Resourface ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application at resourface.app and related services (the "Service").
Please read this policy carefully. By using Resourface, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
Information You Provide
Account Information
When you create an account, we collect:
- Email address
- Authentication credentials (managed securely by our authentication provider)
- Any profile information you choose to provide
Your Content
Resourface is designed to store your notes and ideas. We collect:
- Text notes and content you create or save
- URLs you save (bookmarks, links within notes)
- Any other content you choose to upload
Communications
If you contact us for support or feedback, we collect:
- Your email address
- The content of your communications
Waitlist & Beta Access
If you join our waitlist or receive a beta invitation, we collect:
- Your email address
- Invitation redemption status
Information Collected Automatically
Context & Metadata
To improve your experience, we automatically capture:
- Timestamps when you save content
- Time-of-day context (e.g., "Sunday evening") for intelligent resurfacing
Technical Information
We collect standard technical data including:
- IP address
- Browser type and version
- Device information
- Error logs and diagnostic data (via Sentry)
Usage Data
We collect anonymized data about how you interact with the Service to improve functionality and user experience.
Information Generated by AI
Resourface uses artificial intelligence to help organize and resurface your content. Our AI systems generate:
- Topics and keywords extracted from your content
- Summaries of your notes (created on-demand)
- Connections between related items
- Deep analysis insights (rate-limited feature)
This AI-generated information is derived from your content and stored to provide the Service's core functionality.
2. How We Use Your Information
We use your information to:
Provide the Service
- Store and sync your notes and content
- Resurface forgotten content at contextually relevant times
- Generate AI-powered insights, summaries, and topic extraction
- Process and display URL metadata (titles, descriptions, images)
Improve the Service
- Understand usage patterns to improve features
- Debug issues and ensure reliability
- Develop new features based on user needs
Communicate With You
- Send beta invitations and important service updates
- Respond to support requests
- Notify you of significant changes to the Service
Maintain Security
- Detect and prevent fraud or abuse
- Protect against unauthorized access
3. AI Processing & Your Content
How AI Works in Resourface
Our AI features are powered by Anthropic's Claude models:
- Claude Haiku: Used for quick operations like topic extraction and summary generation
- Claude Sonnet: Used for deeper analysis (rate-limited to 10 per day per user)
When you use AI features, relevant portions of your content are processed by these models to generate insights.
Important AI Disclosures
- Your content is not used to train AI models. Your data is processed to provide features, not to improve third-party AI systems.
- AI-generated content (summaries, topics, insights) is derived from your own content and belongs to you.
- You can delete any AI-generated data by deleting the associated content.
URL Processing
When you save URLs or include links in notes, we may:
- Fetch publicly available metadata (title, description, image)
- Extract article text for summarization using standard readability algorithms
- Store this metadata to improve your experience
Fetched URL metadata may be cached and shared across users for the same URLs (e.g., the title of a news article).
4. Who Can Access Your Data
Our Commitment: We Don't Read Your Content
Your notes are yours. We do not read, review, or access the content of your notes for any purpose other than providing the Service.
Here's our commitment in plain terms:
- No human review: Resourface employees do not read your notes, ideas, or personal content. Ever.
- No content moderation: We don't scan your content for policy violations or objectionable material.
- No data mining: We don't analyze your content to build advertising profiles or sell insights.
- AI processing only: Your content is processed by AI systems solely to provide features you use (summaries, topics, resurfacing). This processing is automated—no human sees the output.
Internal Access Controls
Access to user data within Resourface is strictly limited:
| Who | What They Can Access | Why |
|---|---|---|
| You | All your content | It's yours |
| AI Systems | Content you choose to process | To generate summaries, topics, connections |
| Engineers (rare) | Encrypted database, anonymized logs | Only for debugging critical issues, with audit trails |
| No one else | — | — |
We maintain audit logs of any internal data access. Engineers cannot decrypt or view your content in plain text during normal operations.
The Honest Technical Reality
To be transparent: we do process your content to provide AI features. When you save a note, our systems may extract topics, generate summaries, or find related items. This requires your content to pass through our servers and AI providers.
However, we implement strong protections:
- Encryption at rest: Your content is encrypted in our database (AES-256)
- Encryption in transit: All data transmitted uses TLS 1.2+
- Strict access controls: Production data access requires justification and is logged
- AI provider agreements: Our AI providers (Anthropic) are contractually prohibited from using your data to train models
We cannot promise that no breach will ever occur—no one can. But we architect our systems to minimize both the risk of breaches and the exposure if one occurs.
