Privacy

keepthis.site is a personal bookmark manager. The whole product is designed to keep your reading list on your machine and out of any database we control. This page spells out exactly what data each piece of it touches.

The desktop app

The Mac app stores every pin in a local SQLite database under ~/Library/Application Support/kts.app/. It does not report telemetry, does not phone home for crash reports, and does not embed any third-party analytics or advertising SDK.

To capture page previews it spawns a headless Chromium that you either downloaded yourself from Settings or already had installed. That Chromium fetches each saved URL once — direct from the origin, with the same User-Agent string a normal browser would send. No image proxy or scraping service is involved.

The browser extension

The extension's only job is "save the current tab". When you click the toolbar button or pick the entry from a context menu, the extension reads:

• the URL of the active tab,
• its document title,
• any text you type into the popup (tags, a comment).

It then POSTs that JSON to http://127.0.0.1:43215/, which is the local HTTP endpoint the desktop app exposes only on loopback. The bytes never leave your machine. The extension does not read tab content, does not run on any page (no content scripts), and the manifest's only host permission is the localhost endpoint above.

Sync (optional)

If you turn on sync, your devices talk directly to each other, peer-to-peer — there is no account, no sign-up, no email, and no server we run that holds your data. A passphrase you choose derives the encryption keys entirely on your device; every change is end-to-end encrypted with those keys before it leaves the device, and only your own devices (which share the passphrase) can decrypt it. We never see your bookmarks or your passphrase. If you lose the passphrase, the data is unrecoverable — by design.

The peer-to-peer transport uses public relay servers (operated by the iroh project) only to help your devices find and reach each other when a direct connection isn't possible. Those relays forward the same end-to-end-encrypted bytes; they cannot read them.

Cookies, tracking, analytics

None. Neither this website, the extension, nor the desktop app sets cookies for analytics, runs first- or third- party tracking, or sends pings to ad networks. The only HTTP requests this site makes from your browser are for the page you asked for, the favicons, and Google Fonts (Geist / Geist Mono).

Data deletion

All your data is local. To delete it, remove the app's data (delete the app, or its database under ~/Library/Application Support/kts.app/ on macOS), and sign out of sync (Settings → sign out) to clear the derived keys from the device's secret store. There is no server-side account to delete — we hold nothing.

Contact

Questions, concerns, takedown requests — write to [email protected].

last updated

2026-06-07

jurisdiction

Spain (GDPR applies)

data controller

José Galisteo