ResurfX Privacy Policy

Effective date: May 18, 2026

Last updated: June 2, 2026

This Privacy Policy describes how ResurfX (“ResurfX,” “we,” “us,” or “our”) collects, uses, stores, and shares information when you use the ResurfX iOS application, home screen widget (together, the “App”), and optional ResurfX Chrome extension for bookmark sync (the “Extension,” together with the App, our “Services”).

By using the Services, you agree to this Privacy Policy. If you do not agree, do not use the Services.

For questions or requests about your privacy, contact us at our support page.

1. What ResurfX Does

ResurfX connects to your X (formerly Twitter) account so we can fetch your bookmarks and help you revisit them in the App and on an iPhone home screen widget. Pro subscribers may optionally use the ResurfX Chrome extension to import a larger bookmark library from x.com while logged in on a computer. The App may also offer optional paid features through an in-app subscription.

We do not sell your personal information. We do not use third-party advertising SDKs in the App or Extension. We use PostHog for product analytics to understand how features such as the home screen widget are used (see Information collected automatically below).

2. Information We Collect

2.1 Information you provide

X account connection: When you choose “Continue with X” or switch X accounts, you sign in through X using OAuth 2.0 (via our authentication provider). We receive and store information needed to link your ResurfX account to your X account, such as your X user ID, username, display name, and, if available and approved by you, your X account email address for account and App communications.
Apple account login: If you choose “Continue with Apple,” Apple provides the information you authorize for account creation, limited to your name and email address. You may use Apple’s Hide My Email/private relay address.
Email account and contact email: If you choose “Continue with email,” we collect your email address for authentication and use it as your default contact email for important account and App communications. If you separately provide, confirm, or update a contact email, we store it for those communications. A contact email by itself does not create or change email/password login credentials.
Support communications: If you contact us (for example through our support page), we receive the information you choose to send (such as your email address and message content).
Chrome extension pairing: If you use Sync via Chrome (Pro), you generate a short-lived pairing code in the App. The Extension submits that code to our servers to obtain a limited import token. We store pairing session metadata (hashed code, expiry, pairing time) and issue time-limited tokens for upload only.

2.2 Information collected automatically when you use the App

Account identifiers: A ResurfX account identifier (issued by our backend), session tokens, and related authentication metadata needed to keep you signed in and secure your account.
X OAuth tokens: After you connect X, our servers store encrypted X access and refresh tokens so we can check for new bookmarks on your behalf, including in the background. We request X permissions with scopes including bookmark.read, tweet.read, users.read, users.email, and offline.access.