Privacy Policy

Last updated: April 6, 2026

Opslan ("we", "us") is a bookmark manager. This policy applies to the Opslan service as a whole — the native macOS and iOS apps, the website, and the browser extensions for Chrome, Firefox, Edge, and Safari. It explains what data we collect, why, and what we do with it. We've tried to keep it short and honest.

What we collect

Account information. When you sign up, we collect your name, email address, and a password (stored hashed using industry-standard algorithms — we never see or store it in plain text). You can optionally add a profile picture.

Session data. When you sign in, we create a session and record the IP address and user agent of the device that signed in. This is used to secure your account, detect suspicious activity, and let you sign out other devices.

Bookmarks you save. When you save a bookmark, we store the URL along with metadata extracted from the page: title, description, preview image, favicon, site name, and a plain-text version of the page content. We may also generate a short AI summary and tags for the bookmark. For some pages we capture a screenshot. We only do this for bookmarks you explicitly choose to save — we do not track your browsing history.

Photos you upload. You can save a photo directly as a bookmark from the apps. The image is stored in our object storage and tied to your account.

Collections, notes, and organization. Any collections, tags, or notes you create to organize your bookmarks.

Cached media. Preview images, favicons, and screenshots are stored in our object storage so the app loads quickly and works offline. They are tied to the bookmarks you saved.

Technical logs. Our servers keep short-lived request logs (IP address, user agent, timestamp) for security and debugging. These are rotated automatically.

Cookies. When you sign in to the website, we set a single session cookie that keeps you signed in. We do not use tracking, advertising, or analytics cookies. The browser extensions and native apps do not use cookies — they store a session token locally instead.

What we do not collect

• We do not track your browsing history. Only URLs you explicitly save.
• We do not collect precise location (GPS, device sensors). IP addresses recorded with sessions may reveal approximate location.
• We do not collect contacts, health data, or financial data.
• We do not use third-party analytics or advertising trackers.
• We do not fingerprint your device.
• The browser extension only reads page content when you explicitly save a bookmark.

How we use your data

• To provide the service: storing your bookmarks, syncing them across your devices, and letting you search and organize them.
• To enrich your bookmarks with previews, summaries, and tags.
• To authenticate you and keep your account secure.
• To respond to support requests.

We do not sell your data, use it to build advertising profiles, or share it with data brokers. We do not use your content to train machine learning models.

Browser extension

The Opslan browser extension is the quickest way to save a page from any browser. We've designed it to do as little as possible:

• The extension only talks to api.opslan.com. It does not contact any third-party services.
• Your authentication token is stored locally in your browser's extension storage so you stay signed in. It is never shared with any other website or with us beyond the API calls you initiate.
• The extension's content script runs on web pages but does nothing until you explicitly open the popup or use the keyboard shortcut to save. It does not monitor your browsing, log keystrokes, or send anything in the background.
• When you save a page, the extension reads the current page's title, description, preview image, favicon, and site name, and sends them to Opslan along with the URL. That's the only data the extension transmits.

How bookmark enrichment works

When you save a bookmark, our servers fetch the page on your behalf to extract metadata, generate a preview, and (for some pages) produce a short AI summary using Cloudflare Workers AI. For certain types of links, we may also call public APIs (such as YouTube, TMDB, or web search) to fetch additional metadata about the linked content. These third-party calls send only the URL or title — never your account information.

Sharing

We do not sell, rent, or share your personal data with third parties for their own purposes. We use a small number of infrastructure providers to operate the service:

• Cloudflare — hosting, database (D1), object storage (R2), Workers AI, and content delivery.

These providers process data on our behalf under their own security and privacy commitments.

We will only disclose data when legally required to do so (e.g., a valid court order), and we will push back on overly broad requests.

Legal basis for processing

If you are in the EU, UK, or another GDPR jurisdiction, the legal bases on which we process your personal data are:

• Performance of a contract — to provide the Opslan service you signed up for (storing and syncing your bookmarks, authenticating you, etc.).
• Legitimate interests — to keep the service secure, prevent abuse, and improve reliability.
• Legal obligation — where we are required by law to retain or disclose specific information.
• Consent — where you've explicitly opted in to something (for example, joining the waitlist).

International data transfers

Opslan runs on Cloudflare, which operates a global network. This means your data may be processed in datacenters outside your country, including outside the European Economic Area. Cloudflare relies on Standard Contractual Clauses (SCCs) approved by the European Commission as the safeguard for these transfers. We do not transfer your data to any other country or third party except as described in this policy.

Data retention

We keep your data for as long as your account is active. If you delete a bookmark, it is removed from our database, and any cached media for it is removed shortly after. If you delete your account, all of your data is removed from our systems. Backups are rotated regularly and any residual copies are overwritten as part of the normal backup cycle.

Your rights

You can:

• Access your data — everything you've saved is visible in the app.
• Export your data — contact us and we'll send you a complete export.
• Delete your data — delete bookmarks individually, or delete your entire account.
• Correct your data — edit any bookmark, collection, or profile field at any time.

If you're in the EU, UK, or California, you have additional rights under GDPR / CCPA, including the right to lodge a complaint with a supervisory authority.

Security

Passwords are hashed using industry-standard algorithms. All traffic between your devices and our servers is encrypted with TLS. Session tokens are stored locally on your device and scoped to your account.

No system is perfectly secure, but we treat your data with care and follow standard security practices. If a security incident affects your personal data, we will notify you and the relevant supervisory authorities as required by applicable law, without undue delay.

Children

Opslan is not directed at children under 16 and we do not knowingly collect data from them.

Changes to this policy

If we make material changes, we'll update the "Last updated" date and notify you in the app or by email. Continued use of Opslan after a change means you accept the updated policy.

Contact

Questions? Email privacy@opslan.com.