Privacy Policy

Tabgrove is local-first. Everything you save stays in your browser unless you explicitly sign in for cloud sync. We don't sell data, we don't run ads, we don't track you across the web.

Tabgrove is operated as a sole proprietorship by Andrii Shcherbiak. For any privacy-related request, write to [email protected].

• Items you save. Title, URL, favicon, intent notes, scheduled dates, and the space you place them in. Collected only when you explicitly trigger the save popup (Cmd/Ctrl+Shift+S).
• Spaces you create. Name, color, icon.
• Preferences. Your display name (optional), theme choice, pinned shortcuts.
• Screenshots. Only when you manually capture them. Full-tab or region-select; never automatic.
• Account data (signed-in users only). Email address from Google sign-in; subscription tier; Stripe customer ID if you upgrade to Pro.

• Your general browsing history or activity.
• Page contents outside what you explicitly save.
• Keystrokes, mouse movements, or any behavioral telemetry.
• Analytics events — no Google Analytics, no Mixpanel, nothing.
• Advertising or ad-network data. There are no ads.

• Contract (Art. 6(1)(b)) — processing necessary to provide the service you signed up for: storing your items, running your Pro subscription, processing payments.
• Legitimate interest (Art. 6(1)(f)) — keeping the service secure (e.g. abuse detection on sign-in flows) and responding to your support requests.
• Legal obligation (Art. 6(1)(c)) — tax and accounting records for paid subscriptions, where required by applicable law.

We do not rely on consent-based tracking because Tabgrove does not track you.

Tabgrove can surface your most-visited sites as one-click shortcuts on the home view. This is opt-in: the permission is requested on-demand, only when you enable the feature in Settings. Data from chrome.history is read and rendered locally — it never leaves your device.

• Free plan: chrome.storage.sync — Chrome's built-in encrypted storage. Syncs across your own Chrome profiles via your Google account. 100KB limit.
• Pro plan: Supabase Postgres + Supabase Storage, both TLS-encrypted in transit and at rest. Accessible only with your authenticated session. Row-level security ensures you can only read and modify your own data.

When you use the Pro plan, the following processors handle your data on our behalf. Each operates under its own published data processing terms, which we have accepted, and processes data only as needed to provide its service:

• Supabase (Supabase Inc., US) — authenticated database, storage, and edge functions. See supabase.com/privacy.
• Stripe (Stripe, Inc., US) — payment processing for Pro subscriptions. Tabgrove never sees or stores your card number. See stripe.com/privacy.
• Google (Google LLC, US) — OAuth sign-in (email + profile claims only). See policies.google.com/privacy.
• Vercel (Vercel, Inc., US) — hosting for this marketing site. Receives standard HTTP access logs. See vercel.com/legal/privacy-policy.
• Cloudflare (Cloudflare, Inc., US) — DNS and edge CDN for tabgrove.com. Processes request metadata. See cloudflare.com/privacypolicy.
• ImprovMX (PMXmail SARL, France) — inbound email forwarding for[email protected]. See improvmx.com/privacy.

Our subprocessors are primarily based in the United States. Where your personal data is transferred outside the European Economic Area or the United Kingdom, the transfer is protected by the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or equivalent safeguards as required by applicable law.

• Free plan: data lives in your browser until you delete it or uninstall the extension. Tabgrove has no server-side copy.
• Pro plan: account data is retained for as long as your account is active. On deletion request we remove your database records and storage files within 30 days.
• Stripe: billing records are retained by Stripe for at least 7 years as required by financial record-keeping regulations; we cannot shorten this.
• Support email: threads are retained for up to 2 years for context; we delete on request.

Under the GDPR (EU/UK) and CCPA (California), you have the following rights. To exercise any of them, email [email protected] from the address associated with your account. We respond within 30 days.

• Access. Everything you've saved is visible in the extension. On request we provide a machine-readable copy of any Pro account data we hold.
• Erasure ("right to be forgotten"). Free users can uninstall the extension to erase local data. Pro users can request full account deletion; we remove database records and storage files within 30 days.
• Portability. Pro users can request a CSV or JSON export of their items via support email. Native in-app export is on the roadmap.
• Rectification. All user-editable fields are directly modifiable inside the extension. Email us for anything else.
• Objection / restriction. You can object to or restrict processing at any time; in practice this means cancelling your Pro subscription and/or requesting deletion.
• Complaint. You have the right to lodge a complaint with your local data protection authority.

We do not sell or share your personal information within the meaning of California's Consumer Privacy Act. We have never done so and have no plans to. The categories of personal information we collect are listed under "Data Tabgrove collects" above. You retain the right to know, delete, and opt out of any future sale (which would never happen without your explicit consent and an updated policy).

Tabgrove is not intended for users under 13. We don't knowingly collect data from children. If you believe a child has provided us data, contact [email protected] and we'll remove it.

Pro data is served over TLS and encrypted at rest in Supabase. Database access is gated by row-level security policies that restrict each user to their own rows. Access to operational systems is limited to the solo operator and uses hardware-backed MFA. In the event of a data breach affecting your personal data, we will notify you and relevant authorities as required by applicable law (within 72 hours under the GDPR).

Material changes will be announced via the extension and this page's "Last updated" date. Continued use after changes constitutes acceptance.

Questions, requests, or concerns: [email protected]