Privacy & Security
BookmarkHub takes your privacy very seriously. Our core design philosophy is: Your data is entirely under your control.
Core Privacy Principles
Section titled “Core Privacy Principles”1. Zero Transit Servers
Section titled “1. Zero Transit Servers”BookmarkHub does not operate any centralized backend servers to store your bookmarks, account information, or synchronization records. All synchronization operations occur directly between your browser and the cloud storage you configure (e.g., GitHub Gist, Gitee, WebDAV, OneDrive, Google Drive).
2. Data Ownership
Section titled “2. Data Ownership”Your bookmark data is stored within your own accounts (such as your GitHub Gist repository or your private WebDAV server). This means:
- We cannot view, collect, or analyze your bookmarks.
- We cannot sell or share any of your information with third parties.
- You can completely delete your data at any time without our permission.
3. Local First
Section titled “3. Local First”All configuration details (such as API Tokens and storage paths) are stored locally in your browser’s local storage. Necessary authentication information is sent only to your designated storage provider during a synchronization operation.
Permissions Explained
Section titled “Permissions Explained”To enable bookmark synchronization, BookmarkHub requests the following permissions. We strictly adhere to the Principle of Least Privilege:
| Permission | Purpose |
|---|---|
| Bookmarks | Read and write browser bookmarks—the core of the synchronization feature. |
| Storage | Save your sync configurations (e.g., Gist ID, WebDAV address) locally. |
| Notifications | Send you alerts for sync successes, failures, or version updates. |
| Website Access | Communicate with your configured storage interfaces. Includes preset domains (e.g., GitHub, Gitee) and your custom WebDAV addresses. |
Detailed Website Access Permissions
Section titled “Detailed Website Access Permissions”To ensure seamless synchronization across providers, BookmarkHub requests access to the following domains:
- GitHub (
*.github.com,*.githubusercontent.com): For syncing bookmarks to GitHub repositories and Gists. - Gitee (
gitee.com): For syncing bookmarks to Gitee repositories. - Google (
*.googleapis.com): For syncing bookmarks to Google Drive. - Microsoft (
*.microsoft.com): For syncing bookmarks to OneDrive. - GitLab (
gitlab.com): For syncing bookmarks to GitLab repositories. - Memoload (
*.memoload.com): For connections to the official website. - Sentry (
*.sentry.io): For collecting runtime error logs to help us fix bugs (does not include your bookmark content). This can be disabled in settings.
Dynamic Permission Requests (WebDAV/Custom URLs)
Section titled “Dynamic Permission Requests (WebDAV/Custom URLs)”If you use WebDAV, MinIO, or other self-hosted storage services, BookmarkHub cannot preset permissions for every possible domain.
Due to browser security restrictions, when you enter a custom address in the settings and authorize it, the browser will prompt: “Request to access data on this website.”
- This is normal: Please click “Allow”; otherwise, the extension cannot upload bookmarks to your private server.
- Scope: This permission is used exclusively for the synchronization tasks you assign and nothing else.
Security Best Practices
Section titled “Security Best Practices”Secure Token Storage
Section titled “Secure Token Storage”Your access tokens (e.g., GitHub Personal Access Tokens) are encrypted and stored in your browser’s local storage. Nevertheless, we recommend the following:
- Rotate Tokens Regularly: Periodically update your cloud storage access tokens.
- Minimize Scope: Assign only the minimum necessary permissions to your tokens (e.g., a token for GitHub Gist only needs the
gistpermission).
Contact Us
Section titled “Contact Us”If you have any questions about privacy or security, please contact us via email at [email protected] or through GitHub Issues.