Legal

Privacy Policy

SavedIt respects your privacy and is committed to protecting your data. This policy explains, in plain language, what information we collect, how we use it, and the choices you have.

Last updated: July 2026

Information We Collect

1

When you create an account or interact with SavedIt, we collect: • Your name, email address, and profile photo (if signing in via Google). • Any additional details you choose to add to your profile (e.g., username, interests, collections, or reminders). 👉 We do not collect sensitive personal data (e.g., financial, biometric, or government identification information).

Google Sign-In & API Data

4

When you sign in with Google, SavedIt requests the following OAuth scopes with your consent: • openid (ID token) • email (email address) • profile (name and profile image) We also request offline access to obtain a refresh token for continued authentication when you reopen the app.

Through Google's userinfo service, we obtain: • Unique Google identifier (sub) • Name and display name • Email address • Profile image URL 👉 We do not access or store restricted Google data (such as Gmail, Drive, or Calendar) without explicit user consent.

• To authenticate you and create your SavedIt account. • To show your name and profile picture inside the app. • To send essential account-related notifications (e.g., sign-in confirmations or account deletion alerts). • To improve user experience and maintain security. 👉 We do not use Google data for ads, tracking, or resale.

• We store your name, email, and profile image URL in our Supabase database. • We do NOT store Google access or refresh tokens. Instead, these are exchanged server-side for a Supabase session. • Authentication sessions are persisted by the Supabase client using secure app storage. • On iOS, we use the system Keychain (with an App Group) for secure access between the main app and Share Extension. • In development mode (Expo Go), secure fallback storage is used. • All communication with Google and Supabase is encrypted in transit (TLS) and at rest.

AI Assistants & MCP

1

Connecting SavedIt to an AI assistant such as ChatGPT is optional and requires your explicit authorization. When connected, the assistant may send your requests and tool inputs to SavedIt and receive the minimum SavedIt data needed to complete them, such as saved-item IDs, URLs, titles, notes, tags, creator or provider details, thumbnails, collections, and created or updated dates. SavedIt uses OAuth and stores only hashed, opaque connection tokens and related refresh metadata. You can revoke a connection from SavedIt. The AI provider handles conversation and tool data under your account settings, plan, and its own privacy terms. SavedIt does not sell this data or use it for advertising.

Other Information

1

When you use the app, we may collect non-identifiable data such as: • Device type and OS version • App performance metrics and crash reports 👉 This information helps us debug and improve SavedIt. We do not use cookies or analytics tracking for advertising.

Data Sharing

2

We work with trusted providers to operate SavedIt: • Supabase (database, authentication, storage) • Vercel (web hosting and serverless infrastructure) • OpenAI (only when you choose to connect SavedIt to ChatGPT) 👉 These partners process data only to provide the functionality you request and under their applicable privacy terms.

• We do not sell or rent your personal data. • During sign-in, our server calls Google's userinfo endpoint solely to verify your identity and fetch basic profile information. • We only share limited data with verified subprocessors under data-processing agreements.

Your Rights & Deletion

2

• We retain your Google-derived account data while your SavedIt account is active. • You can delete your account at any time via the app's Settings. • Once deleted, all associated data (including Google-linked identifiers) is permanently removed within 30 days. • Currently, SavedIt does not support unlinking a Google account without deleting the SavedIt account. 👉 Exceptions: Data may be retained where required by law or for security/anti-abuse reasons.

You have the right to: • Access and correct your personal data • Request deletion of your account and all data • Withdraw your consent for Google Sign-In at any time via https://myaccount.google.com/permissions

Security

2

• We implement industry-standard encryption for all data in transit and at rest. • Access to your data is restricted to authorized systems and staff. • We audit our systems regularly to detect unauthorized access or disclosure. 👉 No online service is 100% secure, but we use strong measures to protect your information.

If you have any questions about this Privacy Policy or how we handle Google user data, please contact us at: 📧 contact.savedit@gmail.com