Skip to main content

Privacy Policy

Last updated: 30 April 2026

1. Overview

LinkBrain (“we,” “us”) is a bookmark management service based in South Africa. This policy explains what data we collect, how we use it, and your rights regarding your personal information.

We comply with the Protection of Personal Information Act (POPIA) of South Africa and the General Data Protection Regulation (GDPR) of the European Union where applicable.

The short version:We collect what we need to run the service, we don't sell your data, and you can export or delete everything at any time.

2. What we collect

We collect the following types of data:

Account information

  • Email address (for authentication and communication)
  • Name (if provided)
  • Profile picture (if provided via OAuth)
  • Authentication tokens (managed by our auth provider)

Content you save

  • URLs and page metadata (titles, descriptions, images)
  • Tags, collections, and notes you create
  • Imported bookmarks from browsers or other services

Usage data

  • Pages visited within LinkBrain (for analytics and improving the service)
  • Feature usage patterns (what you use, how often)
  • Device type, browser, and general location (country-level)
  • Error logs and performance metrics

We do not collect: passwords (handled by auth providers), financial details (handled by Lemon Squeezy), or browsing history outside of LinkBrain.

3. How we use your data

We use your data to:

  • Provide the service — store your links, power search, display your collections
  • AI features — generate embeddings for semantic search, create summaries, power AI Search
  • Personalization — auto-tagging, smart suggestions, knowledge graph
  • Communication — account notifications, product updates (you can opt out)
  • Improvement — understand usage patterns to make the product better
  • Security — detect and prevent abuse, fraud, or unauthorized access

We do not use your data for: advertising, selling to third parties, or training AI models beyond your personal account features.

4. AI & data processing

LinkBrain uses AI to power core features. Here's exactly what happens with your data:

  • Embeddings:When you save a link, we send the page content to OpenAI's embedding API to generate vector representations for semantic search. OpenAI does not store this data or use it for training.
  • Summaries & tags: We use AI to generate summaries and auto-tags for your links. This processing happens at the time of saving.
  • AI Search: When you ask a question, we search your embeddings and send relevant context to generate an answer. Only your own data is used.

Your content is processed solely for your account's features. We do not pool user data or use it to improve general AI models.

5. Third-party services

We use the following third-party services to operate LinkBrain:

  • Supabase — Database hosting, authentication, and file storage. Your account data and saved links are stored on Supabase infrastructure.
  • OpenAI — AI embeddings and language processing for search and summarization features. Content is sent via API and is not used for model training under their API terms.
  • Lemon Squeezy — Payment processing and subscription management (merchant of record). They handle all financial data including credit card details — we never see or store your payment information.
  • Vercel — Application hosting and CDN. Handles web requests and may process IP addresses for routing.
  • Google — OAuth sign-in provider. We receive your email address and display name when you sign in with Google. We do not access your Google account data beyond what is needed for authentication.

Each third party operates under their own privacy policy. We choose partners with strong privacy and security practices. Section 6 below enumerates which of these sub-processors receive Google user data (profile data obtained via Google Sign-In and YouTube content imported under the youtube.readonly scope), and for what purpose.

6. Data sharing & disclosures

We do not sell your personal information or Google user data, and we do not share it for advertising, marketing, or AI-model-training purposes. The only circumstances under which your data — including data we receive from Google APIs (profile data from Google Sign-In and YouTube content imported via the youtube.readonly scope) — is shared, transferred, or disclosed to other parties are the ones listed below.

Service providers (sub-processors)

We rely on the following sub-processors to operate the LinkBrain service. Each has a contractual obligation to process data only on our instructions and to keep it secure. Data obtained from Google APIs is shared only with the sub-processors explicitly marked below:

