Privacy Policy
Last updated: 2026-07-01
This Privacy Policy explains how Fjord LLC(“we”) handles personal data in connection with Bommel. We designed Bommel to be privacy-first: on the free tier your data stays on your device or on infrastructure you control.
1. Data controller
Fjord LLC, 530-B Harkle Road, STE 100, Santa Fe, NM 87505. Privacy contact: privacy@bookmarklocker.app.
2. What we process
- Free / local mode: your bookmarks, notes, and files are stored in your browser (IndexedDB) or in a database you connect. We do not receive or store them.
- Account data (Pro): when you sign in with Google we receive your name, email, and profile image via Firebase Authentication to create and secure your account.
- Content data (Pro): bookmarks, notes, attachments, and embeddings are stored in Google Firestore, scoped to your account.
- Billing: payments are handled by Stripe; we do not store full card numbers.
- Operational data: minimal logs (e.g. request IDs, error events) for security and reliability. We avoid logging content or secrets.
3. AI providers
If you enable an AI provider, the text you ask the librarian to process is sent to the provider you selected (which may be your own local model). API keys you enter are stored only in your browser and are transmitted only to that provider. Review the provider’s own privacy terms.
4. Legal bases (GDPR)
- Performance of a contract (providing the Service you request).
- Legitimate interests (security, fraud prevention, service improvement).
- Consent (optional integrations you enable).
- Legal obligation (tax, accounting, lawful requests).
5. Sub-processors
For Pro accounts we rely on the following providers:
- Google Firebase / Firestore & Firebase Authentication — Cloud database, authentication, and sync for Pro accounts. (Google Cloud (region configurable)).
- Stripe, Inc. — Subscription billing and payment processing. (United States / global).
- Vercel Inc. — Application hosting and content delivery. (Global edge network).
6. Retention
We retain account and content data while your account is active. On deletion, content is removed from active systems within a commercially reasonable period, subject to backups and legal retention requirements. You can export or delete your data at any time from Settings.
7. Security
We use encryption in transit (TLS) and at rest, scoped access controls, and least-privilege practices. See our Security page for details. No method of transmission or storage is 100% secure.
8. Your rights
Depending on your location you may have rights to access, correct, delete, port, or restrict processing of your data, and to object or lodge a complaint with a supervisory authority. Contact privacy@bookmarklocker.app to exercise them.
9. International transfers
Data may be processed in the United States and other countries where our providers operate, using appropriate safeguards where required.
10. Children
The Service is not directed to children under 16 and we do not knowingly collect their data.
11. Changes
We may update this Policy; material changes will be posted here with a new date.