Privacy Policy

Last Updated: January 7, 2026

Resourface ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application at resourface.app and related services (the "Service").

Please read this policy carefully. By using Resourface, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Information You Provide

Account Information

When you create an account, we collect:

  • Email address
  • Authentication credentials (managed securely by our authentication provider)
  • Any profile information you choose to provide

Your Content

Resourface is designed to store your notes and ideas. We collect:

  • Text notes and content you create or save
  • URLs you save (bookmarks, links within notes)
  • Any other content you choose to upload

Communications

If you contact us for support or feedback, we collect:

  • Your email address
  • The content of your communications

Waitlist & Beta Access

If you join our waitlist or receive a beta invitation, we collect:

  • Your email address
  • Invitation redemption status

Information Collected Automatically

Context & Metadata

To improve your experience, we automatically capture:

  • Timestamps when you save content
  • Time-of-day context (e.g., "Sunday evening") for intelligent resurfacing

Technical Information

We collect standard technical data including:

  • IP address
  • Browser type and version
  • Device information
  • Error logs and diagnostic data (via Sentry)

Usage Data

We collect anonymized data about how you interact with the Service to improve functionality and user experience.

Information Generated by AI

Resourface uses artificial intelligence to help organize and resurface your content. Our AI systems generate:

  • Topics and keywords extracted from your content
  • Summaries of your notes (created on-demand)
  • Connections between related items
  • Deep analysis insights (rate-limited feature)

This AI-generated information is derived from your content and stored to provide the Service's core functionality.

2. How We Use Your Information

We use your information to:

Provide the Service

  • Store and sync your notes and content
  • Resurface forgotten content at contextually relevant times
  • Generate AI-powered insights, summaries, and topic extraction
  • Process and display URL metadata (titles, descriptions, images)

Improve the Service

  • Understand usage patterns to improve features
  • Debug issues and ensure reliability
  • Develop new features based on user needs

Communicate With You

  • Send beta invitations and important service updates
  • Respond to support requests
  • Notify you of significant changes to the Service

Maintain Security

  • Detect and prevent fraud or abuse
  • Protect against unauthorized access

3. AI Processing & Your Content

How AI Works in Resourface

Our AI features are powered by Anthropic's Claude models:

  • Claude Haiku: Used for quick operations like topic extraction and summary generation
  • Claude Sonnet: Used for deeper analysis (rate-limited to 10 per day per user)

When you use AI features, relevant portions of your content are processed by these models to generate insights.

Important AI Disclosures

  • Your content is not used to train AI models. Your data is processed to provide features, not to improve third-party AI systems.
  • AI-generated content (summaries, topics, insights) is derived from your own content and belongs to you.
  • You can delete any AI-generated data by deleting the associated content.

URL Processing

When you save URLs or include links in notes, we may:

  • Fetch publicly available metadata (title, description, image)
  • Extract article text for summarization using standard readability algorithms
  • Store this metadata to improve your experience

Fetched URL metadata may be cached and shared across users for the same URLs (e.g., the title of a news article).

4. Who Can Access Your Data

Our Commitment: We Don't Read Your Content

Your notes are yours. We do not read, review, or access the content of your notes for any purpose other than providing the Service.

Here's our commitment in plain terms:

  • No human review: Resourface employees do not read your notes, ideas, or personal content. Ever.
  • No content moderation: We don't scan your content for policy violations or objectionable material.
  • No data mining: We don't analyze your content to build advertising profiles or sell insights.
  • AI processing only: Your content is processed by AI systems solely to provide features you use (summaries, topics, resurfacing). This processing is automated—no human sees the output.

Internal Access Controls

Access to user data within Resourface is strictly limited:

WhoWhat They Can AccessWhy
YouAll your contentIt's yours
AI SystemsContent you choose to processTo generate summaries, topics, connections
Engineers (rare)Encrypted database, anonymized logsOnly for debugging critical issues, with audit trails
No one else

We maintain audit logs of any internal data access. Engineers cannot decrypt or view your content in plain text during normal operations.

The Honest Technical Reality

To be transparent: we do process your content to provide AI features. When you save a note, our systems may extract topics, generate summaries, or find related items. This requires your content to pass through our servers and AI providers.

However, we implement strong protections:

  • Encryption at rest: Your content is encrypted in our database (AES-256)
  • Encryption in transit: All data transmitted uses TLS 1.2+
  • Strict access controls: Production data access requires justification and is logged
  • AI provider agreements: Our AI providers (Anthropic) are contractually prohibited from using your data to train models

We cannot promise that no breach will ever occur—no one can. But we architect our systems to minimize both the risk of breaches and the exposure if one occurs.

