Privacy Policy
Effective Date: May 18, 2026
UFOO provides cross-browser bookmark sync services, including our website (start.ufoo.cc) and browser extensions. We value your privacy. This policy explains how we collect, use, store and protect your information.
Information We Collect
Information You Provide
1. Account Information
- Email address (for login and authentication)
- User ID (generated by Supabase Auth)
- Account creation date
2. Bookmark Data
- Bookmark titles, URLs and icons you save
- Folder structure and hierarchy
- Bookmark creation, modification and deletion timestamps
- Bookmark sort order
3. Technical Information
- Browser type and version
- Operating system type
- IP address (for security logging and abuse prevention)
- Access timestamps
What We Do NOT Collect
- Your browsing history
- Your passwords (stored securely by Supabase Auth; we cannot view them)
- Content data from third-party websites
- Personal identification information beyond your email
- Precise geolocation data
Data Storage & Processing
Storage Location
All data is stored in Supabase (PostgreSQL database):
- Server location: Singapore (ap-southeast-1)
- Transport encryption: TLS 1.3, storage encryption: AES-256
- Access control: Row Level Security ensures data isolation
- Backup: Daily automatic backups, retained for 7 days
Data Retention
| Data Type | Retention Period | Notes |
|---|---|---|
| Account Info | While account exists | Cleared within 30 days of deletion |
| Bookmark Data | While account exists | Deleted with account |
| Login Logs | 90 days | Security audit |
| Error Logs | 30 days | Troubleshooting |
How We Use Your Data
We use your data only for:
- Providing bookmark sync and storage services
- Authenticating users and protecting account security
- Improving product features and user experience
- Sending service notifications (e.g., security alerts)
We will NOT:
- Sell your data to any third party
- Use your data for targeted advertising
- Share data with third parties for marketing
- Mine your bookmark content for analytics
Data Security
- All API requests use HTTPS (TLS 1.3)
- Authentication uses JWT tokens with automatic refresh
- Row Level Security ensures users can only access their own data
- Input validation and parameter checking prevent injection attacks
- API rate limiting prevents abuse
- Least-privilege principle: employees cannot directly access user data
- Regular security audits and vulnerability scanning
- Security incident notification within 72 hours
Cookies
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
sb-*-auth-token | Essential | Authentication | Session |
user_id | Functional | Local identifier | Persistent |
bmFolderState | Preference | Folder expand state | Persistent |
You can manage or delete cookies through your browser settings. Disabling cookies may affect login persistence.
Your Rights
Access & Export
View all bookmark data, export a complete copy.
Correct & Delete
Modify bookmark info, delete individual bookmarks or your entire account.
Data Portability
Export bookmarks as HTML/JSON to migrate to other services.
Third-Party Services
| Service | Purpose | Data Handling |
|---|---|---|
| Supabase | Database & Authentication | Stores user data and auth |
| Cloudflare | CDN & Security | Transit encryption, DDoS protection |
| Vercel | Web hosting | Content delivery |
Additional Information
Our service is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided personal information, please contact us immediately for deletion.
We may update this Privacy Policy. Material changes will be communicated via email 30 days in advance.
Contact
Email: privacy@ufoo.cc
Web: https://start.ufoo.cc
We will respond to your request within 30 days.
Last updated: May 18, 2026