Privacy Policy

Data We Collect:

• Account Information: Email address, name, and profile picture (when you sign in with Google/GitHub OAuth)

• Subscription Data: Pro plan status, subscription ID, payment status (managed by Stripe)

• Device Information: Device fingerprint (browser type, OS, screen resolution) for device limit enforcement and security

• Usage Analytics: Tab count, auto-close statistics, and feature usage to improve our service

• Settings & Preferences: Custom themes, timer configurations, and dashboard settings

• AI Search Queries: Search terms sent to Perplexity AI when using the AI Search feature

How We Store Data:

• Cloud Storage: Your account data, settings, and analytics are securely stored in Supabase (a cloud database) to enable cross-device synchronization

• Local Cache: Some data is cached locally in your browser for faster performance

• Encryption: All data transmission uses HTTPS/SSL encryption. Database access is protected with enterprise-grade security

Tabmangment offers real-time cross-device synchronization. This means:

• Your settings, themes, and preferences sync across all your devices automatically

• Data is transmitted to our secure Supabase cloud database when changes are made

• Sync happens every 10 seconds and when you focus on the browser

• You can use up to 2 devices on Free plan and 3 devices on Pro plan

• Device tracking uses non-invasive fingerprinting (no personal data) for device limit enforcement

The extension requests the following permissions to provide its functionality:

Tabs: To manage, organize, and close tabs based on your preferences and timer settings.

Storage: To cache settings locally for faster performance. Your primary data is stored securely in Supabase cloud for cross-device sync.

Identity (Optional): For Google/GitHub OAuth sign-in. You can also use email/password if you prefer.

These permissions are used solely for tab management and user authentication. We do not track your browsing history or access any sensitive information beyond what's necessary for the extension to function.

Services We Use:

• Supabase (Database & Authentication) - Stores your account data, settings, and analytics securely. Industry-leading security with SOC 2 Type II compliance.

• Stripe (Payment Processing) - Handles all payment transactions and subscription management. We never store your credit card details - Stripe does this securely with PCI DSS Level 1 certification.

• Perplexity AI (AI Search) - Processes your search queries when you use the AI Search feature. Search queries are sent to Perplexity's API for intelligent answers. Free users: 5 searches/day, Pro users: unlimited.

• Google OAuth / GitHub OAuth (Sign-In) - When you sign in with Google or GitHub, they provide us with your email, name, and profile picture. We don't receive or store your password.

• Netlify (Hosting) - Hosts our dashboard and serverless functions. Does not access user data.

What We Never Do:

✗ Sell your data to third parties

✗ Share data with advertisers

✗ Track your browsing outside of tab management

✗ Store your passwords or payment details

Sign-In Methods:

• Google OAuth: Secure sign-in using your Google account. We receive your email, name, and profile picture.

• GitHub OAuth: Secure sign-in using your GitHub account. We receive your email, name, and avatar.

• Email/Password: Passwords are hashed with bcrypt and never stored in plaintext. We use Supabase Auth for secure password management.

Payment & Subscription:

• All payments are processed securely by Stripe

• We only store: subscription status, customer ID (from Stripe), and subscription expiration date

• Your credit card details are never stored by us - Stripe handles all payment information securely

• Webhooks from Stripe automatically update your Pro status in real-time

Security Measures:

• All data transmission uses HTTPS/SSL encryption

• Supabase provides Row Level Security (RLS) to protect your data

• Device fingerprints use non-invasive, privacy-friendly techniques

• Session tokens expire automatically for security

• We sanitize all logs to prevent accidental PII exposure

How Long We Keep Your Data:

• Active Accounts: Your data is retained as long as your account is active

• Deleted Accounts: When you delete your account, all personal data is permanently removed from our database within 30 days

• Subscription Data: Payment records are retained for 7 years for tax and legal compliance (required by law)

• Analytics: Aggregated, anonymized analytics data may be retained indefinitely for product improvement

• Inactive Accounts: If your account is inactive for 2 years, we may send a reminder email. If no response after 3 years, your account may be archived.

Account Deletion:

You can delete your account at any time from the dashboard settings. This will:

• Immediately revoke access to Pro features

• Remove all personal data (email, name, profile picture) within 30 days

• Cancel any active subscriptions (no refunds for remaining period)

• Clear all custom themes, settings, and preferences

You Have the Right To:

• Access Your Data: Request a copy of all personal data we store about you

• Rectify Your Data: Update or correct any inaccurate information in your account settings

• Delete Your Data: Request complete deletion of your account and all associated data

• Export Your Data: Download your data in a portable, machine-readable format (JSON)

• Withdraw Consent: Opt out of analytics or AI features at any time

• Object to Processing: Object to how we use your data, and we'll review your request

• Lodge a Complaint: File a complaint with your local data protection authority if you believe your rights have been violated

How to Exercise Your Rights:

• Access Settings: Most data can be viewed/edited directly in your dashboard settings

• Export Data: Use the "Export Data" button in dashboard settings to download your data

• Delete Account: Use the "Delete Account" button in dashboard settings

• Contact Support: For other requests, contact us through the extension's contact feature

We will respond to all requests within 30 days as required by GDPR.

We may update this privacy policy from time to time to reflect changes in our practices or for legal compliance.

Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.