  • Supabase (United States / global) — hosts our authenticated database and file storage. Receives Google user data: your account profile (email, display name, avatar from Google Sign-In) and YouTube metadata (video title, channel, description, thumbnail URL, video ID, published date) for videos you import into your library. Purpose: persistent storage so you can access your library across devices.
  • OpenAI (United States) — generates embeddings, summaries, and auto-tags for content in your library. Receives Google user data:textual fields (title, description, channel name, and, where available, transcript) from YouTube items you import, sent via OpenAI's API. Purpose:power semantic search, summarization, and auto-tagging for your account only. Processed under OpenAI's API data-processing terms, which prohibit retention beyond short-term abuse monitoring and prohibit use of API inputs to train OpenAI's models.
  • Vercel (United States / global) — hosts the LinkBrain web application and edge network. Receives: HTTP request metadata (IP address, user agent, request path) necessary to route and serve pages, plus encrypted payloads in transit. Does not receive Google user data as standalone payload data beyond what is required to serve an authenticated response back to you.
  • Lemon Squeezy (United States) — merchant of record for paid subscriptions. Receives: billing email, name, and payment details entered during checkout. Does not receive Google user data.
  • Google (Google APIs) — when you use YouTube features we send authenticated requests back to Google's YouTube Data API on your behalf to retrieve the content you asked us to import. This is a return trip to the source, not onward sharing with an unrelated third party.

We do not share Google user data with any sub-processor not listed above. If we add or change a sub-processor that processes Google user data, we will update this policy before the change takes effect and, where required, notify affected users.

Legal disclosures

We may disclose your information — including Google user data — if we have a good-faith belief that disclosure is required to (a) comply with a valid legal process such as a subpoena, court order, or lawful government request; (b) enforce our Terms of Service; (c) protect the rights, safety, or property of LinkBrain, our users, or the public; or (d) investigate fraud, security, or technical issues. Where legally permitted, we will notify the affected user before disclosing their data in response to such a request.

Business transfers

If LinkBrain is involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity as part of that transaction. We will notify you before your data becomes subject to a different privacy policy, and the successor entity will remain bound by the commitments in this policy and by the Google API Services User Data Policy (including the Limited Use requirements) with respect to Google user data.

Sharing at your direction

We share data with additional third parties only when you explicitly instruct us to — for example, when you use the Export feature to download your library to your own device, or when you share a LinkBrain link with someone else. We do not automatically publish, syndicate, or sell your content.

What we never do with Google user data

  • Sell your personal information or Google user data to anyone
  • Share your data with advertisers, ad networks, or data brokers
  • Use Google user data — including YouTube content — to train, fine-tune, or benchmark generalized AI models
  • Allow humans to read your Google user data, except as narrowly permitted by the Google API Services User Data Policy: with your explicit consent (for example when you request support), for security investigations, or where we are required to do so by law

7. Connected sources (YouTube)

LinkBrain allows you to connect third-party accounts to import content into your personal library. When you connect a source, we request only the minimum permissions needed.

YouTube

When you connect your YouTube account, we request read-only access to your YouTube data via the youtube.readonly OAuth scope. This allows LinkBrain to:

  • Import your liked and saved YouTube videos into your LinkBrain library
  • Retrieve video metadata (title, channel, description, thumbnail) for display and search

What we do with this data:

  • Video metadata is stored in your personal LinkBrain library to enable search, tagging, and organization
  • Data is processed by our AI features (embeddings, summaries, auto-tags) solely for your account
  • We do not access your YouTube watch history, comments, or private videos
  • We do not modify, upload, or delete any content on your YouTube account

Data handling:

  • YouTube data is not sold, shared for advertising, or used for model training outside your account features
  • You can disconnect YouTube at any time from your Sources settings page
  • When you disconnect, we stop accessing your YouTube data; imported links remain in your library unless you delete them
  • Deleting your LinkBrain account removes all imported YouTube data

LinkBrain's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

8. Data retention

We retain your data as follows:

  • Account data: Retained while your account is active, deleted within 30 days of account deletion
  • Saved links & content: Retained while your account is active, deleted with your account
  • Usage analytics: Aggregated data retained indefinitely; individual-level data deleted after 12 months
  • Server logs: Retained for up to 30 days for debugging and security
  • Billing records: Retained as required by law (typically 5–7 years for tax purposes), managed by Lemon Squeezy

9. Your rights

Under POPIA, GDPR, and other applicable laws, you have the right to:

  • Access — Request a copy of your personal data
  • Export — Download your links and data in standard formats (HTML, CSV, JSON) from Settings
  • Correction — Update inaccurate personal information
  • Deletion — Delete your account and all associated data
  • Restriction — Ask us to limit how we process your data
  • Portability — Receive your data in a machine-readable format
  • Objection — Object to processing based on legitimate interest
  • Withdraw consent — Where processing is based on consent, withdraw it at any time

To exercise any of these rights, email us at hello@linkbrain.co. We'll respond within 30 days. Most actions (export, delete) you can do yourself from your account settings.

