Privacy Policy

Last updated: March 25, 2026

This Privacy Policy describes how Plurality LLC ("we," "us," or "our") collects, handles, stores, shares, and protects information when you use our Chrome extension TabCrate (the "Extension"). This policy applies to all versions of the Extension available through the Chrome Web Store.

Overview

Free tier: The free version of the Extension does not collect, transmit, or share any user data. All data is stored locally on your device using browser storage APIs. No data leaves your device under any circumstances.

Pro tier: The Pro version transmits tab data to our cloud servers for backup and cross-device sync. All tab data is encrypted on your device before transmission using AES-256-GCM. We cannot decrypt or read your tab data. We also collect your email address for account authentication. See below for full details.

Data Collection

This section describes all user data the Extension collects. No data is collected beyond what is listed here.

Free Tier

The free version of the Extension does not collect or transmit any user data. The following data is created and stored locally on your device only:

Tab URLs and page titles: Captured when you click "Save tabs." Stored locally in chrome.storage.local and IndexedDB. Never transmitted off your device.
Tab group names and colors: Captured alongside tab data when you save tabs. Stored locally in chrome.storage.local and IndexedDB. Never transmitted off your device.
User preferences and settings: Your Extension configuration choices. Stored locally in chrome.storage.local. Never transmitted off your device.

The free version does not use analytics, tracking pixels, cookies, or usage monitoring of any kind.

Pro Tier

When you upgrade to the Pro tier and explicitly enable cloud backup, we collect the following additional data:

Email address: Collected when you create a Pro account. Used solely to create and authenticate your account.
Authentication tokens: Generated when you sign in. Used solely to authenticate your API requests.
Tab data (encrypted): URLs, page titles, group names, and group colors are collected for cloud backup when you enable sync. This data is encrypted on your device before collection by our servers (see Data Handling below).
Payment information: Collected and processed entirely by Stripe through ExtensionPay. We do not receive, see, or store your credit card number, billing address, or other payment details.

Data We Do Not Collect

The Extension does not collect: browsing history, form data, passwords, keystrokes, screenshots, IP addresses, device identifiers, geolocation, health information, financial information (other than via Stripe for payment), authentication information beyond what is listed above, web browsing activity, or any data from the content of pages you visit.

Summary Table

Data Type	Free Tier	Pro Tier	Transmitted Off Device?
Tab URLs	Stored locally only	Stored locally + encrypted cloud backup	No (Free) / Yes, encrypted (Pro)
Page titles	Stored locally only	Stored locally + encrypted cloud backup	No (Free) / Yes, encrypted (Pro)
Tab group names & colors	Stored locally only	Stored locally + encrypted cloud backup	No (Free) / Yes, encrypted (Pro)
User preferences & settings	Stored locally only	Stored locally only	No
Email address	Not collected	Stored in chrome.storage.sync + Supabase	N/A (Free) / Yes (Pro)
Authentication tokens	Not collected	Stored locally, sent to Supabase for auth	N/A (Free) / Yes (Pro)
Payment information	Not collected	Collected and handled entirely by Stripe	N/A (Free) / Yes, to Stripe only (Pro)

Data Handling

This section describes how user data is handled, processed, and used after collection.

Free Tier

All data remains on your device at all times. The Extension reads your open tabs only when you explicitly click "Save tabs." The captured data (URLs, page titles, group names, group colors) is written directly to local browser storage (chrome.storage.local and IndexedDB). No data is transmitted, processed on a remote server, or accessed by us in any way. We have zero access to free-tier user data.

Pro Tier

Pro-tier data is handled as follows:

Tab data encryption and transmission: When you save tabs with cloud sync enabled, the Extension encrypts your tab data (URLs, page titles, group names, group colors) on your device using AES-256-GCM before it leaves the browser. The encryption key is derived locally on your device and is never transmitted to our servers. The encrypted ciphertext is then sent over HTTPS (TLS 1.2+) to our cloud database (Supabase), where it is stored in its encrypted form. We cannot decrypt, read, or otherwise access your tab data on our servers.
Email address handling: Your email address is sent over HTTPS to Supabase to create your account record. It is also stored in chrome.storage.sync, which syncs through Google's infrastructure to maintain your login state across Chrome instances. We use your email address only for account authentication and to contact you about material changes to this policy. We do not use your email address for marketing.
Authentication token handling: Session tokens are generated by Supabase when you sign in. Tokens are stored locally in chrome.storage.local and sent over HTTPS with each API request to verify your identity. Tokens expire automatically and are cleared on logout or uninstallation.
Payment handling: When you initiate a purchase, you are directed to a Stripe-hosted payment form (via ExtensionPay). All payment data is collected, processed, and stored by Stripe. We receive only a confirmation of payment status (active/inactive). We never receive, handle, or store your payment card details, billing address, or other financial information.

