favorites.cloud

Privacy Policy

Last updated: May 28, 2026

This policy explains what data favorites.cloud collects, why, who we share it with, and what you can do to control or delete it. It applies to favorites.cloud and the favorites.cloud browser extension.

Short version: we save what you tell us to save. We never read it, sell it, or use it to train anything. You can delete everything any time.

What we collect

Things you save

When you use the extension, we store the content you choose to capture: text selections, page titles, source URLs, reader-view copies of saved pages (extracted article text and inline images — not full-fidelity snapshots), and screenshots. These belong to you. We store them in our database (Supabase Postgres) and object storage (Supabase Storage), both encrypted at rest.

Alongside each saved page the extension fetches the page's declared favicon (typically /favicon.ico or the URL named in the page's <link rel="icon">) so the web app can show a visual identifier in your note list. The favicon URL lives on the page's own host — we touch only that public endpoint and only once per domain you save from.

Account & authentication data

When you sign up we store your email address (used to sign in) and, if you sign in with Google or Apple, the OAuth identifier returned by those providers. We do not collect your name, phone number, or any demographic information.

Sign-in is passwordless. To sign in you receive a one-time 8-digit code by email, which the extension or web app exchanges for a short-lived session token. The 8-digit code expires within minutes of being issued and is never stored after the exchange. The resulting session token lives only on your device — in a first-party HttpOnly cookie in the web app, and in chrome.storage.local in the extension. We do not store or transmit your password (there is none).

Subscription data

If you start a trial or subscribe, our payment processor (Lemon Squeezy) collects and stores your card details and billing address. We never see or store full card numbers — we only receive a subscription identifier and the last four digits of your card from Lemon Squeezy's webhooks. Card information is governed by Lemon Squeezy's own privacy policy.

Email deliverability data

Transactional emails (sign-in code, Day-11 trial-ending reminder, storage-usage warnings, account-deletion confirmations) are sent through Amazon Simple Email Service (SES). To stay deliverable we react to delivery feedback received via Amazon SNS:

  • If your mail server returns a hard bounce, we mark the address as undeliverable and stop sending you product email. App access is unaffected.
  • If you mark a message as spam, we record the complaint and stop sending you product email.
  • Every non-essential product email includes a one-click List-Unsubscribe header — using it stops product email immediately.

Bounce, complaint, and unsubscribe markers are stored on your user row so the same address is never re-emailed accidentally. You can ask us to clear a marker by emailing support.

Operational data

To keep the service running we log:

  • IP addresses, for rate-limiting and abuse prevention (kept up to 30 days in Upstash Redis, then purged).
  • Error reports — stack traces and request metadata sent to Sentry when something crashes. Before sending, a client-side scrubber strips authentication tokens, email addresses, captured page content (text / HTML / screenshot), URL query strings, and page titles. The scrubber covers all event fields including contexts.
  • Standard server access logs (route, status code, timestamp) retained briefly for debugging.

Bug reports & diagnostics (extension only)

The extension lets you send a bug report from two places: a "Report a bug" button on the Options page, and an action button on every "capture failed" notification toast. Submitting a report sends:

  • The free-text description you typed in the form.
  • An email address, only if you typed one (optional, anonymous reports are allowed).
  • A diagnostics snapshot: extension version, an installation-stable device identifier (random UUID, not tied to your account email), signed-in state, current subscription plan name, the last 20 capture attempts (each with origin+path of the URL after the query string is stripped; page titles dropped wholesale), the most recent failure summary, and the URL of the page you were viewing when you submitted (again query- stripped).

Reports are routed to our Sentry inbox (United States region). Rate-limited to 5 reports per browser-session-hour client-side. Bug reports are opt-in— they only fire when you click the form's submit button. They are distinct from auto-captured exceptions described above.

