Privacy Policy
Last updated: June 30, 2026
What we collect
- Your email address — used to sign you in (magic links) and for service messages.
- Your X bookmarks — the posts you've saved, fetched with your permission via X's official API after you click "Connect X." We never see your X password.
- X access tokens — stored encrypted (AWS KMS) and bound to your account; used only to fetch your bookmarks.
- Usage records — which AI operations your account ran and their cost, used for the free-tier limits and credit accounting.
- Payment data — handled entirely by Stripe. We store only your Stripe customer id and purchase state, never card numbers.
How we use it
Solely to operate the service: importing, indexing, and AI-organizing your bookmarks and answering your questions about them. We do not sell your data, share it with other users, or use it for advertising. AI processing runs on Amazon Bedrock; we send only the minimum content needed for each operation (e.g. the posts being labeled or the question being answered).
Where it lives
Data is stored with our infrastructure providers — AWS (hosting, encryption, email) and Neon (database), in US regions — protected by per-account isolation enforced at the database layer and encryption for sensitive tokens. Transport is HTTPS everywhere.
Cookies
One session cookie, used to keep you signed in. No tracking or advertising cookies.
Your rights
Email support@x-bookmarks.ai to request an export of your data or deletion of your account and everything in it — we'll complete either within 30 days. Disconnecting X (or revoking the app in your X settings) stops all further bookmark access immediately.
Changes
Material changes to this policy will be reflected in the date above.