Privacy Policy

Last updated: May 2, 2026

Resurface is a follow-up tool for indie founders, built and operated by Mudgal Labs. This policy explains what information we collect, why we collect it, and the choices you have. It covers both the Resurface web app at resurface.to and the Resurface browser extension for Chrome and Firefox.

What we collect

We only store data that you either enter into Resurface or explicitly save using the extension. Specifically:

  • Account information. Resurface uses Google sign-in — we do not manage passwords. When you sign in, Google shares your name, email address, and profile picture with us. We use these to create your account, authenticate you, and send essential account email.
  • Saved interactions. When you click the save button on a DM or comment on a supported platform, we store the text of that message, a sanitized HTML copy, a link back to the original source, the timestamp, and the platform usernames involved.
  • Follow-up metadata. Any follow-up date or note you attach to a saved thread.
  • Session data. A session token issued at sign-in, stored in your browser’s local storage and sent with each request to identify you.

The extension does not access or collect any messages unless you explicitly click “Save”. It does not scrape your inbox, your feed, or any other data from the platforms it integrates with.

Message content and privacy

Resurface only stores messages that you explicitly choose to save. We do not automatically access, sync, or monitor your inboxes.

Saved message content is treated as sensitive data and encrypted before being stored. Access to this data is restricted and used only to provide core product functionality such as displaying your threads and reminders.

We do not read or analyze your saved messages. If we introduce features that process message content (such as AI-based insights), they will be clearly explained and require your explicit opt-in.

What we do not collect

  • We do not run any third-party analytics, tracking pixels, or behavioural advertising SDKs.
  • We do not read or store passwords or account credentials for any of the platforms you use with Resurface.
  • We do not sell, rent, or share your data with third parties for their own marketing.

How we use it

Collected data is used solely to provide the Resurface service: rendering your threads dashboard, grouping saved items into the correct threads, reminding you of follow-ups, and authenticating your extension sessions.

Where it is stored

Data is stored in a PostgreSQL database operated by us and hosted on Hetzner Cloud infrastructure in the EU.

Sensitive fields, such as saved message content, are encrypted at the application level before being stored in the database. Transport between your browser and our backend uses HTTPS.

Sub-processors

We rely on a small number of infrastructure providers to run Resurface. They process data only on our behalf and under their own security commitments:

  • Hetzner Cloud — application and database hosting (EU region).
  • Paddle — checkout, billing, and tax handling. We never see your card data.
  • Google — authentication (OAuth sign-in).
  • Bodhveda — in-app notifications.
  • Resend — transactional email delivery.

Retention

Saved items live in your account until you delete them. When you delete your account, all associated data is removed.

Your rights

You can delete any saved item, thread, or your entire account at any time. You can also request an export of your data by emailing hey@resurface.to.

Extension permissions

The Resurface extension requests minimal permissions to function, including storage, tabs, and host access to supported platforms (such as reddit.com and linkedin.com) only to enable the save button and send selected data to our backend.

Children

Resurface is not directed at children under 13 and we do not knowingly collect data from them.

Changes to this policy

If we make material changes, we’ll update the date above and notify you where appropriate.

Contact

Questions or requests — email hey@resurface.to.