Privacy Policy

1. Introduction

Welcome to SortlyAI ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our bookmark management service.

SortlyAI is a bookmark management platform that helps you save, organize, and search your bookmarks using AI-powered features. This policy applies to our website, browser extension, and all related services.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name, and password (encrypted)
• Bookmark Data: URLs, titles, descriptions, tags, and metadata of bookmarks you save
• Payment Information: Processed securely through Stripe (we do not store credit card details)
• Profile Information: Optional profile details you choose to provide

2.2 Automatically Collected Information

• Usage Data: How you interact with our service, features used, and time spent
• Device Information: Browser type, operating system, IP address
• Cookies: Essential cookies for authentication and session management
• Analytics: Anonymized usage patterns to improve our service (only with your consent)

2.3 OAuth Information

If you sign in with Google or other OAuth providers, we receive basic profile information (email, name, profile picture) as permitted by the provider. We do not access your Google account data beyond what's necessary for authentication.

3. How We Use Your Information

• Provide Our Service: Store and manage your bookmarks, enable search and AI features
• Authentication: Verify your identity and maintain secure sessions
• AI Processing: Analyze bookmark content to generate tags, summaries, and search results
• Communication: Send important service updates, security alerts, and feature announcements
• Improvement: Analyze usage patterns to enhance features and user experience
• Billing: Process payments and manage subscriptions
• Security: Detect and prevent fraud, abuse, and security issues
• Legal Compliance: Comply with legal obligations and enforce our terms

4. Data Storage and Security

Your data is stored securely on our servers hosted with trusted cloud providers:

• Database: PostgreSQL hosted on Supabase (compliant with SOC 2 Type II)
• Application Servers: Railway (ISO 27001 certified infrastructure)
• Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Backups: Automated daily backups with 30-day retention
• Access Control: Strict access controls and authentication requirements

5. Data Sharing and Disclosure

We do not sell your personal data. We only share your information in the following circumstances:

5.1 Service Providers

• Supabase: Database and authentication services
• Railway: Application hosting
• Stripe: Payment processing
• Vercel: Frontend hosting
• Google Analytics: Usage analytics (only with your consent)

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

5.3 Business Transfers

If SortlyAI is acquired or merged with another company, your information may be transferred to the new owner.

6. Your Rights (GDPR & CCPA)

You have the following rights regarding your personal data:

• Access: Request a copy of all personal data we hold about you
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your account and all associated data
• Portability: Export your bookmarks in a machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to processing of your data for specific purposes
• Withdrawal: Withdraw consent for analytics and marketing at any time

To exercise these rights, contact us at privacy@sortlyai.appor use the account settings in your dashboard. We will respond within 30 days.

7. Cookies and Tracking

7.1 Essential Cookies

We use essential cookies required for authentication and session management. These cannot be disabled without affecting core functionality.

7.2 Analytics Cookies

With your consent, we use Google Analytics to understand how users interact with our service. You can opt out of analytics at any time in your account settings.

7.3 Browser Extension

Our browser extension only accesses the current page URL and title when you explicitly save a bookmark. We do not track your browsing history.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide our services:

• Active Accounts: Data retained while your account is active
• Deleted Accounts: Data permanently deleted within 30 days of account deletion
• Billing Records: Retained for 7 years to comply with tax and accounting regulations
• Logs: Server logs retained for 90 days for security purposes

9. Children's Privacy

SortlyAI is not intended for users under 13 years old. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately at privacy@sortlyai.app.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place through standard contractual clauses and compliance with GDPR requirements for international transfers.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or a prominent notice in the dashboard. Your continued use of SortlyAI after changes indicates acceptance of the updated policy.

12. Contact Us

If you have questions about this privacy policy or how we handle your data, please contact us:

13. Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer at dpo@sortlyai.app.