1. Introduction

Welcome to tab.flow ("we," "our," or "us"). We respect your privacy and are committed to protecting any personal data you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the tab.flow browser extension and its optional cloud services (collectively, the "Service").

By installing or using tab.flow, you agree to the terms described in this policy. If you do not agree, please uninstall the extension and discontinue use.

2. Information We Collect

Tab & Browser Data

tab.flow reads your open tab titles, URLs, favicons, tab group names, and tab group colors solely to display and manage them in the HUD overlay. This data is processed entirely within your browser and is never transmitted to any external server.

Recently Closed Tabs

tab.flow reads Chrome's sessions API to display recently closed tabs. This metadata stays local to your browser and is never stored remotely.

Account Information

If you choose to create an account, we collect your email address through AWS Cognito. If you sign in with Google, we also receive your name and profile picture from Google. Account creation is entirely optional — tab.flow works fully without an account.

Cloud Sync Data (Optional)

When signed in, you may choose to sync the following to our cloud database:

• Saved workspaces (named collections of tabs)
• Bookmarks created through tab.flow
• Notes attached to specific tabs
• Extension settings and preferences

AI Assistant Data

When you use the AI tab assistant, your query text and your current open tab titles are sent to Groq's API to generate a response. No other browsing data is shared. Queries are not stored on our servers.

Usage Data

We may collect general, non-identifying usage information such as device type, browser type, and feature usage patterns to help improve the Service. We do not collect your browsing history, search queries, or page content.

3. Data That Never Leaves Your Device

The following data is processed and stored exclusively within your browser and is never transmitted externally under any circumstance:

• Your complete list of open tabs, their order, and activity history (MRU)
• Tab group assignments, names, and colors
• Tab thumbnails captured during your browsing session
• Frecency scores used for intelligent tab sorting
• Snooze schedules and alarm timers
• All search queries entered in the tab.flow HUD
• Drag-and-drop reordering state
• Multi-select and keyboard navigation state

This data is stored using Chrome's built-in chrome.storage.local API and in-memory extension state. It is accessible only to the tab.flow extension and is cleared when you uninstall.

4. How We Use Your Information

• To provide, maintain, and improve the tab.flow extension and its features
• To display and manage your open browser tabs in the HUD overlay
• To sync your workspaces, bookmarks, notes, and settings across devices (when signed in)
• To power the AI tab assistant with contextual responses
• To restore recently closed tabs and snoozed tabs
• To communicate with you about updates, support, and important notices
• To detect, prevent, and address technical issues or abuse

5. Data Storage & Security

Local data is stored securely within Chrome's extension sandbox, which isolates it from other extensions and web pages.

Cloud data (for signed-in users) is stored in a Neon PostgreSQL database with encryption at rest and encryption in transit (TLS). Authentication tokens are managed by AWS Cognito, which provides industry-standard security including hashed passwords and token rotation.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

6. Data Sharing

We do not sell, trade, rent, or otherwise share your personal information with third parties for marketing purposes. We may share information only in the following limited circumstances:

• With your explicit consent
• To comply with legal obligations or respond to lawful requests from public authorities
• To protect the rights, property, or safety of tab.flow, our users, or the public
• With service providers who assist in operating the Service (listed below), who are bound by confidentiality agreements and data processing terms

7. Third-Party Services

The Service integrates with the following third-party services. Each is only active when you use the corresponding feature:

• Groq: Powers the AI tab assistant. Your query and open tab titles are sent only when you actively use the AI chat. Subject to Groq's Privacy Policy.
• AWS Cognito: Handles user authentication and account management. Your email and hashed password are stored by AWS. Subject to AWS's Privacy Policy.
• AWS S3: Used for optional thumbnail storage. Images are stored in a private bucket accessible only to your authenticated account.
• Neon (PostgreSQL): Cloud database for workspaces, bookmarks, notes, and user settings when you are signed in. Subject to Neon's Privacy Policy.

We do not use any analytics, tracking, or advertising SDKs in tab.flow.

8. Google API Services User Data Policy

tab.flow's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only request access to the Google data that is necessary for tab.flow to function (your name, email address, and profile picture for authentication purposes).
• We do not use Google user data for serving advertisements.
• We do not allow humans to read your Google user data unless we have your affirmative consent, it is necessary for security purposes, to comply with applicable law, or for our internal operations where the data has been aggregated and anonymized.
• We do not transfer Google user data to third parties except as necessary to provide or improve the Service, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with prior user notice.

9. Chrome Extension Permissions

tab.flow requests the following browser permissions, each for a specific purpose:

• tabs / activeTab: Required to read and display your open tabs in the visual grid
• sessions: Required to show and restore recently closed tabs
• tabGroups: Required to read and create Chrome tab groups with color labels
• storage: Required to store user settings, frecency data, and tab history locally on your device
• alarms: Required to wake snoozed tabs at their scheduled times
• bookmarks: Required to sync bookmarks to your cloud account (optional feature)
• identity: Required for sign-in using the OAuth 2.0 PKCE flow via AWS Cognito
• favicon: Required to display tab favicons in the HUD overlay
• host_permissions (<all_urls>): Required to inject the tab management overlay on all pages via a content script

tab.flow does not use any undisclosed permissions. Every permission listed in the extension manifest is described above and serves a specific, user-facing function.

10. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and all associated cloud data
• Export your synced data (workspaces, bookmarks, notes)
• Withdraw consent for data processing at any time

To exercise any of these rights, please contact us using the information in Section 14 below. We will respond within 30 days of receiving your request.

11. Data Retention

Local data is retained on your device until you uninstall the extension or clear Chrome's extension storage.

Cloud data is retained for as long as your account is active or as needed to provide the Service. If you delete your account, we will permanently delete your personal data within 30 days, except where we are required by law to retain it for a longer period.

12. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

We encourage you to review this page periodically to stay informed about how we protect your data.

14. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your data rights, please contact us at:

Email: daniel.zhao2007@gmail.com

GitHub: github.com/danielzhao07/TabFlow/issues