Back to TabbJam

Privacy Policy

Last updated: March 22, 2026

The short version

We collect your email to create your account. We store your bookmarks if you choose Full Access mode. We cannot read your bookmarks in Encrypted mode. We do not sell, share, or monetize your data. We do not run ads. We do not track you.

What we collect

  • Account info: email address, display name, hashed password
  • Bookmarks (Full Access mode only): URLs, titles, descriptions, tags, folders
  • Encrypted vault (Encrypted mode): an opaque encrypted blob we cannot read
  • Settings: your preferences (weather zip, timer config, theme)
  • Usage: timer sessions, notes (stored per-user, not shared)
  • Payment: PayPal subscription ID (we do not store credit card numbers)

What we do NOT collect

  • Browsing history
  • IP addresses (beyond what is needed for rate limiting)
  • Device fingerprints
  • Analytics or tracking data
  • Third-party cookies

Encrypted mode

In Encrypted mode, your bookmarks are encrypted in your browser using AES-256-GCM with a key derived from your passphrase (PBKDF2, 600,000 iterations). The encrypted data is stored on our server as an opaque blob. We cannot decrypt, read, or recover this data. Your passphrase never leaves your browser.

AI features

AI organization features use your own API key. When you use AI features, your bookmark data is sent to the AI provider you chose (Anthropic or OpenAI) using your key. We do not store AI responses. Your API key is encrypted at rest on our server.

Data storage

Data is stored on Neon (PostgreSQL, AWS us-east-2) and served via Vercel. Backups are handled by Neon. All connections use TLS encryption in transit.

Data export and deletion

You can export all your bookmarks as an HTML file at any time. You can delete your entire account from Settings, which permanently removes all your data from our servers immediately.

Third parties

  • Vercel: hosting (processes HTTP requests)
  • Neon: database (stores your data)
  • PayPal: payment processing
  • Resend: transactional email (welcome, password reset)
  • Anthropic/OpenAI: AI features (only if you use them, with your key)

We do not share your data with anyone else.

Children

TabbJam is not intended for children under 13. We do not knowingly collect data from children.

Changes

We may update this policy. Material changes will be communicated via email.

Contact

Questions? Email steve@mediagato.com