Privacy Policy
Last updated June 2026
Marksave ("we", "us") helps you import, organize, search, and share your own X (Twitter) bookmarks. This policy explains what we collect, why, and the control you have. We collect as little as possible and never sell your data.
What we collect
- Your X account, when you connect it: your X user ID, username, display name, and avatar, plus a read-onlyaccess token. We never receive your X password, and the access can only read, it can't post, follow, or message on your behalf.
- Your bookmarks: the tweets you bookmark, brought in by our optional browser extension, their text, media links, author, and basic metadata. The extension reads only your own bookmarks, from your own logged-in X session, and sends them to your Marksave library over HTTPS. It accesses no other browsing data and does no tracking.
- Profile you choose to add:e.g. your role and what you're building, used to tailor how saves are organized and answered.
- Account & technical data: the minimum needed to run the service (e.g. a signed session cookie, basic logs). If you ever sign up with email, your email and a hashed password.
How we use it
- To build and run your library: import, auto-categorize, search, resurface, and share your saves.
- AI processing:bookmark text and your questions may be sent to our AI provider (Anthropic, "Claude") to categorize saves and answer questions about your library. This is used to provide the feature, not to train models on your data.
- To secure the service, prevent abuse, and provide support.
Sharing & sub-processors
We don't sell your data or use it for advertising. We rely on a small set of providers to operate:
- Anthropic (AI categorization & answers)
- Supabase (database) and Railway (hosting)
- Stripe (payments, only if you upgrade)
- Resend (transactional email, if email features are enabled)
Collections you choose to share become accessible to anyone with the private link, read-only, until you revoke it. We may disclose data if required by law.
Storage & security
Data is transmitted over HTTPS and stored on managed infrastructure. X access tokens are encrypted at rest (AES-256-GCM). We keep your data until you delete it; demo accounts are removed automatically.
Cookies
We use only strictly-necessary cookies (a signed sign-in session). We do not use tracking, analytics, or advertising cookies.
Your choices & rights
- Export everything as JSON at any time.
- Delete your account, all saves, and any X tokens in one click, this cannot be undone.
- Disconnect X at any time.
Children
Marksave isn't directed to anyone under 16, and we don't knowingly collect their data.
Changes
We may update this policy and will revise the date above. Continued use means you accept the changes.
Contact
Questions or requests: hello@marksave.app.