Tabsome Privacy Policy

Tabsome transforms your new tab into a customizable dashboard. We design Tabsome to work locally in your browser with minimal data collection. This policy explains what data is handled, why, and how you stay in control.

Overview

• No tracking: We do not track your browsing history or sell your data.
• Sync: Settings and Speed Dials are stored using chrome.storage.sync to keep them across your devices.
• Optional features: Clipboard import/export only run when you enable or use them.
• AI queries: When you use the AI feature, your prompt and recent chat context are sent to the AI provider (Mistral) to generate responses. Tabsome does not read or transmit your browsing data.

What data we store

• Extension settings (theme, layout, background, toggles) via chrome.storage.sync.
• Speed Dials you create (title, URL, optional image/color/folder) via chrome.storage.sync.
• Optional AI chat history (local) to provide chat context so you can continue conversations without repeating previous prompts.

We do not collect or store personal information.

What data we do not collect

• No analytics, tracking pixels, or advertising identifiers.
• No background collection of your browsing history or page content.
• No cookies are set by the extension.

Permissions and why we need them

• storage: Save and sync your preferences and Speed Dials across sessions/devices.
• tabs: Send live updates (e.g., changed settings or Speed Dials) to open Tabsome New Tab pages by identifying those tabs.
• activeTab: When you click the popup to add the current site, read the active tab’s URL/title/icon to prefill the form.
• alarms: Schedule periodic background tasks (for example, polling a backend service or checking for updates). This permission does not provide access to browsing history or personal page content.
• clipboardRead / clipboardWrite (optional): On your explicit action, import/export Speed Dials via the clipboard.

Host permissions and external services

• https://api.openweathermap.org/*: Retrieve weather data for the weather widget. May send your chosen city/coordinates.
• https://suggestqueries.google.com/*: Fetch search suggestions as you type. Sends your query terms to Google Suggest.
• https://tabsome-backend.vercel.app/*: Serve resources (images, Speed Dials, and widget data) hosted on our backend to keep the extension lightweight. These resources are fetched on demand when needed by the features you use.
• AI provider (Mistral): When you use the AI feature, your prompt and recent chat context are sent to Mistral to generate a response. Tabsome does not read or transmit your browsing history—only the content you explicitly provide via the AI UI is sent to the provider.

We do not send your browsing history to these services. Requests are limited to the features you use.

Clipboard handling

Clipboard access is strictly user-initiated. Tabsome reads from or writes to the clipboard only when you click Import/Export. No background clipboard access occurs.

Top Sites

Tabsome no longer includes a Top Sites feature and does not request or use the chrome.topSites permission. We do not access or display your frequently visited sites.

Remote code and sandboxing

Tabsome’s core pages (New Tab, Options, Popup, Service Worker) do not execute remote scripts. An optional Spotlight widget area runs user-provided HTML/CSS/JS inside a browser sandboxed page that is isolated from extension privileges. Sandboxed content cannot access extension APIs or storage.

If you prefer not to use Spotlight’s custom code capability, simply don’t ask it from AI.

Data retention and deletion

• Your device: Remove all data by uninstalling the extension or using in-app reset options. You can also clear specific settings and Speed Dials in the UI.
• Sync: If Chrome Sync is enabled, items in chrome.storage.sync are associated with your Google account per Chrome’s sync behavior. You can clear them via Chrome settings.
• AI provider: Requests sent to the AI API are transmitted to generate responses. Refer to the AI provider’s retention policy.

Security

• Runs primarily client-side within the browser’s extension sandbox.
• Minimal host permissions and optional permissions requested only when needed.
• Sanitization is applied to AI-rendered content to reduce XSS risk in UI rendering contexts.

Changes to this policy

We may update this policy to reflect improvements or new features. Material changes will be noted by updating the “Last updated” date above.

Contact

If you have questions or requests related to privacy, data access, or deletion, contact: ksr.jena@gmail.com

← Back to Tabsome Home