Smart Bookmarks AI Privacy Policy

Last updated:

What This Policy Covers

This policy applies to the Smart Bookmarks AI Chrome extension only. It does not cover the bitbruk.com website, which has its own privacy policy.

Smart Bookmarks AI is developed and operated by Lidfeldt Lantbruk AB (BITBRUK), Flyinge, Sweden.

Your Bookmark Data

When you use any AI feature (sorting, searching, or reorganizing bookmarks), the extension reads your bookmark titles and URLs from Chrome. This data is sent to an AI service to generate folder suggestions. Only the data needed for the current request is sent -- the extension does not upload your entire bookmark library in the background.

URLs are truncated to 200 characters before being sent. Your bookmark data is used only to process your request and is not retained on our servers after the AI response is returned.

Managed AI tier (trial and Pro subscription): Your bookmark titles and truncated URLs are sent to our AI proxy service. The proxy forwards the request to an AI provider on your behalf and returns the result. The request is authenticated using a per-install HMAC secret.

BYOK tier (bring your own API key): Your bookmark titles and truncated URLs are sent directly from the extension to Google's Gemini API, using the API key you provided. No bookmark data is sent to Bitbruk servers when you use your own key.

License Verification

The extension contacts our licensing backend to check your subscription status. The only data the extension itself sends is your anonymous instance ID (a randomly generated UUID). The extension never processes credit card numbers, billing addresses, or payment data -- those go directly from your browser to Stripe's hosted checkout page.

Data stored server-side after you subscribe. Once you complete Stripe checkout, Stripe sends us a webhook containing your email address, Stripe customer ID, and subscription status. We store the following in our Firestore database, keyed by your anonymous instance ID: subscription status and plan, trial end date, billing period end, your email address (lowercased), Stripe customer and subscription IDs, and a daily AI-usage counter.

Your email address reaches our servers only via Stripe's webhook after a successful purchase. The extension itself never sends your email to us. You can request deletion of your record at any time (see "Your Rights" below).

What Is Stored Locally

All sensitive data stays in your browser's local extension storage (chrome.storage.local). It is never synced to Chrome's cloud sync unless noted.

  • Your BYOK Gemini API key, if you have provided one
  • A randomly generated UUID that identifies your install (no PII)
  • A per-install secret used to authenticate managed AI requests (no PII)
  • Cached subscription status, trial end date, and daily usage counts
  • Timestamps of last license check and last auto-sort run
  • BYOK daily usage counter (resets at local midnight)
  • Your chosen AI model preference

Small preferences (auto-sort enabled, model selection, subfolder depth) are stored in chrome.storage.sync so they follow you across devices.

Telemetry and Analytics

The extension does not include any telemetry, crash reporting, analytics, or tracking libraries. No usage events are sent to any analytics service.

Who We Share Data With

We share data with the following third parties only as needed to operate the extension:

Google LLC (Gemini AI): Bookmark titles and truncated URLs are processed by Google's Gemini AI models. BYOK users: data goes directly to Google's Gemini API. Managed users: data goes through our proxy, which forwards to an AI provider. Google's privacy policy applies.

Stripe, Inc. (subscription payments): The extension initiates a Stripe checkout by sending your anonymous instance ID to our backend. Stripe handles all payment data directly. The extension never processes credit card numbers, billing addresses, or other financial data. After checkout, Stripe sends us a webhook that includes your email address and subscription details so we can activate your license.

Google Cloud Platform (hosting): Our AI proxy, licensing backend, and Firestore database run on Google Cloud Platform (Cloud Run and Firestore) in the europe-north1 region (Finland).

Cloudflare, Inc. (CDN for bitbruk.com): The bitbruk.com website (including this privacy policy page) is served via Cloudflare. Cloudflare acts as a sub-processor for hosting and CDN delivery only; it does not see bookmark or subscription data.

We do not sell your data to third parties. We do not share bookmark content with any party other than the AI provider needed to process your request.

How Long Data Is Retained

Your device. Extension storage persists until you uninstall the extension or manually clear it from Chrome's extension settings.

Our AI proxy. Your bookmark data is never written to our proxy's logs or databases. The proxy forwards your request to the AI provider and returns the response; the request body is held only in memory for the duration of the call. Operational logs record only request metadata (HTTP method, path, status, latency, trace ID, AI model used) -- no bookmark titles, URLs, or prompt content. Operational logs are retained for 30 days under Google Cloud Logging's default retention policy.

Our licensing backend. License records in our Firestore database (subscription status, email address, Stripe IDs, trial dates, daily usage counter) are retained for as long as your account exists. We do not enforce an automated expiry on license records -- if you want yours deleted, email [email protected] and we will remove it. Operational logs from the licensing backend are retained for 30 days.

Orphaned-payment records. In the rare case that a payment completes but cannot be matched to an instance ID (for example, browser crash during checkout), we store a small record containing the Stripe session ID, amount, currency, and email address so that we can reconcile the payment manually. These records are retained until the payment is reconciled and then deleted.

Children

This extension is not directed at children under the age of 13. We do not knowingly collect data from children.

Your Rights (GDPR)

If you are located in the EU, EEA, or UK, you have rights under the General Data Protection Regulation (GDPR), including:

  • Access: request a copy of the data we hold about you
  • Correction: ask us to fix inaccurate data
  • Erasure: ask us to delete your data (right to be forgotten)
  • Restriction: ask us to limit how we process your data
  • Portability: receive your data in a machine-readable format
  • Objection: object to processing based on legitimate interests
  • Withdrawal of consent: where processing is based on consent, you can withdraw at any time

To exercise any of these rights, contact us at [email protected].

Supervisory authority: Integritetsskyddsmyndigheten (IMY), www.imy.se

Google API Limited Use

The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

Changes to This Policy

We may update this policy when the extension's data handling changes. The "Last updated" date at the top of this page reflects when changes were made. Continued use of the extension after changes are posted constitutes acceptance of the updated policy.

Contact

Lidfeldt Lantbruk AB (BITBRUK)
Flyinge, Sweden
[email protected]