Privacy Policy

Last updated: February 25, 2026

ABOOTO PTE. LTD. ("we", "us", "our") operates the Tabkit Chrome extension and related services. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use Tabkit.

Google Limited Use Notice: Tabkit's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. Tabkit also complies with the Chrome Web Store User Data Policy. We limit our use of data obtained through Chrome APIs to providing and improving Tabkit's core functionality; we do not sell this data, use it for advertising, or transfer it to third parties for purposes unrelated to the extension's functionality.

1. Data We Collect

Account data: When you sign in with Google OAuth, we receive your email address, display name, and profile picture from Google. We do not receive or store your Google password.

Bookmarks: Titles, URLs, descriptions, and tags of bookmarks you save or import into Tabkit. This data is stored on our servers to enable cross-device sync and AI features.

AI conversations: Questions you ask the AI assistant and the responses generated. Stored to provide conversation history.

Usage data: Anonymized analytics such as feature usage frequency. We do not track individual browsing history outside of Tabkit.

2. How We Use Your Data

• To provide and maintain the Tabkit service (bookmark management, AI assistant, trending feeds)
• To authenticate your identity via Google OAuth
• To generate AI-powered tag suggestions and search results for your bookmarks
• To improve the product through anonymized usage analytics

3. Data Storage and Security

Your data is stored in Supabase (hosted on AWS) with encryption at rest and in transit (TLS 1.2+). Our API runs on Cloudflare Workers with global edge deployment.

Access tokens are stored in Chrome's session storage (cleared when the browser closes). Refresh tokens are stored in Chrome's local storage.

4. Third-Party Services

We do not sell your personal data to any third party. Data is shared only with the following service providers as necessary to operate Tabkit:

• Google OAuth: For authentication. Subject to Google's Privacy Policy.
• Supabase: Database and authentication infrastructure.
• Cloudflare: API hosting, CDN, and DDoS protection.
• Cloudflare Workers AI: On-device AI features including tag suggestions, semantic search, and the AI assistant. Your bookmark metadata and queries are processed but not stored by Cloudflare AI.
• LemonSqueezy: Payment processing for subscriptions. We do not store payment card details.

5. Data Retention

Your data is retained as long as your account is active. When you delete your account (available in Settings), all associated data (profile, bookmarks, tags, conversations) is permanently deleted within 30 days.

6. Your Rights

You have the right to:

• Access: Export all your data as JSON from Settings.
• Delete: Delete your account and all data from Settings.
• Portability: Export your bookmarks in standard formats.

These rights apply under PDPA (Singapore), GDPR (EU), and similar data protection regulations.

7. Chrome Extension Permissions

• storage: To save your preferences and authentication tokens locally.
• bookmarks: To read Chrome bookmarks for the one-click import feature. We only access bookmarks when you explicitly trigger an import.
• activeTab: To read the current page's title and URL when you save a bookmark via the popup.
• tabs: To detect the current tab's information for the quick-save popup and to manage tab navigation.
• scripting: To extract page metadata (title, description, favicon) when saving a bookmark via the popup.
• search: To perform web searches using your browser's default search engine from the command palette.
• identity: To facilitate Google OAuth sign-in.
• alarms: To schedule periodic tasks such as token refresh and data sync.

8. Children's Privacy

Tabkit is not intended for children under 13. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated through the extension or via email.

10. Contact Us

For privacy-related questions or data requests, contact us at [email protected].

ABOOTO PTE. LTD., Singapore