Privacy Policy
Last updated: February 19, 2026
Resurface ("we", "our", or "us") operates the Resurface mobile application ("App"). Your privacy is important to us. This Privacy Policy explains in detail what information we collect, how we use it, who we share it with, and what rights you have over your data.
By downloading, installing, or using the App, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the App.
1. Information We Collect
1.1 Information You Provide
- Account Information: When you create an account, we collect your email address and display name. If you sign in with Apple or Google, we receive your name and email address from those providers. Apple's "Hide My Email" feature is supported — we will only receive your relay email address if you choose this option.
- Saved Content: URLs, links, and content metadata that you save to the App via the Share Extension, manual URL entry, deep links, or email forwarding.
- User Preferences: Settings and preferences you configure within the App, such as notification preferences, display preferences, and category preferences.
- Support Communications: If you contact us for support, we may collect your email address and the content of your communication.
1.2 Information Generated by the App
- Processed Content: When you save a URL, we extract and process the content (article text, video metadata, social media content) to provide App features. This processing generates summaries, categories, estimated reading times, and other metadata.
- AI-Generated Content: Audio walkthroughs, summaries, briefings, and categorizations generated by AI services based on your saved content.
- Usage Statistics: Items saved, items consumed, daily progress, reading/listening history, and feature usage patterns.
1.3 Information Collected Automatically
- Device Information: Device type, model, operating system version, unique device identifiers, and language settings.
- Push Notification Tokens: If you enable notifications, we collect your device push token to deliver notifications.
- Crash & Performance Data: Anonymous crash reports and performance metrics to help us identify and fix issues.
1.4 Information We Do NOT Collect
- We do not collect precise geolocation data
- We do not access your contacts, photos, camera, or microphone
- We do not collect payment or financial information (payments are handled entirely by Apple)
- We do not use advertising trackers or ad-related identifiers
- We do not collect browsing history outside of content you explicitly save
2. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide core App features (saving, organizing, displaying content) | Account info, saved content, preferences | Contract performance |
| Generate AI summaries, audio walkthroughs, and categorizations | Saved content text and metadata | Contract performance |
| Send push notifications (daily picks, content ready, weekly recap) | Push tokens, usage data | Consent |
| Process and manage your subscription | Account info, subscription status | Contract performance |
| Sync content across devices (Pro feature) | Account info, saved content | Contract performance |
| Process forwarded emails | Email content, sender address | Contract performance |
| Diagnose bugs, crashes, and performance issues | Crash logs, device info | Legitimate interest |
| Improve and develop new features | Aggregated, anonymized usage data | Legitimate interest |
| Respond to support requests | Email, communication content | Legitimate interest |
3. Third-Party Services
We use the following third-party services to operate the App. Each processes data on our behalf and is bound by their own privacy policies:
3.1 Firebase (Google Cloud)
- Firebase Authentication: Manages user sign-in and account security. Processes email address and authentication tokens.
- Cloud Firestore: Stores your account data, saved content, preferences, and usage statistics.
- Cloud Functions: Executes server-side processing for content extraction, AI generation, and email ingestion.
- Cloud Storage: Stores generated audio files and processed content assets.
- Privacy policy: firebase.google.com/support/privacy
3.2 AI Processing Services
- Google Gemini: Generates text summaries, audio scripts, content categorizations, and briefings from your saved content. Your content text is sent to Gemini's API for processing. Google's API data usage policy applies.
- fal.ai: Converts AI-generated scripts into audio using text-to-speech (Kokoro TTS). Generates thumbnail images using FLUX Schnell. Audio scripts and image prompts are sent for processing.
We only send the minimum content necessary for AI processing. We do not send your personal account information, email address, or other identifying data to AI services.
3.3 Content Extraction Services
- Supadata: Extracts content metadata from social media platforms (YouTube, TikTok, Instagram, Twitter). Only the URL you save is sent to this service.
- Jina Reader: Extracts article text from web pages as a fallback when primary extraction fails. Only the URL is sent.
