tabsmarter

Privacy Policy

Plain English · last updated

The whole policy in two sentences: TabSmarter doesn't send your data anywhere because we don't have anywhere to send it. There is no server, no analytics, no telemetry, no account.

If you want the longer version with specifics, read on. We tried to make it actually understandable.

What data the extension touches

To do its job, TabSmarter has to read information from Chrome that's about your browsing. Specifically, the extension can see:

  • Your open tabs — titles, URLs, pinned/muted/audible state, group membership, window IDs. Required for everything from search to suspend.
  • Your bookmarks — only when you open the Bookmarks view inside the manager, and only to display them. We don't modify them unless you click the bulk-bookmark button.
  • Your browsing history — only when you open the History search view inside the manager, using Chrome's chrome.history API. We don't index or store any of it.
  • Per-tab page state — the content script reads scroll position and form-input state on the page you're viewing, only to support scroll memory and "don't suspend tabs with unsaved input."

That's the whole list. It looks like a lot because Chrome surfaces a lot — but everything in the list is data Chrome already has, that we're reading on your machine, and that we never transmit.

What we send to a server

Nothing.

There is no TabSmarter server. We didn't build one. None of the data above leaves your computer via TabSmarter.

What we store, and where

The extension uses Chrome's two storage areas:

chrome.storage.sync

Used for: your settings (suspend timeout, accent color, keyboard shortcuts, etc.).

How it works: Chrome encrypts and syncs this data across your devices using your Google account, the same way it syncs your bookmarks. We never see it. Google's privacy policy applies to that sync; ours doesn't, because we're not involved.

chrome.storage.local

Used for: saved sessions, per-tab notes, scroll positions, sleep timers, auto-refresh schedules, activity timestamps, snoozed tabs, close-locked tabs, password-lock hashes, focus-mode stash IDs, the auto-save-on-exit snapshot, and the rolling activity log (capped at 1,000 events). This data lives only on the machine where you created it — it's not synced anywhere.

Specifically about password locks

When you set a password lock (per tab or per domain), TabSmarter:

  • Generates a fresh 16-byte random salt per lock (via crypto.getRandomValues)
  • Computes SHA-256(salt + ":" + password) using the browser's built-in SubtleCrypto
  • Stores only the salt and the resulting hash — never the password itself

This means a copy of chrome.storage.local for someone who already has access to your machine is not enough to recover your password. It is, however, enough to bypass the lock — see the FAQ for why password locking is a casual deterrent and not real security.

Specifically about the activity timeline

The Activity view in the manager shows your last ~1,000 tab open/close events. It's stored in chrome.storage.local, replaced on a rolling basis as new events come in, and never transmitted anywhere. You can clear it instantly from the Activity view's "Clear log" button.

Permissions, in plain English

When you install TabSmarter, Chrome asks you to grant a long list of permissions. Here's what each one is actually used for. Nothing on this list talks to a server.

  • tabs — read, create, update, move, close tabs
  • tabGroups — create and manage tab groups
  • sessions — read recently closed tabs and restore them
  • bookmarks — show the Bookmarks view; bulk-save selected tabs to a folder
  • history — power the History search view
  • storage — save your settings and sessions (described above)
  • alarms — schedule auto-suspend, auto-backup, sleep timers, and auto-refresh
  • idle — pause auto-suspend when your machine is idle
  • notifications — show opt-in notifications when tabs auto-suspend or back up
  • contextMenus — add the right-click menu
  • sidePanel — render the optional side panel view
  • scripting / activeTab / <all_urls> — inject the TabTint highlight overlay into pages
  • favicon — render high-quality favicons inside our UI
  • tabCapture / downloads — capture-tab screenshot, download exports

What about the website?

Tabsmarter.com is a static site. As of the date at the top of this page:

  • No analytics scripts (Google Analytics, Plausible, Fathom, etc.)
  • No third-party fonts (we use system fonts)
  • No tracking pixels, social-media widgets, or embedded third-party scripts
  • No cookies are set by the website

The newsletter form on the homepage stores your email in your own browser's localStorage until we have a real backend. Nothing is sent over the network. When we wire up a real subscription backend, we'll list the provider here, link to their privacy policy, and add a clear opt-in.

Server logs from whoever hosts tabsmarter.com may include your IP address as part of normal HTTP request handling. We don't keep, analyze, or attempt to identify users from those logs.

Children

TabSmarter is a tab manager. It doesn't ask anyone's age, target children, or collect any personally identifiable information from anyone. Children, adults, time-traveling raccoons — same policy applies.

Your rights (GDPR / CCPA / similar)

Under privacy frameworks like GDPR and CCPA, you have rights to access, correct, port, and delete personal data a service holds about you.

We don't hold any. There is nothing for us to access, correct, port, or delete on your behalf.

If you want to remove the data the extension stores on your own machine: uninstall the extension, or open chrome://extensions, click TabSmarter's Details, and clear its storage. Synced settings will eventually expire on Google's side per their policy.

Children of changes

If we ever change this policy in a way that materially affects what data is collected or how it's used (for example, if we eventually add a server-backed feature), we will:

  • Update the "last updated" date at the top
  • Note the change inside the extension on next launch
  • Make the new feature opt-in, not opt-out

Contact

Questions about this policy? Email hello@tabsmarter.com.

We've written this policy in plain English on purpose. If a regulator or your legal team needs a formal version, treat the descriptions of what data is and isn't collected as authoritative — they match what the extension actually does.