Privacy Policy

This Privacy Policy explains how Futurus, LLC ("Futurus," "we," "us," or "our") collects, uses, and shares information when you use Skiml (the "Service"), a Chrome extension and web application that saves web pages and generates AI-powered action briefs. Skiml is a service of Futurus, LLC, a Texas limited liability company.

If you have any questions about this policy, contact us at hello@skiml.io.

1. Who we are

Skiml is operated by Futurus, LLC, a single-member limited liability company organized under the laws of the State of Texas. Our business address is 5900 Balcones Drive, Suite 100, Austin, Texas 78731.

The point of contact for any privacy-related inquiry is hello@skiml.io. We respond to verifiable requests within 30 days, and faster when possible.

2. Information we collect

We collect three categories of information: information you give us directly, information we generate or collect as you use the Service, and information we receive from third parties that help us provide the Service.

Information you give us directly

• Account information. When you create an account, we collect your email address. If you sign in with a third-party identity provider (Google, Microsoft, Discord, or GitHub), we receive the basic profile information that provider sends us, which typically includes your email address, your name, and a profile picture URL.
• Authentication credentials. If you create an email-and-password account, we never see or store your password in readable form. Password hashing is handled by our authentication provider (Supabase Auth) using industry-standard algorithms.
• Saved content. When you save a web page through the Skiml extension or upload a document through the Service, we collect the page URL, page title, page domain, the extracted readable text of the page, any author or publication-date metadata that we can detect from the page, and any tags you apply.
• Account preferences. Settings you configure in the Service (display preferences, sidebar collapse state, notification settings).
• Communications. If you email us at hello@skiml.io or interact with our support channels, we keep a record of the conversation.
• Waitlist signups. If you join our pre-launch waitlist, we collect the email address you submit and a label indicating where the signup came from.
• Payment information (when paid plans launch). Our payment processor (Stripe) handles all card and bank details directly. Stripe sends us a customer ID and subscription status so we can grant or revoke paid features. We do not see, store, or have access to your full payment card number.

Information we generate or collect automatically

• AI-generated action briefs. When you save a page, we send the extracted page text to Anthropic's Claude API to generate a structured action brief (summary, key insights, action items, and follow-up questions). The action brief we receive back is stored with your account.
• Usage data. We log standard web request information including IP address, browser type, operating system, the routes you visit within the Service, and timestamps. This is used for security, debugging, and capacity planning.
• Cookies and similar technologies. We use a small number of cookies to keep you signed in and to remember your preferences. See Section 6.
• Analytics. We use Vercel Analytics and Vercel Speed Insights to understand aggregate traffic patterns and page performance. These analytics are configured to collect aggregate, non-identifying information about visits.
• Email engagement (when transactional and digest email launches). When we send you a transactional or digest email through our email provider (Resend), the email may include open and click tracking so we can measure delivery and engagement. You can opt out of digest emails entirely at any time.

Information from third parties

• Identity providers. When you sign in with Google, Microsoft, Discord, or GitHub, we receive the basic profile information that provider shares with us, subject to the consent screen you saw when you connected the provider.
• Payment processor. Stripe (when paid plans launch) sends us transaction confirmations and subscription status updates.

3. How we use information

We use the information we collect for the following purposes:

• To provide the Service. Create and authenticate your account, generate AI action briefs from the pages you save, store and display your library, deliver the digest emails you've opted into (when the digest feature launches), and respond to your support requests.
• To process payments (when paid plans launch). Charge your subscription, send receipts, and manage your plan status.
• To improve the Service. Aggregate analytics, debugging, performance monitoring, and product research.
• To communicate with you. Send transactional emails (account confirmations, security notices, billing receipts, digest emails when you've opted in), and respond when you write to us.
• To keep the Service secure. Detect fraud, abuse, and unauthorized access; respond to security incidents.
• To comply with the law. Respond to lawful requests from courts and government authorities, enforce our Terms of Service, and protect our rights.

We may add a general marketing email program in the future (for example, occasional product announcements). If we do, we will give you a clear opt-in or opt-out choice and we will never enroll account holders automatically.

4. How we share information

We do not sell your personal information. We share information only as described below.

