructure |
| Turso | Database hosting (stores your bookmarks and account data) |
| Resend | Transactional email delivery (digest emails) |
| X (Twitter) | OAuth authentication and bookmark data source via their API |
We do not sell your data to any third party.
Data retention and deletion
Your bookmark data and account information are retained for as long as your account is active. If you stop using the service, your data remains in the database until you request deletion. To delete your account and all associated data, contact us at the address below and we will process the request promptly.
Security
We take reasonable technical measures to protect your data, including encrypted connections (HTTPS), access controls on our database, and hashed storage of API tokens. No method of transmission or storage is completely secure, but we work to keep your data safe.
Children
bookmarks.md is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us so we can remove it.
Changes to this policy
We may update this policy from time to time. When we do, we will update the effective date above. Continued use of the service after changes constitutes acceptance of the updated policy.
Contact
Questions about this policy? Reach out on X: @jaipandya.