Purpose of Data Handling

Data	How It Is Used	Legal Basis
Tab URLs, page titles, group names, group colors	Stored locally for tab organization (Free). Encrypted and backed up to cloud for disaster recovery and cross-device sync (Pro).	Consent (installation / Pro opt-in)
Email address	Create and authenticate your Pro account, maintain login state across browsers	Consent (Pro account creation)
Authentication tokens	Verify your identity for authenticated API requests	Consent (Pro account creation)
Payment information	Process your Pro subscription payment (handled entirely by Stripe)	Contract performance

We do not use any collected data for advertising, user profiling, analytics, data mining, or any purpose other than providing the Extension's functionality as described in this policy.

Data Storage

This section describes where and how user data is stored, and the security measures in place.

Free Tier

Storage location: All data is stored exclusively on your device using chrome.storage.local and IndexedDB.
Access: We have no access to locally stored data. It never leaves your browser.
Protection: Data is protected by your operating system's user account security, Chrome's built-in extension sandboxing, and your device's physical security.

Pro Tier

Local storage: A local copy of your tab data, settings, and authentication tokens is stored on your device using chrome.storage.local and IndexedDB, the same as the free tier.
Cloud storage location: Encrypted tab data and your email address are stored in Supabase's cloud infrastructure (hosted on AWS). Your email is also stored in Google's infrastructure via chrome.storage.sync.
Encryption at rest: Tab data stored on our servers remains in its AES-256-GCM encrypted form. The decryption key exists only on your device.
Encryption in transit: All data transmitted between your browser and our servers uses HTTPS (TLS 1.2 or higher).
Access control: Server-side data access is restricted by Supabase row-level security (RLS) policies, ensuring each user can only access their own data. Because encryption occurs client-side, neither we nor Supabase can read your tab data.
Payment data storage: Payment information is stored by Stripe under their PCI-DSS compliant infrastructure. We do not store any payment data.

Data Sharing

This section describes all parties with whom user data is shared.

We do not sell, rent, trade, or otherwise transfer your personal information to any third party for marketing, advertising, or any unrelated purpose.

Free Tier

No data is shared with any third party. All data remains on your device. The free version of the Extension makes no network requests and transmits no data to us or to any third party.

Pro Tier

For Pro users, the following data is shared with third-party service providers solely to operate the Extension's cloud features:

Third Party	Data Shared	Purpose	Their Privacy Policy
Supabase (hosted on AWS)	Encrypted tab data (ciphertext that we cannot decrypt), email address, authentication tokens	Cloud database for encrypted backup, cross-device sync, and user authentication	supabase.com/privacy
Stripe (via ExtensionPay)	Payment details (collected directly by Stripe from you; we do not receive or handle this data)	Payment processing for Pro subscriptions	stripe.com/privacy
Google (via chrome.storage.sync)	Email address	Sync your login state across your Chrome browser instances	policies.google.com/privacy

No data is shared with any party other than those listed above. We do not share data with data brokers, advertisers, analytics providers, or any other third parties.

User Consent

We obtain your consent before collecting or transmitting any data:

Free tier (consent by installation): By installing the Extension, you consent to the local storage of tab data on your device using chrome.storage.local and IndexedDB. No data is transmitted off your device, so no further consent is required.
Pro tier (explicit opt-in): Cloud backup and data transmission only begin after you (1) voluntarily create a Pro account by providing your email address and (2) explicitly enable cloud sync. You are presented with a clear disclosure of what data will be transmitted before sync begins. You may revoke this consent at any time by disabling cloud sync in the Extension's settings.
Payment (explicit consent): Payment information is collected by Stripe only when you voluntarily initiate a purchase. We do not receive or handle payment details.

