Privacy Policy

Last updated: 2026-07-01

This Privacy Policy explains how Fjord LLC(“we”) handles personal data in connection with Bommel. We designed Bommel to be privacy-first: on the free tier your data stays on your device or on infrastructure you control.

1. Data controller

Fjord LLC, 530-B Harkle Road, STE 100, Santa Fe, NM 87505. Privacy contact: privacy@bookmarklocker.app.

2. What we process

  • Free / local mode: your bookmarks, notes, and files are stored in your browser (IndexedDB) or in a database you connect. We do not receive or store them.
  • Account data (Pro): when you sign in with Google we receive your name, email, and profile image via Firebase Authentication to create and secure your account.
  • Content data (Pro): bookmarks, notes, attachments, and embeddings are stored in Google Firestore, scoped to your account.
  • Billing: payments are handled by Stripe; we do not store full card numbers.
  • Operational data: minimal logs (e.g. request IDs, error events) for security and reliability. We avoid logging content or secrets.

3. AI providers

If you enable an AI provider, the text you ask the librarian to process is sent to the provider you selected (which may be your own local model). API keys you enter are stored only in your browser and are transmitted only to that provider. Review the provider’s own privacy terms.

4. Legal bases (GDPR)

  • Performance of a contract (providing the Service you request).
  • Legitimate interests (security, fraud prevention, service improvement).
  • Consent (optional integrations you enable).
  • Legal obligation (tax, accounting, lawful requests).

5. Sub-processors

For Pro accounts we rely on the following providers:

  • Google Firebase / Firestore & Firebase AuthenticationCloud database, authentication, and sync for Pro accounts. (Google Cloud (region configurable)).
  • Stripe, Inc.Subscription billing and payment processing. (United States / global).
  • Vercel Inc.Application hosting and content delivery. (Global edge network).

6. Retention

We retain account and content data while your account is active. On deletion, content is removed from active systems within a commercially reasonable period, subject to backups and legal retention requirements. You can export or delete your data at any time from Settings.

7. Security

We use encryption in transit (TLS) and at rest, scoped access controls, and least-privilege practices. See our Security page for details. No method of transmission or storage is 100% secure.

8. Your rights

Depending on your location you may have rights to access, correct, delete, port, or restrict processing of your data, and to object or lodge a complaint with a supervisory authority. Contact privacy@bookmarklocker.app to exercise them.

9. International transfers

Data may be processed in the United States and other countries where our providers operate, using appropriate safeguards where required.

10. Children

The Service is not directed to children under 16 and we do not knowingly collect their data.

11. Changes

We may update this Policy; material changes will be posted here with a new date.