Skip to main content
Warning: This is a temporary website. Payments do not work yet. Stay tuned!
Sortmarks

Privacy Policy

Last updated: January 8, 2026

Introduction

Sortmarks is designed with privacy at its core. We process your bookmarks temporarily to provide our AI-powered organization service, but we don't store your data or track your usage.

Data Controller

For privacy inquiries, please contact: privacy@sortmarks.com

What Data We Process

When you use Sortmarks, we temporarily process:

  • Bookmark titles (truncated to 100 characters)
  • Domain names only (not full URLs with paths or parameters)
  • Folder names from your original bookmark structure
  • IP addresses for rate limiting (kept for 60 seconds in memory only)

How We Use Your Data

We process your data for a single purpose: to organize your bookmarks using AI.

  • Bookmark titles and domain names are sent to OpenAI's API for categorization
  • IP addresses are used temporarily for rate limiting to prevent abuse
  • For large bookmark sets, results are temporarily stored encrypted in Vercel KV storage for up to 48 hours, allowing you to return and retrieve your organized bookmarks

Legal Basis (GDPR Article 6)

We process your data based on Legitimate Interest (Article 6(1)(f)) because:

  • Processing is necessary for the service to function
  • You explicitly initiate processing by uploading bookmarks
  • We collect minimal data (no accounts, tracking, or cookies)
  • There is a clear benefit to you (organized bookmarks)
  • Privacy impact is low (no sensitive personal data is stored)

Third-Party Data Processors

We use OpenAI to process your bookmarks. OpenAI operates in the EU with GDPR compliance mechanisms, provides Data Processing Agreements and Standard Contractual Clauses. View their privacy policy.

We do not send your full URLs to OpenAI, only domain names and bookmark titles.

We use Paddle as our Merchant of Record to process payments. When you make a purchase, Paddle collects your payment information (credit card, PayPal, etc.), email address, and billing details. Paddle handles all payment processing, invoicing, and sales tax/VAT compliance. We do not have access to your full payment card details. View their privacy policy.

We use Vercel for hosting and temporary encrypted storage of job results (Vercel KV). Data stored in Vercel KV is encrypted with AES-GCM before storage and automatically deleted after 48 hours. View their privacy policy.

Data Retention

  • Bookmark data during processing: Processed in-memory and discarded after organization completes
  • Job results (organized bookmarks): For large bookmark sets that require background processing, results are stored encrypted in Vercel KV for up to 48 hours, then automatically deleted. You can retrieve your results during this window via a unique job URL.
  • IP addresses: Kept for 60 seconds in memory for rate limiting, then automatically deleted
  • Encryption: All stored job data is encrypted with AES-GCM and compressed before storage. We cannot access your bookmark content without the encryption key.

Your Rights Under GDPR

  • Right to access: Request information about data we process (though we don't store any)
  • Right to erasure: Automatically fulfilled as we don't store data persistently
  • Right to rectification: N/A (no stored data)
  • Right to data portability: Download your organized bookmarks as HTML
  • Right to object: Simply don't use the service
  • Right to lodge a complaint: Contact your local data protection authority

To exercise these rights, contact us at privacy@sortmarks.com

Security Measures

  • All connections use HTTPS encryption
  • AES-GCM encryption at rest for any temporarily stored job data
  • Gzip compression before encryption for efficient storage
  • Rate limiting to prevent abuse
  • Global circuit breaker to protect against service overload
  • CORS, XSS, and SSRF protection
  • No cookies or tracking scripts
  • Distributed locking to prevent data corruption

What We Don't Do

  • We don't use cookies
  • We don't use analytics or tracking (no Google Analytics, etc.)
  • We don't create user accounts
  • We don't store your bookmarks permanently (encrypted job results are automatically deleted after 48 hours)
  • We don't store your payment card details (Paddle handles all payment processing)
  • We don't sell or share your data (except OpenAI for bookmark processing, Paddle for payments, and Vercel for encrypted storage)
  • We don't send marketing emails

Changes to This Policy

We may update this privacy policy from time to time. The "Last updated" date at the top will reflect when changes were made.

Contact Us

For any privacy-related questions or concerns: privacy@sortmarks.com

← Back to Home