Legal
Privacy Policy
Last updated: June 24, 2026
Product: Cyclone — cross-platform link saver (browser extension, mobile, and desktop apps)
1. Summary
Cyclone lets you save links from your browser, phone, and desktop, organize them into collections with tags and notes, and sync them across your devices. To do this we store the links and notes you create, manage your account, and generate preview images and short AI-written summaries of the pages you save.
We collect only what is needed to provide the service. We do not sell your personal data, and we do not use it for advertising.
Because the browser extension can read the page you are viewing in order to save it, the Firefox listing declares the following data-collection categories:
- Browsing activity — the URLs you choose to save.
- Website content — content of pages you save, fetched to build previews and summaries.
- Authentication information — your sign-in session.
- Personally identifying information — your account email and (for social sign-in) profile.
Details are below.
2. Who is responsible for your data
Cyclone Apps is the data controller for personal data processed through Cyclone. For questions or requests, contact us at cyclone@proton.me.
3. What data we collect
3.1 Account data
When you create an account we process, via our authentication provider (Supabase Auth):
- Email address and password (passwords are hashed by the provider; we never store them in plain text); or
- If you sign in with Google or GitHub (OAuth), the basic profile your provider returns — typically name, email address, and avatar URL.
3.2 Content you create ("Saved Links")
When you save or edit a link, we store:
- The link URL and our normalized form of it.
- Title and description (entered by you or fetched from the page).
- Tags, notes, and the collection it belongs to.
- Collection names and descriptions you create.
- Timestamps and a client-generated identifier for each record.
3.3 Data derived from the pages you save
After you save a link, our background services fetch the target page to enrich it:
- Preview image — we retrieve the page's Open Graph/preview image, or capture a screenshot of the page if no preview image exists, and store the image file.
- Page text & summary — we extract readable text from the page, generate a short semantic description using an AI text model, and create a numeric vector embedding of that text to power search.
The original full page HTML is not retained as a stored document; we keep the preview image, the extracted/summarized metadata, and the embedding.
3.4 Browser extension access
To let you save the page you are on, the extension uses browser permissions (activeTab,
tabs, contextMenus, storage, identity). It accesses a tab's URL and content only in
connection with a save action you initiate. It does not run continuous background tracking
of your browsing.
3.5 Data stored on your device
Cyclone is offline-first. Your links and your authentication session are cached locally on each device (browser extension storage, mobile secure storage, and IndexedDB on web/desktop) so the app works without a network connection.
3.6 What we do not collect
We do not intentionally collect advertising identifiers, precise geolocation, or analytics profiles for ad targeting. We do not sell personal data.
4. How we use your data
| Purpose | Data used |
|---|---|
| Provide core features (save, organize, sync) | Account data, Saved Links |
| Authenticate you and keep you signed in | Account data, session tokens |
| Generate previews and AI summaries | Saved URLs, fetched page content |
| Power search across your library | Summaries and vector embeddings |
| Sync your library across your devices | Saved Links, account identifier |
| Keep the service secure and debug issues | Technical/session data |
| Comply with legal obligations | As required by law |
Legal bases (GDPR/UK GDPR, where applicable)
- Performance of a contract — to provide the service you sign up for.
- Legitimate interests — to secure, maintain, and improve the service.
- Consent — where required (e.g. optional features); you may withdraw it at any time.
- Legal obligation — to comply with applicable law.
5. Where your data is stored and who processes it
Cyclone relies on the following third-party "sub-processors". Each only processes data to provide its part of the service:
| Sub-processor | Role | Data handled |
|---|---|---|
| Supabase | Authentication and primary database | Account data, Saved Links metadata |
| Cloudflare | Background workers, object storage (R2), vector index, AI inference, headless rendering | Page URLs/content, preview images, summaries, embeddings |
| Vercel | Hosting for the web application | Requests to the web app |
| Google / GitHub | OAuth sign-in (only if you choose social login) | Your profile data from that provider |
| Mozilla Add-ons / Chrome Web Store | App distribution | Store-side install/usage data per their policies |
Cyclone is operated from the United States, and your data is stored and processed in US data centers (for example, AWS us-east-1) by us and our sub-processors. If you access Cyclone from outside the United States, your data will be transferred to and processed in the United States.
6. Sharing and disclosure
We do not sell your personal data. We disclose data only:
- to the sub-processors listed above, to operate the service;
- when required by law, subpoena, or to protect rights, safety, and security;
- in connection with a merger, acquisition, or asset sale, subject to this policy.
7. Data retention
- Account and Saved Links — retained while your account is active.
- Preview images, summaries, embeddings — retained while the related link exists.
- Local device cache — retained until you sign out, clear app data, or uninstall.
- When you delete a link or your account, the associated records are deleted from our primary store; derived artifacts (preview images, embeddings) are deleted on the same basis. Backups and provider-side logs may persist for a limited period before rotation.
8. Your rights
Depending on where you live, you may have the right to:
- access, correct, or delete your personal data;
- export/port your data;
- object to or restrict certain processing;
- withdraw consent; and
- lodge a complaint with a supervisory authority.
To exercise these rights, contact cyclone@proton.me. You can also delete individual links, collections, or your entire account from within the app.
9. Security
We use authentication, row-level access controls so users can only access their own records, encrypted transport (HTTPS/TLS), and server-side secrets that are never shipped to client apps. No system is perfectly secure; we cannot guarantee absolute security.
10. Children's privacy
Cyclone is not directed to children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.
11. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by the "Last updated" date and, where appropriate, in-app notice. Continued use after changes take effect constitutes acceptance.
12. Contact
Cyclone Apps cyclone@proton.me