Privacy Policy
Effective Date: May 18, 2026

UFOO provides cross-browser bookmark sync services, including our website (start.ufoo.cc) and browser extensions. We value your privacy. This policy explains how we collect, use, store and protect your information.

Information We Collect
Information You Provide
1. Account Information
Email address (for login and authentication)
User ID (generated by Supabase Auth)
Account creation date
2. Bookmark Data
Bookmark titles, URLs and icons you save
Folder structure and hierarchy
Bookmark creation, modification and deletion timestamps
Bookmark sort order
3. Technical Information
Browser type and version
Operating system type
IP address (for security logging and abuse prevention)
Access timestamps
What We Do NOT Collect
Your browsing history
Your passwords (stored securely by Supabase Auth; we cannot view them)
Content data from third-party websites
Personal identification information beyond your email
Precise geolocation data
Data Storage & Processing
Storage Location
All data is stored in Supabase (PostgreSQL database):

Server location: Singapore (ap-southeast-1)
Transport encryption: TLS 1.3, storage encryption: AES-256
Access control: Row Level Security ensures data isolation
Backup: Daily automatic backups, retained for 7 days
Data Retention
Data Type Retention Period Notes
Account Info While account exists Cleared within 30 days of deletion
Bookmark Data While account exists Deleted with account
Login Logs 90 days Security audit
Error Logs 30 days Troubleshooting
How We Use Your Data
We use your data only for:

Providing bookmark sync and storage services
Authenticating users and protecting account security
Improving product features and user experience
Sending service notifications (e.g., security alerts)
We will NOT:

Sell your data to any third party
Use your data for targeted advertising
Share data with third parties for marketing
Mine your bookmark content for analytics
Data Security
All API requests use HTTPS (TLS 1.3)
Authentication uses JWT tokens with automatic refresh
Row Level Security ensures users can only access their own data
Input validation and parameter checking prevent injection attacks
API rate limiting prevents abuse
Least-privilege principle: employees cannot directly access user data
Regular security audits and vulnerability scanning
Security incident notification within 72 hours
Cookies
Cookie Type Purpose Duration
sb-*-auth-token Essential Authentication Session
user_id Functional Local identifier Persistent
bmFolderState Preference Folder expand state Persistent
You can manage or delete cookies through your browser settings. Disabling cookies may affect login persistence.

Your Rights
Access & Export
View all bookmark data, export a complete copy.

Correct & Delete
Modify bookmark info, delete individual bookmarks or your entire account.

Data Portability
Export bookmarks as HTML/JSON to migrate to other services.

Third-Party Services
Service Purpose Data Handling
Supabase Database & Authentication Stores user data and auth
Cloudflare CDN & Security Transit encryption, DDoS protection
Vercel Web hosting Content delivery
Additional Information
Our service is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided personal information, please contact us immediately for deletion.

We may update this Privacy Policy. Material changes will be communicated via email 30 days in advance.

Contact
Email: privacy@ufoo.cc

Web: https://start.ufoo.cc

We will respond to your request within 30 days.