3.4 Subscription Management
- RevenueCat: Manages subscription status, entitlements, and purchase verification. Receives your anonymous app user ID and purchase receipts from Apple. Does not receive your email or personal information. RevenueCat Privacy Policy
3.5 Authentication Providers
- Apple Sign-In: If you choose to sign in with Apple, we receive your name and email (or relay email) as authorized by you. Apple Privacy Policy
- Google Sign-In: If you choose to sign in with Google, we receive your name, email, and profile picture URL. Google Privacy Policy
3.6 Email Processing
- Cloudflare: Handles email routing for the email forwarding feature. Forwarded emails pass through Cloudflare's infrastructure to our Cloud Functions for processing. Cloudflare Privacy Policy
4. Data Storage & Security
Your data is stored on Google Cloud Platform via Firebase services. We implement the following security measures:
- Encryption in transit: All data transmitted between the App and our servers is encrypted using TLS/HTTPS.
- Encryption at rest: Data stored in Firebase is encrypted at rest using Google Cloud's default encryption.
- Authentication & access controls: Firestore security rules ensure users can only access their own data. Server-side functions use authenticated service accounts.
- Minimal data exposure: API keys and secrets are stored securely in environment variables and are never exposed to the client.
While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.
5. Data Retention
- Active accounts: We retain your data for as long as your account is active and you continue to use the App.
- Deleted content: When you delete individual items, they are removed from our database promptly.
- Deleted accounts: When you delete your account, all associated data (saved content, preferences, AI-generated content, usage statistics) is permanently deleted from our systems within 30 days. Some data may persist in encrypted backups for up to an additional 30 days before being purged.
- AI-generated audio: Audio files stored in Cloud Storage are deleted when the associated content item or account is deleted.
- Anonymized data: We may retain anonymized, aggregated data that cannot be used to identify you for analytical purposes indefinitely.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
6.1 Access
You can request a copy of the personal data we hold about you. Contact us at support@resurfaceapp.uk and we will respond within 30 days.
6.2 Deletion
You can delete your account and all associated data at any time:
- In-app: Settings → Delete Account
- By email: Send a request to support@resurfaceapp.uk
6.3 Correction
You can update your display name and email address within the App's settings at any time.
6.4 Data Portability
You can request an export of your data in a machine-readable format. Contact us to make this request.
6.5 Withdraw Consent
You can withdraw consent for optional data processing at any time:
- Push notifications: Disable via your device's Settings → Notifications → Resurface
- Email forwarding: Stop forwarding emails to your Resurface email address
6.6 Complaint
If you believe your data rights have been violated, you have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.
7. International Data Transfers
Your data may be processed and stored on servers located outside your country of residence, including in the United States (Google Cloud / Firebase). Where data is transferred internationally, we rely on Google's data processing terms and appropriate safeguards (such as Standard Contractual Clauses) to ensure your data is protected.
8. Children's Privacy
The App is not intended for children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal data, please contact us at support@resurfaceapp.uk.
9. Cookies & Tracking
The App itself does not use cookies. Our website (resurfaceapp.uk) is a static site that does not use cookies, analytics trackers, or any third-party tracking scripts. We do not track you across websites or apps.
10. Do Not Track
We do not respond to "Do Not Track" browser signals because we do not engage in cross-site tracking. The App does not track users for advertising purposes.
11. Data Sharing & Disclosure
We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following circumstances:
- Service providers: With the third-party services listed in Section 3, solely for the purpose of providing App functionality.
- Legal requirements: If required by law, regulation, legal process, or governmental request.
- Safety: To protect the rights, property, or safety of Resurface, our users, or the public.
- Business transfers: In connection with a merger, acquisition, or sale of assets, in which case your data would remain subject to this Privacy Policy.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. If we make material changes, we will notify you through the App or via email at least 30 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised.
We encourage you to review this Privacy Policy periodically. Your continued use of the App after changes become effective constitutes your acceptance of the revised policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: support@resurfaceapp.uk
- Website: resurfaceapp.uk/support
We aim to respond to all privacy-related inquiries within 30 days.