Back to Home

Privacy Policy

Last updated: April 27, 2026

This Privacy Policy explains how BookmarkManager.com (“we”, “us”, “our”) collects, uses, and protects your personal data when you use our website, browser extensions, and mobile apps (collectively the “Service”).

1. Data Controller

Kevin Schmidt
Zugmantelstr. 34B
65510 Idstein
Germany
Email: contact@bookmarkmanager.com

2. Data We Collect

2.1. Account Information

When you create an account, we may collect:

  • Email address
  • Name or display name (for example from Google or Apple)
  • Authentication metadata provided by Firebase Auth
  • Hashed password if you register with email and password

2.2. User Content

When you use the Service, we process the data you store in it, including:

  • Bookmarks (URLs, titles, descriptions)
  • Tags
  • Notes and other organizational metadata

This data is used only to provide and improve the Service and to allow you to organize and search your bookmarks.

2.3. Technical Data

When you access the Service, certain technical data is collected automatically, for example:

  • IP address (which may be anonymized or truncated, depending on the tool)
  • Browser type and version
  • Operating system and device information
  • Server logs (such as request URLs, timestamps, and error logs)

2.4. Cookies, Local Storage, and Analytics

The Service may use:

  • Functional cookies or local storage to maintain sessions and UI preferences
  • Google Analytics (GA4) cookies to measure aggregated usage of the Service. These cookies are only set after you provide explicit consent via our cookie banner. You can withdraw consent at any time by clearing site data in your browser.

Google Analytics uses cookies and similar technologies to collect information about how visitors use the Service (such as pages viewed, approximate location, device and browser information). IP addresses are anonymized before processing. We do not load Google Analytics until you accept analytics cookies.

No marketing tracking pixels (for example Meta, Google Ads, LinkedIn, or similar) are used.

3. How We Use Your Data

We use your data for the following purposes:

  • To provide, operate, and maintain the Service
  • To authenticate you and manage your account
  • To store and sync your bookmarks and related data across devices
  • To ensure the security and integrity of the Service
  • To analyze aggregated usage patterns to improve the Service
  • To process payments and manage subscriptions via Paddle

We do not sell your personal data.

4. Legal Bases for Processing (EU/EEA)

If you are located in the EU/EEA, we rely on the following legal bases for processing your personal data:

  • Contract: Processing necessary to provide the Service and fulfill our agreement with you (for example account creation, login, storage of your bookmarks).
  • Legitimate interests: Processing for security, fraud prevention, and improvement of the Service, where our interests are not overridden by your rights.
  • Consent: Loading and use of Google Analytics cookies, as well as the storing of and access to information on your terminal device for non-essential purposes, is based on your consent pursuant to Art. 6 (1) (a) GDPR and § 25 (1) TDDDG (German Telecommunications Digital Services Data Protection Act, formerly TTDSG). You can give or withdraw consent at any time via the cookie banner or by clearing site data in your browser.
  • Legal obligation: Processing necessary to comply with legal obligations, such as tax or accounting obligations related to payments via Paddle.

5. Third-Party Services

5.1. Google Cloud

We use Google Cloud for hosting, data storage, and server logs. Data may be stored in data centers located in the United States.

5.2. Firebase Auth

Firebase Auth is used for authentication, including login, account creation, and password resets. Firebase processes your email and authentication-related data to provide this functionality.

5.3. Paddle (Merchant of Record)

Paddle.com Market Limited and its affiliates ("Paddle") act as the Merchant of Record and authorised reseller for our paid plans. When you subscribe, your purchase agreement is concluded directly with Paddle, and Paddle is the controller of the personal data it collects for that purpose, including payment details, billing address, transaction information, and any required tax information. Paddle processes this data under its own privacy policy and retains it as required for accounting and legal compliance.

For information on how Paddle processes your data, see Paddle's Privacy Notice. We receive only limited transactional data from Paddle (such as subscription status, plan, and identifiers) needed to grant and manage your access to paid features.

5.4. Google Analytics

We use Google Analytics 4, provided by Google Ireland Limited (with data potentially processed by Google LLC in the United States), to collect aggregated statistics about how the Service is used. Google Analytics sets cookies and may collect data such as your anonymized IP address, device and browser information, referring pages, and pages viewed. IP anonymization is enabled.

Google Analytics is loaded only after you provide consent via our cookie banner. If you decline or do not respond, no Google Analytics cookies are set and no data is sent to Google. You can withdraw consent at any time by clearing site data for this domain in your browser, which will reset your choice and re-display the consent banner on your next visit.

For more information, see Google's privacy policy at https://policies.google.com/privacy.

5.5. Optional Integrations

If you choose to connect external integration services (for example automation tools such as Zapier or Make.com), data is shared with these services only according to your configuration. Their processing of your data is governed by their own privacy policies.

6. Data Retention

We retain data only for as long as necessary for the purposes described in this policy, unless a longer retention period is required or permitted by law.

  • Account and User Content: retained for as long as your account is active. If you delete your account, we will delete or anonymize your personal data, subject to technical and legal constraints.
  • System logs: typically retained for up to 90 days, unless needed longer for security or legal reasons.
  • Backups: retained for up to 30 days before being overwritten or deleted.
  • Analytics data (via Google Analytics): retained according to Google's data retention settings (by default up to 14 months) and kept in aggregated form.

7. Data Transfers

Because we use services such as Google Cloud and Firebase, your data may be processed in countries outside the EU/EEA, including the United States. Where required, we rely on appropriate safeguards for such transfers, such as standard contractual clauses or similar mechanisms provided by the relevant service providers.

8. Your Rights (EU/EEA)

If you are located in the EU/EEA, you have the following rights regarding your personal data, subject to applicable law:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction of processing: request that we limit processing of your data in certain circumstances.
  • Right to data portability: request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to object: object to certain processing based on legitimate interests.

You can exercise your rights by contacting us at contact@bookmarkmanager.com. You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

The supervisory authority responsible for us is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden
Germany
Website: https://datenschutz.hessen.de

8a. Automated Decision-Making

We do not use the personal data we collect for automated decision-making, including profiling, within the meaning of Art. 22 GDPR.

9. Security

We take appropriate technical and organizational measures to protect your data, including encryption in transit (HTTPS) and at rest (for example via Google Cloud’s encryption mechanisms). Access to personal data is limited to authorized individuals who need it to operate and improve the Service.

10. Children

The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe that a child has provided us with personal data, please contact us so that we can take appropriate action.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Last updated” date at the top of this page. If changes are material, we may provide additional notice through the Service or by email.

Back to Home