Trust & transparency

Privacy Policy

How Rook handles data for the website, API, and browser extension.

Last updated: February 21, 2026

At a glance

Rook is private by default, and AI actions are user-initiated.

This page explains what data is collected, how it is used, and how you can export or control your information.

What we collect

  • Google account identity for sign-in
  • Links, tags, notes, and activity history you create
  • Auth session cookies

What we do not do

  • Do not sell personal information
  • No hidden summarization actions
  • No access without authentication

How data is handled

Collection, use, and processing

These sections cover what information Rook stores and how it is used to run the service.

1. Information We Collect

  • Account data: Google account identifier, display name, and avatar URL (when you sign in with Google).
  • User content: links, titles, summaries, tags, notes, pinned entries, and activity history you create in Rook.
  • Session data: authentication cookies required to keep you signed in.
  • Extension inputs: active tab URL/title; if you click Summarize Page, the extension may send extracted page text and an optional screenshot to Rook for summarization.

2. How We Use Information

  • Provide core product functionality (save, organize, search, and retrieve links).
  • Authenticate users and secure accounts.
  • Generate AI summaries and suggested tags when requested by you.
  • Operate, maintain, and improve reliability and performance.

3. Legal Basis and Consent

By using Rook, you direct us to process data needed to provide the service. AI summarization requests are user-initiated actions from the app or extension.

4. Sharing and Third-Party Processing

We do not sell your personal information.

  • Google OAuth: used only for sign-in and account identity.
  • OpenAI (optional): if summarization is enabled, submitted content may be sent to OpenAI to generate summary/tag suggestions.
  • Infrastructure providers: hosting, storage, and backup providers process data to operate the service.

The use of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including Limited Use requirements.

5. Data Retention

We retain your data while your account is active, unless you delete content or request deletion of your account. Operational backups may persist for a limited period.

Security & control

Safeguards, choices, and policy lifecycle

These sections describe how Rook protects data and what choices are available to users.

6. Security

We use reasonable technical and organizational safeguards, including authenticated access controls, to protect your data. No system can guarantee absolute security.

7. Your Choices

  • Access and edit your saved links and metadata in the app.
  • Export your data from the Export Data page after sign-in.
  • Remove extension access by uninstalling the browser extension.
  • Stop use of summarization by not invoking summarize actions.

8. Children

Rook is not intended for children under 13, and we do not knowingly collect personal data from children under 13.

9. International Transfers

If you use Rook from outside the country where infrastructure is hosted, your information may be transferred and processed in other countries.

10. Changes to This Policy

We may update this policy as the product evolves. Material changes will be reflected by updating the “Last updated” date on this page.

Questions or requests

Need help with privacy or data access?

Contact the operator of this deployment using the project support channel or privacy contact for this instance. Include enough detail for us to locate your request.

Product Overview Docs

Rook helps you capture, organize, and retrieve your important links.

Home · Docs · Privacy