superbm
back to home
Privacy Policy

We don't sell
your data.
We don't share it.

Last updated · May 19, 2026

The short version. We collect what you save and what you do in SuperBM. We use it to give you the service you signed up for. We don't sell it. We don't share it with advertisers. The only time your saved content leaves your private account is when you choose to publish a collection using our share feature. You can export or delete everything, anytime, from your settings.

This policy explains what data SuperBM collects, how we use it, and — most importantly — who we don't give it to. We've tried to write it in plain English. If anything is unclear, email [email protected].

SuperBM is operated by [Company Legal Name]. In this policy, "we," "us," and "our" mean SuperBM. "You" means you.

01 — What we collect

Account information

Your email address, display name, and (if you signed in with Google) the avatar URL Google gives us. Your password, if you set one, is hashed by Supabase Auth — we never see or store the plaintext.

Content you save

The URLs you bookmark, the full content we extract from those URLs, the AI analysis we generate (summary, classification, validity score, BS flags, key insights, embeddings), your personal notes and star ratings, and the collections and tags you organize things into.

Connected social handles

If you connect your X, Threads, or Reddit handle, we store the handle so we can match incoming mentions of your handle and auto-save the linked content to your bookmarks.

Usage data

Which features you use, how often you search, error logs, and the time and rough geography of your sessions. We use this in aggregate to fix bugs and improve the product.

Payment data

If you subscribe to Pro or Team, payments are processed by Stripe. We see the billing email, country, and subscription status. We never see or store your card number — that lives only with Stripe.

02 — How we use it

  • To run the service: store your links, run them through the AI pipeline, return search results.
  • To send transactional email: confirmations, password resets, billing receipts, and notifications about your shared collections.
  • To improve the product in aggregate — never tying behavioral data back to identifiable individuals in any product-decision report.
  • To enforce our Terms of Service and prevent abuse.

03 — What we never do

  • We never sell your data. Not to advertisers, not to brokers, not to anyone.
  • We never share your saved content with advertisers. SuperBM does not run advertising.
  • We never share your saved content with anyone outside the service-delivery context — unless you use the share feature to do so.
  • We never use your private bookmarks to train AI models — ours or anyone else's.

04 — Subprocessors

To deliver SuperBM, we use a small number of third-party services. These services process your data on our behalf, under contractual obligations limiting what they can do with it. They cannot use your data for their own purposes.

  • Supabase — database, authentication, and file storage. Hosts your account and bookmark data.
  • OpenAI (via OpenRouter) — runs the language model that generates summaries, classifications, validity scores, BS flags, and embeddings for each link you save. OpenAI's API terms specify that data submitted via their API is not used to train their models.
  • Railway — hosts our application servers.
  • [Email provider — e.g. Resend or SendGrid] — delivers transactional email.
  • Stripe — processes payments for Pro and Team subscriptions.
  • Cloudflare — handles DNS and DDoS protection in front of our servers.

If we add or change a subprocessor, we'll update this list. If a change is material (e.g. a new AI provider), we'll notify users by email at least 14 days in advance.

05 — The share feature

SuperBM lets you publish a collection of bookmarks at a public URL. This is the only mechanism by which your saved content can become accessible to anyone other than you.

  • When you share a collection, anyone with the link can view its contents and the AI analysis for each bookmark.
  • You choose whether to include your personal notes and ratings in the shared view.
  • You can revoke the link at any time from the collection's settings. Once revoked, the collection is private again and the URL no longer resolves.
  • We count how many times a shared link is viewed, in aggregate, and show you that number.

Outside of shared collections, your bookmarks are visible only to you and to SuperBM administrators when acting in their service-delivery role (e.g., investigating a bug you've reported).

06 — Your rights

  • Access. See everything we have on you, anytime, from your settings page.
  • Export. Download all your data — bookmarks, notes, analyses, collections — as JSON, anytime.
  • Delete. Delete individual bookmarks, collections, or your entire account. Account deletion is permanent and irreversible. After deletion, your data is removed from our active database immediately and from backups within 30 days.
  • Correct. Edit any account information or saved content at any time.
  • Object / restrict. If you're in the EU, UK, or California, you have additional rights under GDPR, UK GDPR, or CCPA. Email [email protected] to exercise any of them.

07 — Security

  • Passwords are hashed using industry-standard algorithms (handled by Supabase Auth).
  • All connections to our servers use HTTPS / TLS.
  • Data at rest in our database is encrypted.
  • Access to production systems is limited to a small number of authorized engineers and protected by multi-factor authentication.

No system is perfectly secure. If we experience a breach that affects you, we'll notify you within the timeframes required by applicable law (typically 72 hours under GDPR).

08 — Cookies and tracking

  • Essential cookies. We use a small number of cookies to keep you logged in. These can't be disabled — they're how login works.
  • Analytics. We use a privacy-friendly analytics service ([Plausible / Fathom — to be confirmed]) to count page views in aggregate. It does not set tracking cookies and does not identify individual users.
  • What we don't use. We don't run Google Analytics. We don't run Facebook Pixel. We don't run cross-site advertising trackers. We don't fingerprint you.

09 — Children

SuperBM is not directed to children under 13 (or under 16 in the EU). We don't knowingly collect personal data from anyone under those ages. If you believe a child has provided us with personal information, contact us and we'll delete the account.

10 — International data transfers

Our servers are located in [server region]. If you use SuperBM from outside that region, your data will be transferred to and processed there. Where required, we rely on Standard Contractual Clauses (or equivalent transfer mechanisms) to protect that data.

11 — Changes to this policy

If we update this policy in a way that materially changes how we treat your data, we'll post the new version here, update the "Last updated" date above, and email registered users at least 14 days before the change takes effect. Continued use of SuperBM after that date constitutes acceptance.

12 — Contact

Privacy questions, data requests, or anything that doesn't fit elsewhere: [email protected]. We aim to respond within 5 business days.