You can opt out of cloud data collection at any time by disabling cloud sync from the Extension's settings page, or by uninstalling the Extension entirely.

Chrome Extension Permissions

The Extension requests the following browser permissions and uses them solely as described:

Permission	What It Accesses	Why It Is Needed
`tabs`	URLs and titles of your open tabs	To save and organize tabs when you choose to store them
`tabGroups`	Tab group names and colors	To preserve your tab group organization when saving
`storage`	chrome.storage.local and chrome.storage.sync	To persist your saved tabs, settings, and login state

These permissions are invoked only when you interact with the Extension (e.g., clicking "Save tabs"). The Extension does not run in the background, monitor your browsing activity, or access tab data without your explicit action.

Cookies and Tracking Technologies

The Extension does not use cookies, tracking pixels, web beacons, fingerprinting, analytics SDKs, or any other tracking technology. We do not track browsing activity, usage patterns, or behavioral data. The Extension contains no telemetry of any kind.

The tabcrate.xyz website may use standard server logs (IP address, browser type, pages visited) to maintain site availability. These logs are not linked to your Extension usage and are automatically deleted after 30 days.

Data Retention and Deletion

Retention Periods

Data	How Long It Is Kept
Local tab data and settings (Free and Pro)	Until you delete it within the Extension or uninstall the Extension
Cloud-stored encrypted tab data (Pro)	Until you request deletion or delete your account
Email address (Pro)	Until you request deletion or delete your account
Authentication tokens (Pro)	Until session expiry, logout, or uninstallation
Payment records (Stripe)	Per Stripe's retention policy (we do not control this data)

How to Delete Your Data

Free tier: Uninstalling the Extension immediately and permanently deletes all locally stored data. You can also delete individual saved sessions from within the Extension at any time.
Pro tier, cloud data: You may request deletion of all your cloud-stored data at any time by emailing legal@beplurality.com. Within 7 days of your request, we will permanently delete your Supabase account, encrypted tab backups, email address, and all sync metadata from our servers.
Pro tier, subscription vs. data: Canceling your subscription stops cloud backup but does not automatically delete your stored data. You must request deletion separately.
Local data after server deletion: After server-side deletion, local extension data (session tokens, preferences, and sync metadata) remains on your device. This data is permanently removed when you uninstall the Extension, or you can clear it manually through Chrome's extension storage settings (chrome://extensions, then TabCrate, then Details, then Clear data).

Children's Privacy (COPPA Compliance)

The Extension is not directed at children under the age of 13. We do not knowingly collect, use, or disclose personal information from children under 13. The Extension does not include any content or features designed to appeal to children.

If you are a parent or guardian and believe your child under 13 has provided personal information through the Extension, please contact us immediately at legal@beplurality.com. We will take steps to delete such information from our servers within 7 days.

Your Rights

Depending on your location, you may have the following rights under applicable data protection laws (including GDPR, CCPA/CPRA, and similar regulations):

Right to know / access: You may request a copy of the personal data we hold about you.
Right to correction: You may request that we correct inaccurate personal data.
Right to deletion: You may request that we delete your personal data. See "Data Retention and Deletion" above.
Right to portability: You may request your data in a structured, machine-readable format.
Right to opt out of sale: We do not sell personal data.
Right to non-discrimination: We will not discriminate against you for exercising any of these rights.

To exercise any of these rights, contact us at legal@beplurality.com. We will respond within 30 days.

California residents (CCPA/CPRA): In the preceding 12 months, we have not sold any personal information. The categories of personal information we collect are limited to those listed in the "Data Collection" section above. You may designate an authorized agent to make requests on your behalf.

Google API Disclosure

The Extension's use of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. Specifically:

Data obtained through Chrome APIs is used only to provide the Extension's core functionality (tab saving and organization).
Data is not transferred to third parties except as necessary to provide the Extension's features (cloud backup for Pro users), with user consent.
Data is not used for advertising, creditworthiness assessment, or any unrelated purpose.
Data is not used by humans to read your content, except to comply with applicable laws or with your explicit consent.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, for material changes, we will notify you through the Extension or by email (if you have a Pro account). Continued use of the Extension after changes are posted constitutes your acceptance of the revised policy.

Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Plurality LLC
legal@beplurality.com