Agentic Bookmarks

Privacy Policy

Last updated: May 12, 2026

Privacy Policy

Effective: May 12, 2026 Last updated: May 12, 2026

In one paragraph

We are Super Mega Lab LLC ("Super Mega Lab", "we", "our"). This Privacy Policy describes how we handle personal data in connection with the Agentic Bookmarks VS Code extension, the bundled MCP server, and our website at https://supermegalab.com (together, the "Services"). During the Beta Period, the Software is fully local: no telemetry, no analytics, no source code, no prompts, no AI interactions, no repository contents, no account, no sign-in. The Software does not contact Super Mega Lab. The only personal data we may receive is what you choose to send us when contacting us for support or visiting our website. If you have questions, email us at contact@supermegalab.com.

1. Who we are and how to contact us

Data controller: Super Mega Lab LLC, a Delaware limited liability company, with registered office at 16192 Coastal Highway, Lewes, Delaware 19958.

Privacy contact: contact@supermegalab.com

EU representative (Art. 27 GDPR): Not appointed; the Services are not directed to the EU at this time.

UK representative (Art. 27 UK GDPR): Not appointed; the Services are not directed to the UK at this time.

2. The data we do not collect

Because we are a privacy-first developer tool, we think the most important thing for you to know is what we do not receive. We do not receive, store, or have access to:

  • Source code, file contents, file paths, or file names from your development environment.
  • Repository names, remote URLs, branch names, commit hashes, commit messages, or other version control metadata.
  • Prompts, AI completions, model inputs or outputs, or assistant conversations. AI features in the Software run locally using your own AI provider; we never see your AI inputs or outputs.
  • Editor activity, keystrokes, command invocations, or feature-usage events. The Software contains no telemetry.
  • Diagnostics, error reports, crash dumps, or stack traces. The Software does not transmit these to us.
  • Repository visibility status. The Software determines whether a repository is public or private by querying the repository host (e.g., GitHub or GitLab) directly from your machine. We do not receive the answer.
  • IP addresses or other connection metadata. During the Beta Period the Software does not contact our infrastructure, so we do not receive your IP address.

3. The data we do collect

During the Beta Period, the Software does not contact Super Mega Lab, and we receive no personal data through the Software itself. The data described in this Section is limited to what you may choose to send us through other channels.

3.1 Support communications

If you contact us for support — for example, by email, on GitHub Issues, or through any future support channel — we will receive whatever information you choose to send. We use that information only to respond to your request and to improve the Software. Please do not include source code, secrets, credentials, or other sensitive information in support requests.

3.2 Website data

If you visit https://supermegalab.com, our website may use strictly necessary cookies required for the site to function (e.g., session/authentication cookies on any account portal pages). We do not use analytics cookies, advertising cookies, or cross-site tracking.

3.3 Marketing communications

We do not maintain a marketing email list.

4. How we use the data

We use the limited personal data described in Section 3 only to:

(a) respond to support requests you initiate; (b) operate, secure, and protect our website; (c) comply with applicable law and respond to lawful requests.

We do not use your data to:

  • train, fine-tune, or evaluate any artificial intelligence or machine learning model;
  • sell, share, rent, or trade your personal information;
  • build advertising profiles, behavioral analytics, or marketing segments;
  • profile you or make automated decisions with legal or similarly significant effects.

5. Legal bases (for users in the EEA, UK, and Switzerland)

We process the personal data described in Section 3 on the following legal bases under the GDPR / UK GDPR / FADP:

ProcessingLegal basis
Responding to support requestsPerformance of a contract (or your prior request before a contract) — (Art. 6(1)(b) GDPR)
Operating and securing our website; preventing abuseLegitimate interests (Art. 6(1)(f) GDPR)
Complying with applicable lawLegal obligation (Art. 6(1)(c) GDPR)

6. Sharing the data

We share the limited personal data in Section 3 only as required to respond to support requests and as required by law. We engage no sub-processors to process user data through the Software during the Beta Period.

We may also disclose personal data:

  • in response to valid legal process (e.g., a court order, subpoena, or other binding legal request), where required by law and after reviewing the request for legal validity;
  • to protect the rights, safety, or property of Super Mega Lab, our users, or others;
  • in connection with a corporate transaction (such as a merger, acquisition, or asset sale), in which case we will require the recipient to honor this Privacy Policy or notify affected users of any material change.