What we do not do

  • We do not read or analyze the content you save. No keyword indexing for ads, no training of language models, no human review.
  • We do not sell or share your saved content with anyone.
  • We do not use third-party analytics scripts on the marketing site.
  • We do not show advertising and have no plans to. Our revenue comes entirely from subscriptions.
  • We do not use your data for creditworthiness scoring, lending, or any purpose unrelated to providing the service.

Who we share data with

We use a small set of service providers (sub-processors under GDPR Article 28) to run the service. Each one only sees the data necessary for their function — none are permitted to use the data for their own purposes:

  • Supabase (United States) — database and file storage. Receives your email, auth identifiers, saved content, and uploaded snapshots.
  • Upstash (United States) — Redis cache used for rate-limiting and idempotency keys. Receives IP addresses and request hashes; no account or capture data.
  • Lemon Squeezy (United States) — payment processing. They are the merchant of record and handle your card and billing address.
  • Vercel (United States) — application hosting and standard request logs.
  • Amazon Web Services (United States — region us-east-1) — Simple Email Service (SES) for sending transactional email and Simple Notification Service (SNS) for delivering bounce / complaint / unsubscribe feedback to our webhook. SES receives the destination email address and the rendered message body for each email sent.
  • Sentry(United States) — receives two distinct event types: (a) auto-captured exceptions when something crashes server-side or in the extension, and (b) user-submitted bug reports from the extension (see "Bug reports & diagnostics" above). A client-side scrubber strips authentication tokens, email addresses, captured page text / HTML / screenshots, URL query strings, and page titles before any event leaves the browser. We do not send your saved notes or article content to Sentry.

We do not sell data, and we do not share data with any party other than for the purposes above or as required by law.

Most of our service providers are located in the United States. If you are in the European Economic Area or the United Kingdom, this means your data is transferred outside your jurisdiction. We rely on the EU–U.S. Data Privacy Framework and Standard Contractual Clauses, where applicable, as the legal basis for these transfers.

Your rights

Under GDPR, UK GDPR, and similar laws you have the right to:

  • Access— request a copy of the data we hold on you. Email support and we'll deliver an export within 30 days.
  • Rectify — correct anything inaccurate. Locale and other editable settings are in /settings/account; for anything else, email support.
  • Erase — delete your account from /settings/account. See "Data retention and deletion" below for the timeline.
  • Restrict or object — write to support to limit specific processing or object to it.
  • Portability — your saves can be exported on request (email support). The export includes the original captured text, source URL, tags, timestamps, and references to any stored screenshot or page archive.
  • Withdraw consent — for product email, click any List-Unsubscribe link in a message we sent, or write to support. To withdraw all consent, delete your account.
  • Complain to a supervisory authority — EU/EEA residents may lodge a complaint with their national data-protection authority; UK residents with the ICO.

Data retention and deletion

Your saved content remains available for as long as your account is active. You can delete any individual capture from inside the app at any time.

To delete your entire account, open /settings/account and click Delete my account. The account enters a 30-day grace period during which you can cancel the deletion. After 30 days every row, file, and reference is permanently removed from our systems. Backups roll off within 60 days of that.

Cookies and local storage

The web app uses a single first-party cookie to keep you signed in (Supabase session cookie, HttpOnly and Secure). No marketing or tracking cookies are set by favorites.cloud.

The browser extension uses Chrome's extension-private storage:chrome.storage.local for the session token and the offline-retry queue, chrome.storage.sync for cross-device preferences (keyboard shortcuts, per-site blacklist), and chrome.storage.session for short-lived CSRF nonces. Nothing else.

Children

favorites.cloud is not directed at children under 13 and we do not knowingly collect information from them. If you believe a child has signed up, contact us and we will delete the account.

Changes to this policy

We may update this policy. Material changes will be announced via email at least 14 days before they take effect. The "Last updated" date at the top reflects the most recent revision.

Contact

Email support@favorites.cloud for questions, deletion requests, data export, or to clear an email suppression marker.