Privacy Policy

1. Introduction

Markbridge ("we," "us," or "our") operates the Markbridge service, which syncs X (formerly Twitter) bookmarks to Notion workspaces. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our Service. By using Markbridge, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Account Information

When you create an account via OAuth authentication through X (Twitter) or Google, we collect:

• Your name and display name
• Your email address
• Your profile picture URL
• Your X (Twitter) user ID and username
• OAuth access tokens and refresh tokens

2.2 X (Twitter) Bookmark Data

To provide the Service, we access and temporarily process your X bookmarks, including:

• Bookmark content (tweet text, author, timestamp)
• Associated media (images, links)
• Thread content when applicable
• Bookmark metadata (creation date, tweet ID)

2.3 Notion Workspace Data

When you connect your Notion workspace, we collect:

• Your Notion workspace ID
• The database ID you select for bookmark syncing
• Notion OAuth access token

2.4 Billing Information

When you subscribe to a paid plan, payment information is collected and processed directly by Stripe, our payment processor. We do not store your full credit card number, CVV, or other sensitive payment details on our servers. We receive from Stripe a customer identifier, subscription status, and the last four digits of your card for display purposes.

2.5 Usage Data

We automatically collect certain usage information, including:

• Number of bookmarks synced
• Sync timestamps and status
• Feature usage patterns
• Error logs for debugging and service improvement

3. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service: Syncing your X bookmarks to your Notion workspace, including thread expansion and page creation
• Account Management: Authenticating your identity, managing your subscription, and communicating with you about your account
• Billing and Payments: Processing subscription payments, tracking usage for overage billing, and managing invoices
• Service Improvement: Analyzing usage patterns to improve the Service, fix bugs, and develop new features
• Communication: Sending you transactional emails related to your account, subscription, and important service updates
• Legal Compliance: Meeting our legal obligations and enforcing our Terms of Service

We do not sell your personal information to third parties. We do not use your bookmark content for advertising purposes.

4. Third-Party Services

We integrate with the following third-party services to operate Markbridge:

• X (Twitter) API: To access and read your bookmarks via OAuth 2.0 authentication. Subject to X's Privacy Policy.
• Notion API: To create pages in your selected Notion database. Subject to Notion's Privacy Policy.
• Stripe: To process subscription payments and manage billing. Subject to Stripe's Privacy Policy.
• Resend: To send transactional emails (account notifications, receipts, and service updates). Subject to Resend's Privacy Policy.

Each third-party service operates under its own privacy policy. We encourage you to review their policies. We share only the minimum data necessary for each service to perform its function.

5. Data Storage and Security

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it:

• OAuth tokens are encrypted at rest in our PostgreSQL database
• All data in transit is encrypted using TLS/HTTPS
• Database access is restricted to authorized services only
• We use parameterized queries to prevent SQL injection attacks
• Access to production systems is limited to authorized personnel with multi-factor authentication
• We conduct regular reviews of our security practices

While we implement commercially reasonable security measures, no method of transmission or storage is completely secure. We cannot guarantee the absolute security of your data.

6. Data Retention

We retain your account data and associated information for as long as your account remains active. Bookmark content is processed and synced to your Notion workspace; we retain metadata about synced bookmarks (such as tweet IDs and sync timestamps) to prevent duplicate syncing and track usage. When you delete your account, we will delete your personal data, OAuth tokens, and associated records from our systems within 30 days. Pages already created in your Notion workspace will not be affected by account deletion, as they reside in your Notion account and are under your control.

7. Your Rights and Choices

You have the following rights regarding your personal data:

• Access: You can view the data we hold about you through your account settings in the dashboard.
• Deletion: You can delete your account and all associated data through your account settings. You may also request deletion by emailing us at privacy@markbridge.app.
• Data Export: You can request a copy of your data in a portable format by contacting us.
• Revoke Access: You can disconnect your X or Notion accounts at any time through your account settings, which revokes our OAuth access. You can also revoke access directly through X or Notion's settings.
• Communication Preferences: You can unsubscribe from non-essential emails using the unsubscribe link in any email. Transactional emails related to your account and billing cannot be opted out of while your account is active.

8. Cookies

Markbridge uses cookies in a limited capacity:

• Session Cookies: Essential cookies used to maintain your authenticated session. These are strictly necessary for the Service to function and cannot be disabled.
• Security Cookies: Used to prevent cross-site request forgery and other security threats.

We do not use advertising cookies, tracking cookies, or third-party analytics cookies. We do not participate in cross-site tracking.

9. European Economic Area (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• Data Controller: Markbridge is the data controller for the personal data we collect. For inquiries, contact us at privacy@markbridge.app.
• Legal Basis for Processing: We process your data based on (a) your consent when you connect your accounts, (b) the necessity of processing to perform our contract with you (providing the Service), and (c) our legitimate interests in improving and securing the Service.
• Right to Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request correction of inaccurate personal data.
• Right to Erasure: You may request deletion of your personal data. We will comply unless we have a legal obligation to retain it.
• Right to Restrict Processing: You may request that we limit how we use your data in certain circumstances.
• Right to Data Portability: You may request your data in a structured, commonly used, machine-readable format.
• Right to Object: You may object to our processing of your data based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, please contact us at privacy@markbridge.app. We will respond to your request within 30 days.

10. California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

• Right to Know: You have the right to request that we disclose what personal information we have collected, used, disclosed, and sold about you in the past 12 months.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell your personal information. As such, there is no need to opt out of a sale.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise your CCPA rights, contact us at privacy@markbridge.app. We will verify your identity before processing your request.

11. Children's Privacy

Markbridge is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly. If you believe that a child under 13 has provided us with personal information, please contact us at privacy@markbridge.app.

12. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from those of your country. When we transfer data internationally, we take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy and applicable law. If you are located in the EEA, we ensure that transfers to countries outside the EEA are subject to appropriate safeguards such as Standard Contractual Clauses.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Service at least 30 days before the changes take effect. The "Last updated" date at the top of this policy reflects when it was last revised. Your continued use of the Service after any changes take effect constitutes your acceptance of the revised Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

For general support inquiries, please contact support@markbridge.app.