Back to TabbJam

Privacy Policy

Last updated: April 25, 2026

The short version

We collect your email to create your account. We store your bookmarks if you choose Full Access mode. We cannot read your bookmarks in Encrypted mode. We do not sell, share, or monetize your data. We do not run ads. We do not track you.

What we collect

  • Account info: email address, display name, hashed password
  • Bookmarks (Full Access mode only): URLs, titles, descriptions, tags, folders
  • Encrypted vault (Encrypted mode): an opaque encrypted blob we cannot read
  • Settings: your preferences (weather zip, timer config, theme)
  • Bookmark activity (Full Access mode only): click counts and last-clicked timestamps on your bookmarks — used solely to power your "most used" and "last used" sort options. This data is yours, visible only to you, and never shared or used for analytics.
  • Usage: timer sessions, notes (stored per-user, not shared)
  • Payment: PayPal subscription ID (we do not store credit card numbers)

What we do NOT collect

  • Browsing history
  • IP addresses (beyond what is needed for rate limiting)
  • Device fingerprints
  • Analytics, behavioral tracking, or ad-related data
  • Third-party cookies

Encrypted mode

In Encrypted mode, your bookmarks are encrypted in your browser using AES-256-GCM with a key derived from your passphrase (PBKDF2, 600,000 iterations). The encrypted data is stored on our server as an opaque blob. We cannot decrypt, read, or recover this data. Your passphrase never leaves your browser.

AI features

AI organization features use your own API key. When you use AI features, your bookmark data is sent to the AI provider you chose (Anthropic or OpenAI) using your key. We do not store AI responses. Your API key is encrypted at rest on our server.

Browser extension permissions

The TabbJam browser extension requests only the permissions it needs:

  • bookmarks: read and sync your browser bookmarks
  • storage: save your sync preferences and session locally
  • alarms: schedule automatic background sync every 5 minutes and the daily link health check
  • tabs: read open-tab metadata (URL, title, group association) so tab groups can be synced across browsers
  • tabGroups: read and recreate tab group titles, colors, and collapsed state on other devices
  • host permission (tabbjam.com): communicate with the TabbJam server for sync — no third-party hosts are accessed

The extension does not read page content, browsing history, or any data beyond your bookmarks and tab groups. The extension does not execute remote code — all JavaScript ships in the package.

Cookies and local storage

We use a single session cookie for authentication. The browser extension uses local storage for your sync preferences. We do not use tracking cookies, advertising cookies, or any third-party cookies.

Data storage

Data is stored on Neon (PostgreSQL, AWS us-east-2) and served via Vercel. Backups are handled by Neon. All connections use TLS encryption in transit.

Data export and deletion

You can export all your bookmarks as an HTML file at any time. You can delete your entire account from Settings, which permanently removes all your data from our servers immediately.

Third parties

  • Vercel: hosting (processes HTTP requests)
  • Neon: database (stores your data)
  • PayPal: payment processing
  • Resend: transactional email (welcome, password reset)
  • Anthropic/OpenAI: AI features (only if you use them, with your key)

We do not share your data with anyone else.

Children

TabbJam is not intended for children under 13. We do not knowingly collect data from children.

Changes

We may update this policy. Material changes will be communicated via email.

Contact

Questions? Email steve@mediagato.com