5. How We Share Your Information
We do not sell your personal information.
We may share your information only in these circumstances:
Service Providers
We work with trusted third-party service providers who assist in operating our Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Clerk | Authentication | Email, login credentials |
| Turso | Database hosting | All user content (encrypted) |
| Anthropic | AI processing | Content snippets for AI features |
| Resend | Email delivery | Email addresses for transactional emails |
| Vercel | Web hosting | Technical/request data |
| Sentry | Error monitoring | Error logs, diagnostic data |
| Supadata | YouTube transcripts | YouTube URLs you save |
All service providers are bound by data processing agreements and are prohibited from using your data for their own purposes.
Legal Requirements
We may disclose your information if required to:
- Comply with applicable law or legal process
- Protect the rights, property, or safety of Resourface, our users, or others
- Enforce our Terms of Service
Business Transfers
If Resourface is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will:
- Notify you before your data is transferred to a new entity
- Give you the opportunity to delete your account and data before the transfer
- Ensure the new entity honors this Privacy Policy or provides equivalent protections
6. Data Retention
Your Content: We retain your notes and content for as long as your account is active. When you delete content, it is removed from our active systems.
Account Data: We retain account information for as long as your account exists. You can request account deletion at any time.
AI-Generated Data: Summaries, topics, and insights are deleted when you delete the associated content.
Cached URL Metadata: Publicly-fetched URL metadata may be retained in shared caches for performance.
Backups: Deleted data may persist in encrypted backups for a limited period for disaster recovery purposes.
7. Your Rights & Choices
Depending on your location, you may have the following rights:
Access & Portability
You can access your content at any time through the Service. We are working on data export features to allow you to download your data in a portable format.
Correction
You can edit or update your content directly within the Service.
Deletion
You can delete individual items or request complete account deletion. To delete your account, contact us at privacy@resourface.app.
Opt-Out
You can opt out of:
- Non-essential emails by using unsubscribe links
- AI features by not using AI-powered functionality (summaries, deep dives)
For EU/EEA/UK Residents (GDPR)
If you are located in the European Union, European Economic Area, or United Kingdom, you have additional rights including:
- Right to object to processing
- Right to restrict processing
- Right to lodge a complaint with a supervisory authority
For California Residents (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect
- Request deletion of your personal information
- Non-discrimination for exercising your rights
We do not sell or share personal information for targeted advertising.
Para Residentes de Chile (Ley 21.719)
Si resides en Chile, tienes los siguientes derechos bajo la Ley de Protección de Datos Personales:
- Acceso: Derecho a saber qué datos personales procesamos sobre ti
- Rectificación: Derecho a corregir datos inexactos o incompletos
- Cancelación/Supresión: Derecho a solicitar la eliminación de tus datos
- Oposición: Derecho a oponerte al procesamiento de tus datos
- Portabilidad: Derecho a recibir tus datos en un formato estructurado y transferible
- Bloqueo: Derecho a restringir temporalmente el procesamiento de tus datos
Para ejercer estos derechos, contáctanos en privacy@resourface.app con el asunto "Solicitud de Datos - Chile."
Resourface cumple con la Ley 21.719, incluyendo los principios de licitud, finalidad, proporcionalidad, calidad, responsabilidad, transparencia y confidencialidad.
8. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in Transit: All data transmitted to and from our Service uses TLS 1.2 or higher
- Encryption at Rest: Your content is encrypted in our database
- Access Controls: Strict access controls limit who can access user data
- Secure Authentication: Authentication is handled by Clerk, a security-focused auth provider
- Regular Security Reviews: We regularly review and update our security practices
While we strive to protect your information, no method of transmission or storage is 100% secure. If you have concerns about the security of your data, please contact us.
9. Children's Privacy
Resourface is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@resourface.app.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your own, including the United States, where our servers and service providers are located. These countries may have different data protection laws than your jurisdiction.
For EU/EEA/UK users, we ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where applicable.
For Chilean users, cross-border transfers comply with the mechanisms established under Law 21.719, including transfers to countries with adequate protection levels or based on appropriate safeguards.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Updating the "Last Updated" date at the top of this policy
- Sending an email notification for material changes
- Displaying a prominent notice within the Service
Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Email: privacy@resourface.app
For Data Protection Inquiries: If you wish to exercise your data rights or have concerns about how we handle your information, please email privacy@resourface.app with the subject line "Data Protection Request."