Docs

OverviewGetting startedImport from PinboardChrome extensionMobileAPIPrivacy & data

Privacy & data

Your bookmarks are yours. Here's what we store, what we don't, and how to take everything with you whenever you want.

What we store

  • Your email (for sign-in via magic link)
  • Your bookmarks: URL, title, notes, tags, private flag, timestamps
  • Archived page text and metadata (for searching old content)
  • AI-generated summaries and auto-tags
  • Vector embeddings of archived text (for semantic search and Ask)
  • Stripe customer ID (Pro accounts) and subscription status — never card numbers
  • Server logs for debugging, retained 30 days

Where it's stored

  • Application database: Neon Postgres, region us-east-1. Encrypted at rest by Neon.
  • Application servers: Fly.io, region IAD (Ashburn, VA).
  • AI calls: OpenAIfor embeddings and Ask answers. Per OpenAI's API policy, your data is not used to train their models.
  • Email delivery: Resend for magic links and contact form.

What we don't do

  • We don't sell your data. Period.
  • We don't train models on your bookmarks.
  • We don't share data with advertisers — there are no ads.
  • We don't read your bookmarks (engineers may see system logs that contain URLs while debugging, but never the contents).

Public vs private bookmarks

Every bookmark is private by default. The is_privateflag currently has no effect on what other users can see — there is no “other users” right now because the product has no public or social view. The flag is preserved for future use and respected by the Pinboard-compat API.

Export your data

Anytime: Settings → Data → Export bookmarks (JSON). You get a complete dump of every bookmark, tag, summary, and timestamp in JSON format. Drop it in Pinboard, another service, or a folder of files.

Delete your account

Anytime: Settings → Danger zone → Delete my account. This permanently removes every bookmark, tag, archived text, embedding, and your account record. There is no “trash” — deletes cascade immediately. Stripe subscription is canceled separately via the Customer Portal before account deletion.

Account deletion is irreversible. Export first if you want a backup.

Security

  • All traffic is HTTPS (Let's Encrypt managed by Fly).
  • Sessions are signed cookies — no JWTs to leak.
  • Magic-link tokens are hashed in the DB and single-use, 15-min expiry.
  • API tokens are hashed; we never store the raw value.
  • Stripe handles all payment data — we never see card details.

Cookies

Two cookies, both first-party, both required:

  • session — signed session cookie, used for auth
  • Stripe sets its own cookies during checkout; see Stripe's cookie policy.

No analytics, no trackers, no third-party cookies on the main site.

Questions?

Email support@batata.page or use the contact form.

API reference