Privacy Policy

LaterBag is operated by Chantter, a company registered in Poland. This policy explains what data we collect, why, and how we handle it. We keep it straightforward because your privacy matters and legalese doesn't help anyone.

By using LaterBag, you agree to the data practices described below. If you don't agree, please don't use the service.

1. What we collect

Account data

  • Guest users: We create an anonymous account automatically so you can start using LaterBag without signing up. No personal information is required.
  • Registered users: If you create an account, we store your email address and authentication tokens. If you sign in with Google or Apple, we receive the email associated with that account.

Content you save

  • Items you save (links, notes, ideas), including titles, descriptions, tags, personal notes, and any content you write.
  • Metadata we extract from URLs you save – titles, descriptions, images, author names, favicons, and source domains. This extraction happens on our servers; we do not send your URLs to third parties for this purpose.

Device and usage data

  • Push notification tokens:If you enable notifications on mobile, we store your device's push token to deliver reminders.
  • Error reports: We use Sentry for crash and error monitoring. Error reports may include technical context such as device type, OS version, and anonymized user identifiers. Sentry session replays, when active, mask all text and block all media by default.
  • Analytics: We use Google Analytics to understand how the service is used in aggregate. We do not use analytics to track individual users or build advertising profiles.

Browser extension

The LaterBag browser extension accesses the URL and title of pages you actively choose to save, and any text you select when using the right-click save feature. The extension does not monitor your browsing activity, read pages you don't save, or collect data in the background.

2. How we use your data

We use your data to:

  • Provide and operate LaterBag
  • Store and display your saved items
  • Extract metadata from URLs you save
  • Send push notifications you have opted into
  • Monitor and fix errors and crashes
  • Understand usage patterns to improve the product

We do not sell your data. We do not use your data for advertising. We do not share your content with other users.

3. Legal basis for processing (GDPR)

  • Contract performance: Storing and displaying your items, managing your account, and extracting metadata from URLs you save. These are necessary to provide the service you signed up for.
  • Legitimate interest: Error monitoring (Sentry) and usage analytics (Google Analytics) to maintain and improve the service. We minimize what we collect and do not use it for profiling.
  • Consent: Push notifications. You can opt out at any time through your device settings.

4. Third-party services

We use the following third-party services to operate LaterBag:

  • Supabase – database and authentication. Servers located in Europe. Supabase processes your account data and saved content on our behalf.
  • Vercel – API hosting. Servers currently in Europe (Frankfurt). May expand to other regions.
  • Sentry – error monitoring. Receives technical error data, not your saved content.
  • Google Analytics – usage analytics. Receives aggregated usage events, not your saved content.
  • Expo – push notification delivery for mobile apps. Receives only your device push token.

Each service operates under its own privacy policy. We select services that offer GDPR-compliant data processing.

5. Data storage and security

Your data is stored in Supabase-managed PostgreSQL databases located in Europe. All API communication is encrypted via HTTPS. Clients never access the database directly – all data flows through our API server, which validates every request.

We apply rate limiting, input validation, and access controls to protect your data. Authentication tokens are stored locally on your device and transmitted securely via HTTPS.

6. Data retention

  • Your items: Stored as long as your account exists. Deleted items move to trash and are permanently removed after 30 days, or immediately if you choose.
  • Guest accounts: Anonymous accounts and their items may be deleted after a period of inactivity.
  • Account deletion: When you delete your account, we permanently delete all your items, push tokens, feedback, and authentication data.

7. Your rights (GDPR)

As we are based in the EU, you have the following rights under the General Data Protection Regulation:

  • Access: Request a copy of the data we hold about you.
  • Rectification: Ask us to correct inaccurate data.
  • Erasure:Delete your account and all associated data. You can do this directly in the app under Profile > Delete Account.
  • Portability: Request your data in a portable format.
  • Objection: Object to data processing based on legitimate interest.
  • Complaint: File a complaint with the Polish data protection authority (UODO) or your local supervisory authority.

To exercise any of these rights, contact us at support@laterbag.app.

8. Cookies and local storage

The LaterBag website does not use cookies for tracking. The mobile app and browser extension store authentication tokens in local device storage to keep you signed in. These are not shared with third parties.

9. Age requirement

LaterBag is not intended for users under the age of 16. We do not knowingly collect data from children. If you believe a child under 16 has created an account, please contact us and we will delete it.

10. Changes to this policy

We may update this policy from time to time. If we make significant changes, we will notify users through the app or by email. The date at the bottom of this page always reflects the latest version.

11. Data controller

The data controller responsible for your personal data is:

Chantter
Poland
Email: support@laterbag.app

If you have questions about this privacy policy or how we handle your data, contact us at the email above.

Last updated: 29 Mar, 2026