10. Chrome Extension

The LinkBrain Chrome Extension enhances your experience by letting you save, search, and manage your library directly from your browser. Here's what the extension accesses and why:

  • Active tab URL & title— When you click Save, use the keyboard shortcut, or use the right-click menu, the extension reads the current tab's URL and title so it can save the page to your library.
  • Page-aware suggestions (optional, off by default)— If you turn this on in the extension's Settings, the extension sends the URL of pages you visit to LinkBrain so it can show whether the page is already in your library and surface related saved links. Turning the toggle on requests the optional tabs permission. With it off (the default), the extension does not send any browsing activity to our servers — only links you explicitly save.
  • Chrome bookmarks (optional permission)— The extension does not request access to bookmarks at install. We request it only the first time you choose to import bookmarks; if you decline, the extension still works fully — you just won't see the import flow. We never read or modify bookmarks in the background.
  • Page content — When you explicitly save a link, the extension may extract metadata (title, description, author) from YouTube, GitHub, Twitter/X, and Reddit pages to improve the library entry. This only happens during the save action you initiated.
  • Local storage — Stores your authentication token, the small offline save queue, and preferences locally in the browser. Never sent to third parties.

Where extension data goes: All network traffic from the LinkBrain Chrome Extension goes to one of the following destinations only:

  • linkbrain.co — our first-party API, where your library is stored.
  • A self-hosted LinkBrain instance at a URL you configurein the extension's Options page (optional; only for self-hosting users).

Favicons next to saved links are rendered through Chrome's built-in favicon cache (chrome.runtime.getURL('/_favicon/')). No third-party favicon service is contacted — earlier versions of the extension used google.com/s2/favicons; that dependency was removed in v3.5.

The extension does not:

  • Track your browsing history in the background — page-aware suggestions are off by default and require explicit opt-in
  • Read the content of pages you did not explicitly save
  • Access bookmarks without your explicit action
  • Inject ads, analytics, or third-party trackers
  • Send data to advertisers, data brokers, or any third party other than the destinations listed above
  • Access any data when you're not logged in

You can uninstall the extension at any time. Your saved links remain in your LinkBrain account regardless.

11. Cookies

We use a minimal set of cookies:

  • Authentication cookies — Essential for keeping you logged in (strictly necessary)
  • Preference cookies — Remember your settings like theme preference

We do not use third-party advertising or tracking cookies. We do not participate in cross-site tracking. Our analytics are privacy-respecting and do not rely on cookies for user identification. See our Cookie Policy for full details.

12. Security

We take reasonable measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Row-level security on database access
  • Regular security reviews and dependency updates
  • Minimal access principles for team members

No system is 100% secure. If we discover a data breach that affects your personal information, we'll notify you and relevant authorities as required by law.

13. Children

LinkBrain is not intended for users under 16. We do not knowingly collect personal information from children. If you believe a child has created an account, please contact us and we'll delete it promptly.

14. International data transfers

Our infrastructure is hosted globally (via Supabase, Vercel, and other providers). Your data may be processed in countries outside South Africa or your country of residence. We ensure that any transfers comply with applicable data protection laws through appropriate safeguards.

15. Changes to this policy

We may update this privacy policy from time to time. If we make significant changes, we'll notify you via email or in-app notification. The “Last updated” date at the top tells you when this policy was last revised.

16. Contact

For privacy-related questions, data requests, or complaints:

If you're not satisfied with our response, you have the right to lodge a complaint with the Information Regulator of South Africa or your local data protection authority.