Service providers we rely on

The following service providers process information on our behalf in order for the Service to function. Each of them is bound by contractual confidentiality and data-processing obligations.

• Supabase hosts our database and authentication system. Your account information and saved content are stored in a Supabase project.
• Vercel hosts the Service and provides analytics and performance monitoring. Standard web request data passes through Vercel's infrastructure.
• Anthropic processes the extracted text of pages you save through the Claude API to generate action briefs. Anthropic's commercial API terms prohibit using customer API content to train Anthropic's models. Anthropic retains API content for a limited period for trust-and-safety review per their published terms.
• Stripe (when paid plans launch) processes payments. We never see your full card number.
• Resend (when transactional and digest email launches) delivers email on our behalf, including the engagement events described in Section 2.

If we add or change a material service provider, we will update this policy.

Legal and safety reasons

We may share information if we believe in good faith that disclosure is necessary to comply with a law, regulation, legal process, or governmental request; to enforce our Terms of Service or other agreements; to detect, prevent, or address fraud, security, or technical issues; or to protect the rights, property, or safety of our users, ourselves, or others.

Business transfers

If Futurus is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of business assets, your information may be transferred as part of that transaction. We will require the recipient to honor the commitments in this policy or notify you of any material changes.

With your direction

When you choose to export an action brief to a third-party destination (for example, copying it to your clipboard, sending it to your Obsidian vault, or pushing it to a Notion page when those export destinations launch), we send the data you direct us to send. Those destinations are operated by parties other than us and are governed by their own terms.

5. Artificial intelligence and your content

We want to be specific about how AI is used in the Service, because it is the core of what we do.

• What goes to the AI. When you save a page, the extracted readable text of that page is sent to Anthropic's Claude API together with our action-brief-generation prompt. The action brief we receive back is stored against your account.
• What we do not do. We do not train any AI models on your content. We do not share your content with Anthropic, or anyone else, for the purpose of training their models.
• What our AI processor commits to. Anthropic's commercial API terms commit Anthropic not to train its models on customer API content. Anthropic may retain content for a limited period (currently up to 30 days under their standard terms, less under specific commercial arrangements) for abuse detection and trust-and-safety review.
• Action briefs may be wrong. AI-generated action briefs are produced automatically and may contain errors, omissions, or inaccuracies. They are a starting point for your own judgment, not a substitute for it.

6. Cookies and similar technologies

We use a small number of cookies. They fall into three categories:

• Strictly necessary. Authentication cookies that keep you signed in. The Service cannot function without these.
• Preferences. Cookies and local browser storage that remember your settings, such as sidebar state and display preferences.
• Analytics. Vercel Analytics and Vercel Speed Insights gather aggregate, non-identifying information about visits to our pages. We have configured these to minimize identifying data.

We do not use cookies for cross-site advertising. We do not allow third-party advertisers to drop cookies through the Service.

You can clear cookies and local storage at any time through your browser settings. If you do, you will be signed out of the Service.

7. How long we keep information

We keep information only as long as we need it for the purposes described in this policy.

• Account information (email, profile, settings): retained while your account is active. If you delete your account, we delete your account information within 30 days, except where we are required to keep it longer for legal or accounting reasons.
• Saved pages and AI action briefs: retained while your account is active. When you delete a save, it is moved to a trash bin and recoverable for 30 days, then permanently deleted by our scheduled purge job. Deleting your account triggers the same 30-day purge for all of your saves and action briefs.
• Payment records (when paid plans launch): retained for 7 years to meet US tax-record requirements.
• Request logs (IP addresses, user agents, request paths): retained for approximately 90 days for security and debugging, then deleted.
• Waitlist signups: retained until we launch general availability or for 24 months from signup, whichever comes first, after which they are deleted unless you've also created an account.
• Email delivery records (when transactional and digest email launches): retained for approximately 90 days to support deliverability troubleshooting.
• Backups: our database and hosting providers maintain rolling backups for operational recovery purposes. Backups age out on those providers' schedules (typically 30 to 90 days) and are not used for any purpose other than disaster recovery.

If a longer retention period is required by law, we will retain the information for that longer period.