We do not sell your personal information.

7. International data transfers

We are based in the United States. Where personal data is transferred from the European Economic Area, the United Kingdom, or Switzerland to a country not subject to an adequacy decision, we rely on the following transfer mechanisms, as applicable:

  • EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914), in the appropriate module;
  • The UK International Data Transfer Addendum for transfers from the United Kingdom; and
  • Equivalent safeguards for transfers from Switzerland under the FADP.

Copies of the relevant transfer mechanisms are available on request to contact@supermegalab.com.

8. How long we keep the data

DataRetention
Support communicationsUp to 24 months after the request is closed, then deleted, except where law requires longer retention.
Website cookiesStrictly necessary cookies are session-scoped and cleared when you close your browser or sign out.

We may retain data longer where required by law (for example, tax records) or where reasonably needed to resolve disputes or enforce our agreements.

9. Your rights

Depending on where you live, you may have rights with respect to your personal data, including the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate personal data;
  • Erase your personal data ("right to be forgotten");
  • Restrict or object to certain processing;
  • Portability — receive your data in a structured, machine-readable format;
  • Withdraw consent, where consent is the legal basis;
  • Lodge a complaint with your local data protection authority. In the EU, you may contact your national supervisory authority; in the UK, the Information Commissioner's Office (ICO).

For users in California, you also have rights under the CCPA/CPRA, including the right to know what personal information we collect, to delete it, to correct it, to limit the use of sensitive personal information, to opt out of "sales" and "sharing" (we do neither), and to be free from retaliation for exercising these rights.

To exercise any of these rights, email contact@supermegalab.com. Given the limited data we hold, we are usually able to respond within 30 days at no charge.

10. Children

The Services are intended for software developers and are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact contact@supermegalab.com and we will delete it.

11. Security

The Software does not transmit your data to Super Mega Lab during the Beta Period. Where the Software contacts third-party services on your direction (repository hosts, your AI provider), it uses the encrypted endpoints those services provide.

A fuller description of our security posture is published at https://agenticbookmarks.com/legal/security.

No system is perfectly secure. If we become aware of a security breach affecting your personal data, we will notify affected users without undue delay, and in any event consistent with applicable law.

12. AI and your data

The Services include AI-related features that operate locally on your device using your chosen AI provider. We do not operate, host, route, intercept, or log AI prompts, completions, or other AI interaction data. Your use of any AI provider is governed by your agreement with that provider.

We do not use any data we receive (including the limited data described in Section 3) to train, fine-tune, or evaluate any AI or machine learning model.

13. Open-source and source-available components

The public-repository portions of the Software are published in source form under PolyForm Shield 1.0.0 at https://github.com/super-mega-lab/agentic-bookmarks. You can inspect those components to verify our network behavior. The portions made available in source form do not contain telemetry; this is not only a contractual commitment but is verifiable by inspection. The proprietary core of the Software is distributed only as a compiled artifact bundled with the Marketplace release and is not published as source.

14. Third-party integrations and platforms

The Software interacts with services on your device and on the Internet that you choose to enable, including:

  • Repository hosts (such as GitHub, GitLab, Bitbucket, or self-hosted Git servers) — to read repositories you direct the Software to read and to determine repository visibility. These interactions occur from your device under your existing relationship with that host.
  • Your AI provider, where you have configured one — see Section 12.
  • The VS Code Marketplace (or Open VSX) — for installation and updates. Distribution platforms have their own privacy practices.

We are not responsible for the privacy practices of third parties.

15. California "shine the light" and metrics disclosure

Under California Civil Code § 1798.83, California residents may request a list of third parties to which we have disclosed personal information for direct marketing purposes. We do not disclose personal information for third-party direct marketing purposes; nonetheless, requests may be sent to contact@supermegalab.com.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The current version is published at https://agenticbookmarks.com/legal/privacy. Material changes affecting your rights or our handling of personal data will be communicated through the Software, the Marketplace listing, or by email to the address associated with your subscription, with at least thirty (30) days notice before the change takes effect. The "Effective" and "Last updated" dates at the top reflect the current version.

17. How to contact us

For questions, requests, or complaints concerning this Privacy Policy or our handling of your personal data: