Privacy Policy

Product: Tab Organizer AI (Browser Extension)
Last updated: June 28, 2026
Effective date: June 28, 2026

Summary: Tab Organizer AI sends your tab URLs and titles to our server solely to power AI grouping features. We do not sell your data, build advertising profiles, or share your browsing history with third parties. All local caches are stored only on your device.

1. Who We Are (Data Controller)

Tab Organizer AI ("we", "us", "our") operates the browser extension of the same name. For the purposes of the EU General Data Protection Regulation (GDPR) and the UK GDPR, we act as the data controller for personal data processed through this extension.

Contact: edwardnero2020@gmail.com

2. What Data We Collect and Why

2.1 Tab Data (URLs and Page Titles)

When you use AI features (Auto-Group, Auto-Sort, Tab Summary), we transmit the URLs and page titles of your open tabs to our backend server. This data is used exclusively to generate AI-powered group suggestions via a large language model (LLM).

Legal basis (GDPR Art. 6): Legitimate interests (Art. 6(1)(f)) — necessary to deliver the core functionality you explicitly activate. Where required, consent.

2.2 Account Information

If you create an account, we collect your email address and password (hashed, never stored in plaintext). Authentication is handled by Supabase Auth. Your session token (JWT) is stored locally in chrome.storage.local and sent to our server with each AI request to verify your plan and enforce usage limits.

Legal basis: Contract performance (Art. 6(1)(b)) — required to provide subscription services.

2.3 Usage Data

We track the number of AI operations you perform (manual grouping, auto-grouping, reclassification) server-side to enforce plan limits. This data is tied to your user account and resets monthly.

Legal basis: Contract performance (Art. 6(1)(b)).

2.4 Payment Data

Premium subscriptions are processed by Stripe. We never receive or store your card number or payment details. We only receive a Stripe customer ID and subscription status via webhooks. Stripe's privacy policy applies to payment processing: stripe.com/privacy.

Legal basis: Contract performance (Art. 6(1)(b)).

2.5 Locally Stored Data (On-Device Only)

The following data is stored only on your device and never transmitted to our servers:

3. Data We Do NOT Collect

4. Data Sharing and Third Parties

Recipient Purpose Data Shared Location
Our backend server (LLM proxy) AI tab processing Tab URLs, titles, language setting, JWT token EU / as configured
Supabase Authentication & database Email, user ID, plan data EU (Frankfurt)
Stripe Payment processing Email, billing details (handled by Stripe) USA (SCCs apply)
AI/LLM provider Generating grouping/summary responses Tab URLs and titles (via our proxy) USA (SCCs apply)

We do not sell, rent, or trade your personal data. We do not share data with advertisers.

For transfers to countries outside the EEA (e.g. USA), we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission.

5. Data Retention

6. Your Rights (GDPR / UK GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights:

To exercise any of these rights, contact us at edwardnero2020@gmail.com. We will respond within 30 days.

7. Children's Privacy

Tab Organizer AI is not directed at children under the age of 16. We do not knowingly collect personal data from children. If we discover that we have collected data from a child under 16 without verifiable parental consent, we will delete it promptly.

8. Security

We use industry-standard security measures including TLS encryption for all data in transit, JWT-based authentication with short-lived tokens, and Row Level Security (RLS) policies in our database. Passwords are hashed using bcrypt by Supabase Auth.

9. Cookies and Similar Technologies

The extension itself does not use browser cookies. Our backend server may set standard HTTP session cookies for authentication flows. These are strictly necessary and not used for tracking or advertising.

10. California Privacy Rights (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request deletion of your personal information, and opt out of the "sale" of personal information. We do not sell personal information as defined under the CCPA.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via the extension's options page or by email (if you have an account). The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the extension after changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions, data subject requests, or to report a concern:
Email: edwardnero2020@gmail.com