Privacy Policy

Last updated: January 2026

1. Data Controller

BookmarCat Paul Wellner Bou Gartenstr. 16 65779 Kelkheim Germany Email: info@bookmarcat.app

2. Data We Collect

2.1 Account Information

When you create an account, we collect:

  • Username: Your chosen username for login
  • Email address: For account verification and communication
  • Name: How you want to be addressed
  • Password: Stored as a cryptographic hash (we never store plain text passwords)

2.2 Bookmark Data

When you use our service, we store:

  • URLs of bookmarked websites
  • Titles and descriptions (provided by you or automatically fetched from websites)
  • Categories and collections you create
  • Keywords and metadata
  • Custom properties and notes

2.3 Technical Data

We automatically collect minimal technical data:

  • Authentication tokens (stored in browser localStorage and cookies)
  • Access timestamps for security purposes

We do NOT collect:

  • Analytics or tracking data
  • IP addresses (except temporarily for server security)
  • Browser fingerprints
  • Third-party cookies

3. Legal Basis for Processing

We process your data based on:

  • Contract performance (GDPR Art. 6(1)(b)): To provide the bookmark management service you signed up for
  • Legitimate interests (GDPR Art. 6(1)(f)): To improve service quality and security
  • Consent (GDPR Art. 6(1)(a)): For optional features like AI-powered categorization

4. How We Use Your Data

  • To provide and maintain the bookmark management service
  • To authenticate you and secure your account
  • To send important service notifications (e.g., password resets, account verification)
  • To automatically fetch metadata from bookmarked websites (titles, descriptions, images)
  • Optionally: AI-powered bookmark categorization (if enabled by you)

5. AI Processing

If you use the AI-powered categorization feature, bookmark metadata (title, description, keywords) is sent to OpenAI's API for analysis. This processing:

  • Is optional and only happens when you explicitly request it
  • Is governed by OpenAI's data processing agreement
  • Does not involve training on your data (per OpenAI's API terms)
  • Can be avoided by not using AI categorization features

6. Data Storage

Your data is stored securely in our database. We retain your data:

  • Account data: Until you delete your account
  • Bookmark data: Until you delete individual bookmarks or your account
  • Authentication tokens: Until expiration (typically 24 hours for access tokens)

When you delete your account, all associated data is permanently deleted from our systems.

7. Cookies

We use only essential cookies necessary for the service to function:

  • Authentication cookies: To keep you logged in (stored in localStorage)
  • Session cookies: For security and session management
  • Preference cookies: To remember your settings (e.g., dark mode)

We do NOT use analytics, advertising, or tracking cookies. All cookies are technically necessary for the service to work.

8. Data Security

We implement appropriate security measures:

  • Passwords are hashed using industry-standard algorithms
  • HTTPS encryption for all data transmission
  • Secure authentication with JWT tokens
  • Regular security updates and monitoring
  • Access controls to prevent unauthorized access

9. Your Rights

Under GDPR, you have the following rights:

  • Right of access (Art. 15): Request a copy of your personal data
  • Right to rectification (Art. 16): Correct inaccurate data (via profile settings)
  • Right to erasure (Art. 17): Request deletion of your account and all data
  • Right to data portability (Art. 20): Export your bookmarks in JSON format
  • Right to object (Art. 21): Object to data processing based on legitimate interests
  • Right to withdraw consent (Art. 7(3)): Withdraw consent for optional features at any time

To exercise these rights, contact us at: info@bookmarcat.app

You also have the right to lodge a complaint with your local data protection authority.

10. Third-Party Services

We use the following third-party services:

  • OpenAI API (optional, only if you use AI categorization): See section 5
  • Website metadata fetching: When adding bookmarks, we fetch public metadata (title, description, ...) directly from the target websites

We do NOT share your data with advertisers, analytics providers, or other third parties for marketing purposes.

11. International Data Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). If AI categorization is used, data may be processed by OpenAI (USA) under appropriate safeguards (Standard Contractual Clauses).

12. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us immediately.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or through the service. Continued use after changes constitutes acceptance.

14. Contact

For privacy-related questions or to exercise your rights, contact:
Email: info@bookmarcat.app