Privacy Policy

Last updated: March 22, 2026

TabBrain ("we", "our", "the extension") is a Chrome extension that tracks your browsing activity to build a searchable, AI-summarized memory of your tabs and sessions. This policy explains what data we collect, how we use it, and your choices.

What We Collect

Browsing activity (stored locally on your device):

• URLs and page titles of every page you visit
• Timestamps: when you opened, last interacted with, and closed each tab
• Tab and window identifiers (numeric IDs assigned by Chrome)
• Short text snippets extracted from pages (typically the first ~500 characters of visible text) for search indexing
• User interaction signals: whether you scrolled, clicked, or typed on a page (used to determine tab activity — we do not log keystrokes, mouse coordinates, or input content)
• Navigation relationships: which page led to which other page (link clicks, search results)

AI-generated metadata (stored locally, processed server-side):

• Short summaries of each page visit (1-2 sentences)
• Intent labels describing what you were doing (e.g., "Researching authentication libraries")
• Session summaries grouping related visits

Account data (only if you sign in):

• Email address (used for magic link authentication)
• Authentication tokens (generated server-side, stored in Chrome sync storage)
• API tokens for MCP integration (generated on request, stored server-side)

What We Do NOT Collect

• Passwords, form inputs, or keystrokes
• Full page content or screenshots
• Financial, health, or payment information
• Location data or IP addresses (beyond what is incidentally logged by our hosting provider in standard server access logs)
• Data from incognito/private browsing windows
• API keys or secrets of any kind on your device

How Data Is Stored

On your device: All browsing data (visits, sessions, navigation graphs) is stored locally in your browser's IndexedDB. This data never leaves your device unless you opt in to cloud sync by signing in.

On our servers (only if signed in): When you sign in and enable cloud sync, visit metadata (URLs, titles, timestamps, AI summaries) is synced to our backend hosted on Cloudflare Workers with D1 (SQLite) storage. Data is encrypted in transit via HTTPS. We do not store full page content on our servers.

How We Use Your Data

• Tab tracking and reaping: We monitor your open tabs to detect stale ones and close them automatically based on your configured thresholds.
• Search and memory: Visit data, snippets, and AI summaries power the search, timeline, and Ask features so you can find pages by description, not just URL.
• AI enrichment: When signed in, page titles, URLs, and short snippets are sent to our Cloudflare Worker, which calls the Anthropic API (Claude) to generate summaries and intent labels. Anthropic processes this data under their API privacy policy, which does not use API inputs for model training.
• Cloud sync: If signed in, visit metadata syncs across your devices via our backend.
• MCP integration: If you generate an API token, external tools (like Claude Code) can query your browsing history through our API.

Third-Party Services

• Cloudflare: Our backend runs on Cloudflare Workers. Data is stored in Cloudflare D1. See Cloudflare's privacy policy.
• Anthropic: AI summaries are generated using the Anthropic API (Claude). Page metadata (not full content) is sent for processing. See Anthropic's privacy policy.
• Resend: Magic link authentication emails are sent via Resend. Your email address is shared with Resend for this purpose only. See Resend's privacy policy.

Your Choices

• Use without signing in: TabBrain works fully offline. Without signing in, no data leaves your device. AI features will not be available.
• Delete local data: Uninstalling the extension removes all local data. You can also clear IndexedDB data through Chrome's developer tools.
• Delete server data: Contact us at support@tabbrain.fyi to request deletion of your server-side data. We will process deletion requests within 30 days.
• Domain allowlist: You can configure domains that should never be auto-closed by the reaper. TabBrain still tracks visits to these domains.
• Revoke MCP tokens: API tokens for MCP integration can be revoked by signing out or contacting support.

Data Retention

Local data persists until you uninstall the extension or clear your browser data. Server-side data for signed-in users is retained as long as your account exists. If you sign out and request deletion, we remove your data within 30 days.

Security

All data in transit is encrypted via HTTPS/TLS. Server-side data is stored in Cloudflare's infrastructure with their security controls. No API keys or secrets are stored on your device. Authentication uses short-lived magic link tokens.

Children's Privacy

TabBrain is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided data to us, contact us and we will delete it.

Changes to This Policy

We may update this policy as TabBrain evolves. Significant changes will be communicated through the extension's update notes or our website. The "Last updated" date at the top reflects the most recent revision.

Contact

For privacy questions, data deletion requests, or concerns:

• Email: support@tabbrain.fyi
• GitHub: tabbrain-support