8. How we protect information

We use industry-standard security measures to protect your information, including encryption in transit (TLS) for all communications between your browser, the Service, and our service providers; encryption at rest for stored data; row-level security in our database so that one account cannot access another account's data; secure authentication via Supabase Auth; and access controls limiting employee access to production systems.

No security measure is perfect. We cannot guarantee absolute security, and we encourage you to use a strong, unique password and to keep your account credentials confidential.

If we become aware of a security incident affecting your information, we will notify you in accordance with applicable law.

9. Your rights

Regardless of where you live, you have the following rights in connection with the personal information we hold about you.

• Access. You can request a copy of the personal information we hold about you.
• Correction. You can request that we correct inaccurate or incomplete information. You can also update most account information yourself in your account settings.
• Deletion. You can delete your account at any time, which triggers deletion of your personal information as described in Section 7.
• Marketing opt-out. You can opt out of any non-transactional email by clicking the unsubscribe link in the email or contacting us. Transactional emails (account, security, billing, and digest emails you've opted into) continue while your account is active.
• Object or restrict. You can ask us to stop or limit certain uses of your information.

To exercise any of these rights, write to hello@skiml.io. We will need to verify your identity before fulfilling the request and we may decline requests that are excessive or that would compromise the rights of other users.

Additional rights for California residents

If you are a California resident, the California Consumer Privacy Act and the California Privacy Rights Act give you the following rights:

• Right to know. You can ask us to disclose the categories and specific pieces of personal information we have collected about you, the sources we collected it from, the purposes for collecting it, and the third parties with whom we share it.
• Right to delete. You can ask us to delete personal information we have collected from you.
• Right to correct. You can ask us to correct inaccurate personal information.
• Right to opt out of sale or sharing. We do not sell or share personal information as those terms are defined under California law. There is no opt-out for you to exercise on this point.
• Right to limit use of sensitive personal information. We do not collect sensitive personal information beyond authentication credentials, which are used only to provide the Service.
• Right of non-discrimination. We will not discriminate against you for exercising any of these rights.

To exercise these rights, contact hello@skiml.io. You may also designate an authorized agent to make a request on your behalf.

Additional rights for users in the European Economic Area, the United Kingdom, and Switzerland

If you are a resident of the EEA, the UK, or Switzerland, the General Data Protection Regulation and equivalent local laws give you the following rights:

• Right of access (Article 15 GDPR)
• Right to rectification (Article 16)
• Right to erasure, also called the right to be forgotten (Article 17)
• Right to restrict processing (Article 18)
• Right to data portability (Article 20)
• Right to object to processing (Article 21)
• Right to lodge a complaint with a supervisory authority

The legal basis for our processing is either the performance of our contract with you (so we can provide the Service you signed up for), our legitimate interests in operating and improving the Service, our compliance with legal obligations, or your consent where applicable.

To exercise any of these rights, contact hello@skiml.io. We will respond within the time periods required by applicable law.

10. International data transfers

Skiml is operated from the United States, and our service providers store and process data primarily in the United States. If you access the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States.

For transfers from the European Economic Area, the United Kingdom, and Switzerland to the United States, we rely on appropriate safeguards including the Standard Contractual Clauses approved by the European Commission and, where available, the EU-U.S. Data Privacy Framework and its UK and Swiss extensions.

11. Children's privacy

The Service is not directed at children under 13. If you are under 13, please do not use the Service or send us any personal information. If we learn that we have collected personal information from a child under 13, we will delete that information.

If you are in the European Economic Area, the minimum age to use the Service without parental consent is 16. If you are under 16 and in the EEA, please do not use the Service without a parent or guardian's involvement.

If you are a parent or guardian and you believe your child has provided us with personal information, contact hello@skiml.io and we will delete the information.

12. Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top. If the changes are material, we will provide notice through the Service or by email at least 30 days before the changes take effect. Your continued use of the Service after the changes take effect constitutes acceptance of the updated policy.

13. Contact us

For any privacy-related question, request, or complaint, write to us at:

Futurus, LLC Attn: Privacy 5900 Balcones Drive, Suite 100 Austin, Texas 78731 hello@skiml.io