Skip to main content

Privacy Policy

Last updated: February 2026

1. Overview

LinkBrain (“we,” “us”) is a bookmark management service based in South Africa. This policy explains what data we collect, how we use it, and your rights regarding your personal information.

We comply with the Protection of Personal Information Act (POPIA) of South Africa and the General Data Protection Regulation (GDPR) of the European Union where applicable.

The short version: We collect what we need to run the service, we don't sell your data, and you can export or delete everything at any time.

2. What we collect

We collect the following types of data:

Account information

  • Email address (for authentication and communication)
  • Name (if provided)
  • Profile picture (if provided via OAuth)
  • Authentication tokens (managed by our auth provider)

Content you save

  • URLs and page metadata (titles, descriptions, images)
  • Tags, collections, and notes you create
  • Imported bookmarks from browsers or other services

Usage data

  • Pages visited within LinkBrain (for analytics and improving the service)
  • Feature usage patterns (what you use, how often)
  • Device type, browser, and general location (country-level)
  • Error logs and performance metrics

We do not collect: passwords (handled by auth providers), financial details (handled by Lemon Squeezy), or browsing history outside of LinkBrain.

3. How we use your data

We use your data to:

  • Provide the service — store your links, power search, display your collections
  • AI features — generate embeddings for semantic search, create summaries, power AI Search
  • Personalization — auto-tagging, smart suggestions, knowledge graph
  • Communication — account notifications, product updates (you can opt out)
  • Improvement — understand usage patterns to make the product better
  • Security — detect and prevent abuse, fraud, or unauthorized access

We do not use your data for: advertising, selling to third parties, or training AI models beyond your personal account features.

4. AI & data processing

LinkBrain uses AI to power core features. Here's exactly what happens with your data:

  • Embeddings: When you save a link, we send the page content to OpenAI's embedding API to generate vector representations for semantic search. OpenAI does not store this data or use it for training.
  • Summaries & tags: We use AI to generate summaries and auto-tags for your links. This processing happens at the time of saving.
  • AI Search: When you ask a question, we search your embeddings and send relevant context to generate an answer. Only your own data is used.

Your content is processed solely for your account's features. We do not pool user data or use it to improve general AI models.

5. Third-party services

We use the following third-party services to operate LinkBrain:

  • Supabase — Database hosting, authentication, and file storage. Your account data and saved links are stored on Supabase infrastructure.
  • OpenAI — AI embeddings and language processing for search and summarization features. Content is sent via API and is not used for model training under their API terms.
  • Lemon Squeezy — Payment processing and subscription management (merchant of record). They handle all financial data including credit card details — we never see or store your payment information.
  • Vercel — Application hosting and CDN. Handles web requests and may process IP addresses for routing.
  • Google — OAuth sign-in provider. We receive your email address and display name when you sign in with Google. We do not access your Google account data beyond what is needed for authentication.

Each third party operates under their own privacy policy. We choose partners with strong privacy and security practices.

6. Data retention

We retain your data as follows:

  • Account data: Retained while your account is active, deleted within 30 days of account deletion
  • Saved links & content: Retained while your account is active, deleted with your account
  • Usage analytics: Aggregated data retained indefinitely; individual-level data deleted after 12 months
  • Server logs: Retained for up to 30 days for debugging and security
  • Billing records: Retained as required by law (typically 5–7 years for tax purposes), managed by Lemon Squeezy

7. Your rights

Under POPIA, GDPR, and other applicable laws, you have the right to:

  • Access — Request a copy of your personal data
  • Export — Download your links and data in standard formats (HTML, CSV, JSON) from Settings
  • Correction — Update inaccurate personal information
  • Deletion — Delete your account and all associated data
  • Restriction — Ask us to limit how we process your data
  • Portability — Receive your data in a machine-readable format
  • Objection — Object to processing based on legitimate interest
  • Withdraw consent — Where processing is based on consent, withdraw it at any time

To exercise any of these rights, email us at hello@linkbrain.co. We'll respond within 30 days. Most actions (export, delete) you can do yourself from your account settings.

8. Chrome Extension

The LinkBrain Chrome Extension enhances your experience by letting you save, search, and manage your library directly from your browser. Here's what the extension accesses and why:

  • Active tab URL & title — To save the current page to your library when you click Save or use the keyboard shortcut
  • Chrome bookmarks — Only when you explicitly choose to import bookmarks during onboarding or from Settings. We never read bookmarks without your action.
  • Reading progress — Tracks how far you've scrolled on pages you've saved, so you can pick up where you left off. This data is sent only to your LinkBrain account.
  • Page content — When saving a link, we may extract metadata (title, description, author) from YouTube, GitHub, Twitter/X, and Reddit pages to improve your library entries.
  • Local storage — Stores your authentication token and preferences locally in the browser. Never sent to third parties.

The extension does not:

  • Track your browsing history
  • Access bookmarks without your explicit action
  • Inject ads or modify page content (except for save confirmation toasts)
  • Send data to any third party — all data goes only to linkbrain.co
  • Access any data when you're not logged in

You can uninstall the extension at any time. Your saved links remain in your LinkBrain account regardless.

9. Cookies

We use a minimal set of cookies:

  • Authentication cookies — Essential for keeping you logged in (strictly necessary)
  • Preference cookies — Remember your settings like theme preference

We do not use third-party advertising or tracking cookies. We do not participate in cross-site tracking. Our analytics are privacy-respecting and do not rely on cookies for user identification. See our Cookie Policy for full details.

10. Security

We take reasonable measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Row-level security on database access
  • Regular security reviews and dependency updates
  • Minimal access principles for team members

No system is 100% secure. If we discover a data breach that affects your personal information, we'll notify you and relevant authorities as required by law.

11. Children

LinkBrain is not intended for users under 16. We do not knowingly collect personal information from children. If you believe a child has created an account, please contact us and we'll delete it promptly.

12. International data transfers

Our infrastructure is hosted globally (via Supabase, Vercel, and other providers). Your data may be processed in countries outside South Africa or your country of residence. We ensure that any transfers comply with applicable data protection laws through appropriate safeguards.

13. Changes to this policy

We may update this privacy policy from time to time. If we make significant changes, we'll notify you via email or in-app notification. The “Last updated” date at the top tells you when this policy was last revised.

14. Contact

For privacy-related questions, data requests, or complaints:

If you're not satisfied with our response, you have the right to lodge a complaint with the Information Regulator of South Africa or your local data protection authority.