Privacy Policy

Effective date: July 15, 2026

This policy explains what data TrendMark (“we”, “the Service”) collects, how it is used, and the choices you have. The short version: your conversations never leave your browser, your bookmarks live on your device, and we collect only what is needed to run your account and billing.

1. Chat Exports Stay in Your Browser

When you drop a chat export file into TrendMark, it is parsed entirely in your browser by a client-side extraction engine. Only the URLs found in the file — and the single line of text each URL appeared on — are kept. The file itself, message bodies, names, and contacts are never uploaded, transmitted, or stored anywhere.

2. Bookmarks Are Stored on Your Device

Your bookmarks and folders are stored in your browser’s localStorage under per-account keys, not in our database. Clearing browser data on a device removes the bookmarks stored on that device.

3. Information We Collect

  • Account data. When you sign in with Google we receive your email address, display name, and avatar URL, stored via Supabase authentication.
  • Profile data. Optional details you provide in Settings (occupation, gender) used to personalize Pro recommendations.
  • Subscription data. Your plan tier, trial deadline, and Polar customer and subscription identifiers. Card numbers and payment credentials are handled exclusively by Polar, our payment processor, and never reach our servers.

4. Thumbnails

To show cover images, our server fetches the public preview image (such as the “og:image”) of pages you bookmark and caches it on Cloudflare R2. Only the page URL is used for this; nothing about your identity is sent to the bookmarked site.

5. AI Processing

For the Pro Discovery feature, a compact digest of your saved bookmarks (titles, tags, and domains — never chat content) and your optional profile details are sent to Google’s Gemini API to generate site recommendations. This data is not used by us to train models.

6. Cookies and Local Storage

We use browser storage for your sign-in session (Supabase tokens), your theme and interface preferences, and your bookmarks as described above. We do not use advertising or cross-site tracking cookies.

7. Service Providers

We rely on the following processors to operate the Service:

  • Supabase — authentication and account database
  • Polar — payment processing (merchant of record)
  • Vercel — application hosting
  • Cloudflare — thumbnail image caching (R2)
  • Google — sign-in (OAuth) and Gemini API for recommendations

8. Data Retention and Deletion

Account and profile data are kept while your account exists. To delete your account and its server-side data, contact us at the address below; billing records held by Polar are retained as required for tax and accounting purposes. Bookmarks stored in your browser are under your direct control at all times.

9. Security

All traffic is encrypted in transit (HTTPS). Database access is protected with row-level security so each account can only read its own rows. Secrets and API keys are stored in server-side environment configuration, never in client code.

10. Children

The Service is not directed at children under 13, and we do not knowingly collect personal information from them.

11. Changes

We will post any changes to this policy on this page with a new effective date. Material changes will be highlighted on the site.

12. Contact

Privacy questions or deletion requests: novemberninepro@gmail.com