Privacy Policy

Last updated: May 22, 2026

What data we collect

Resave collects the data needed to save, organize, search, and sync your personal intake library across the iOS app, share extension, web app, and browser extension:

• Account information — email address, optional phone number if you choose to use phone sign-in, name or display name when provided, username, user ID, authentication sessions, and account status.
• Saved content — titles, URLs, notes, markdown, search text you submit, bucket/facet assignments, tags, threads, and related metadata.
• Uploaded media — screenshots, photos, videos, thumbnails, dimensions, file size, MIME type, and storage path when you attach media to an item or share media into the app.
• URL preview metadata — page title, description, image URL, site name, and other public metadata retrieved from links you save.
• AI-generated metadata — classifications, summaries, entities, tags, themes, and chat responses generated from your saved content.
• Operational data — request metadata, rate-limit counters, server logs, and error diagnostics used to keep the service secure and reliable.

What data we do NOT collect

• We do not sell your data.
• We do not use advertising tracking, tracking pixels, or cross-app tracking.
• We do not collect your full browsing history; browser capture only saves pages you explicitly choose to add.
• We do not run background capture of clipboard, photos, videos, or browser tabs.
• We do not place OpenAI, Anthropic, Iframely, Supabase service-role, or Clerk secret keys in client apps.

How data is stored

• Locally: The iOS app stores preferences, session state, pending share uploads, and local chat transcripts on your device. Authentication tokens are stored using the platform keychain where available.
• Server-side: Account records, saved items, notes, buckets, attachment metadata, and AI metadata are stored in Supabase Postgres and associated with your authenticated user ID.
• Media storage: Uploaded screenshots, photos, videos, and thumbnails are stored in Supabase Storage and linked to the owning item and account.
• Public sharing: Profiles and saved content are private by default. If public profile functionality is enabled for your account, public profile endpoints may display the content you choose to make public.

AI processing

Resave uses AI services to classify saved items, describe screenshots, and answer questions over your saved library. Depending on the feature, the content sent to AI providers may include titles, URLs, notes, URL metadata, screenshot image URLs, retrieved page context, bucket names, and compact search results from your library. AI provider API keys are stored only on our server.

Third-party services

• Clerk (clerk.com) — account authentication and session management. See Clerk Privacy Policy.
• Supabase (supabase.com) — database and media storage. See Supabase Privacy Policy.
• Vercel (vercel.com) — API hosting. See Vercel Privacy Policy.
• OpenAI (openai.com) — AI classification and image description. See OpenAI Privacy Policy.
• Anthropic (anthropic.com) — AI chat and retrieval over saved library content. See Anthropic Privacy Policy.
• Sentry (sentry.io) — backend error monitoring and reliability diagnostics. See Sentry Privacy Policy.
• Iframely (iframely.com) — optional URL preview enrichment for saved links when public page metadata is incomplete. See Iframely Privacy Policy.

Security

Requests to private data require authentication. Server-side API routes verify the authenticated user before reading, updating, or deleting account data. Secrets for Clerk, Supabase, OpenAI, Anthropic, Iframely, Sentry, and other infrastructure providers are stored in server-side environment variables, not in the iOS app, web frontend, or browser extension.

Data deletion

You can export a portable copy of your saved account data from the web or iOS app settings, including account identity fields and user-keyed operational counters, but not session tokens or password material. You can delete individual saved items from Resave. You can also delete your account from the web or iOS app settings. Account deletion removes your profile, saved items, notes, buckets, AI metadata, attachment records, uploaded media, user-keyed rate-limit counters, and authentication account from our active systems, except where retention is required by law, security, fraud prevention, or backup integrity.

Encrypted backups are retained on a limited lifecycle for disaster recovery. Deleted active data may remain in backups until that lifecycle expires, and restored environments must reconcile deleted accounts before becoming user-accessible.

Contact

For privacy questions or data deletion requests, contact: will@resave.ai