Last updated: June 2026. Please read the following notices carefully before using this application.
Secure Bookmark Manager is built on an intentional self-custody, zero-trust architecture. It runs entirely within a private, locally hosted Docker container with no outbound connections to any external authentication service, email relay, SMS gateway, or cloud recovery system. This design choice means that all credentials and authentication state are the sole responsibility of the user.
There is no password reset mechanism of any kind. No "Forgot Password" link exists, no recovery email will be sent, and no administrator back-channel is available for remote identity verification. If you forget your password, the only remediation path is direct intervention in the SQLite database by whoever administers the host server. This is an explicit design constraint, not a missing feature.
There is no two-factor authentication (2FA) bypass or recovery code system. Once TOTP-based 2FA is enabled on your account, a valid token from your registered authenticator application is required at every login. If you lose access to that authenticator — whether through device loss, application deletion, or failure to back up the secret — your account becomes permanently inaccessible at the application layer. The only resolution is database-level removal of the stored 2FA secret by the server administrator. The absence of a bypass is itself a deliberate security property. You are strongly advised to securely back up your TOTP secret or authenticator configuration before enabling 2FA.
Because this application has no cloud synchronisation, no remote backup service, and no cross-account data migration utility, your entire bookmark collection exists only in the SQLite database file on the server that hosts this container. There is no off-site redundancy unless you create it yourself.
If the host server is lost, rebuilt, or wiped — or if your account is ever deleted and needs to be re-initialised — any bookmarks that have not been exported will be permanently and unrecoverably lost. There is no undo and no support channel that can restore them.
The application includes a built-in Netscape HTML export
utility located in the Data Portability panel on the
dashboard sidebar. This utility produces a standards-compliant
.html bookmark file that is universally recognised and
importable by every major browser — Chrome, Firefox, Safari, and Edge —
as well as any future installation of this application. The entire process
takes seconds.
Recommended practice: schedule a weekly or monthly export and store the resulting file in a separate, trusted location outside the host server — such as an encrypted external drive, a local network share, or a personal encrypted cloud storage account. Treat this file with the same diligence you would apply to any other critical personal data backup.
In the event that a new account must be initialised, the previously
exported .html file can be re-imported in its entirety via
the same Data Portability panel, restoring your full bookmark
collection — including folder structure and tags — within a single
operation.
No warranty. This software is provided "as is", without warranty of any kind, express or implied. The authors make no representations or warranties regarding the accuracy, completeness, reliability, or fitness for a particular purpose of this application.
Deployment responsibility. You are solely responsible for
running this application in a secure environment — including keeping host
operating system and container images up to date, enforcing HTTPS
termination, restricting network access to trusted clients, rotating the
SECRET_KEY environment variable regularly, and protecting the
underlying SQLite database files from unauthorised access.
External links. Bookmarks saved in this application may point to external websites. The authors have no control over the content, availability, or security of those external resources and accept no responsibility for them.
Limitation of liability. In no event shall the authors or contributors be liable for any direct, indirect, incidental, special, or consequential damages arising out of the use of — or inability to use — this application, including but not limited to loss of bookmark data, loss of account access, or security incidents resulting from deployment misconfiguration.