5. How We Share Your Information

We do not sell your personal information.

We may share your information only in these circumstances:

Service Providers

We work with trusted third-party service providers who assist in operating our Service:

ProviderPurposeData Shared
ClerkAuthenticationEmail, login credentials
TursoDatabase hostingAll user content (encrypted)
AnthropicAI processingContent snippets for AI features
ResendEmail deliveryEmail addresses for transactional emails
VercelWeb hostingTechnical/request data
SentryError monitoringError logs, diagnostic data
SupadataYouTube transcriptsYouTube URLs you save

All service providers are bound by data processing agreements and are prohibited from using your data for their own purposes.

Legal Requirements

We may disclose your information if required to:

  • Comply with applicable law or legal process
  • Protect the rights, property, or safety of Resourface, our users, or others
  • Enforce our Terms of Service

Business Transfers

If Resourface is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will:

  • Notify you before your data is transferred to a new entity
  • Give you the opportunity to delete your account and data before the transfer
  • Ensure the new entity honors this Privacy Policy or provides equivalent protections

6. Data Retention

Your Content: We retain your notes and content for as long as your account is active. When you delete content, it is removed from our active systems.

Account Data: We retain account information for as long as your account exists. You can request account deletion at any time.

AI-Generated Data: Summaries, topics, and insights are deleted when you delete the associated content.

Cached URL Metadata: Publicly-fetched URL metadata may be retained in shared caches for performance.

Backups: Deleted data may persist in encrypted backups for a limited period for disaster recovery purposes.

7. Your Rights & Choices

Depending on your location, you may have the following rights:

Access & Portability

You can access your content at any time through the Service. We are working on data export features to allow you to download your data in a portable format.

Correction

You can edit or update your content directly within the Service.

Deletion

You can delete individual items or request complete account deletion. To delete your account, contact us at privacy@resourface.app.

Opt-Out

You can opt out of:

  • Non-essential emails by using unsubscribe links
  • AI features by not using AI-powered functionality (summaries, deep dives)

For EU/EEA/UK Residents (GDPR)

If you are located in the European Union, European Economic Area, or United Kingdom, you have additional rights including:

  • Right to object to processing
  • Right to restrict processing
  • Right to lodge a complaint with a supervisory authority

For California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect
  • Request deletion of your personal information
  • Non-discrimination for exercising your rights

We do not sell or share personal information for targeted advertising.

Para Residentes de Chile (Ley 21.719)

Si resides en Chile, tienes los siguientes derechos bajo la Ley de Protección de Datos Personales:

  • Acceso: Derecho a saber qué datos personales procesamos sobre ti
  • Rectificación: Derecho a corregir datos inexactos o incompletos
  • Cancelación/Supresión: Derecho a solicitar la eliminación de tus datos
  • Oposición: Derecho a oponerte al procesamiento de tus datos
  • Portabilidad: Derecho a recibir tus datos en un formato estructurado y transferible
  • Bloqueo: Derecho a restringir temporalmente el procesamiento de tus datos

Para ejercer estos derechos, contáctanos en privacy@resourface.app con el asunto "Solicitud de Datos - Chile."

Resourface cumple con la Ley 21.719, incluyendo los principios de licitud, finalidad, proporcionalidad, calidad, responsabilidad, transparencia y confidencialidad.

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in Transit: All data transmitted to and from our Service uses TLS 1.2 or higher
  • Encryption at Rest: Your content is encrypted in our database
  • Access Controls: Strict access controls limit who can access user data
  • Secure Authentication: Authentication is handled by Clerk, a security-focused auth provider
  • Regular Security Reviews: We regularly review and update our security practices

While we strive to protect your information, no method of transmission or storage is 100% secure. If you have concerns about the security of your data, please contact us.

9. Children's Privacy

Resourface is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@resourface.app.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States, where our servers and service providers are located. These countries may have different data protection laws than your jurisdiction.

For EU/EEA/UK users, we ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where applicable.

For Chilean users, cross-border transfers comply with the mechanisms established under Law 21.719, including transfers to countries with adequate protection levels or based on appropriate safeguards.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Updating the "Last Updated" date at the top of this policy
  • Sending an email notification for material changes
  • Displaying a prominent notice within the Service

Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@resourface.app

For Data Protection Inquiries: If you wish to exercise your data rights or have concerns about how we handle your information, please email privacy@resourface.app with the subject line "Data Protection Request."