Privacy
TabNotes Privacy Policy
Effective July 14, 2026. TabNotes is operated by Manoj Mallick. Contact admin@learnhubplay.nl for privacy questions or requests.
TabNotes is a local-first Chrome extension for attaching notes to browser tabs, URLs, domains, and web pages. A first-use privacy notice appears before TabNotes reads or saves page or note content. Local notes work without optional analytics or remote AI.
Your choices
Optional analytics and remote AI are separate and off by default. You can enable, change, or withdraw either choice in Dashboard → Privacy. Withdrawing analytics deletes its event queue, funnel state, and generated device identifier. Delete browser data clears local and Chrome-synced TabNotes records, credentials, diagnostics, license metadata, and consent records from that browser profile.
Data stored by the extension
When you use the related feature, TabNotes may process note titles and text, Markdown, checklists, tags, colors, positions, images, OCR text, reminders, templates, source page titles and addresses, selected text, highlights, anchors, settings, blocked domains, encryption metadata, license state, AI provider configuration, and allowlisted diagnostic codes.
Purposes and legal bases
Local note functions, requested sync, exports, licensing, and support are processed to provide the service or take steps you request. Security and tightly limited reliability records may rely on legitimate interests. Optional analytics and remote AI rely on your specific consent. Payment, tax, accounting, refund, and dispute records may be retained to meet legal obligations. TabNotes does not make automated decisions that produce legal or similarly significant effects.
Local storage
By default, notes and settings stay in Chrome extension storage. Website capture defaults are local-only. Browser diagnostics are kept for up to 30 days and contain only an allowlisted issue code, extension surface, timestamp, and count; they exclude note content, selections, page addresses, credentials, and raw exception messages. Analytics identifiers and funnel records are not created without analytics consent.
Chrome sync
Chrome Sync is optional and starts after a size review. If enabled, eligible notes and settings may be stored by Google and associated with your Chrome profile. Oversized images and older history may remain local.
Screenshots and images
Screenshots are captured only after you choose that action, and uploaded images are read only after you select a file. Attachments remain local unless included in enabled sync or an export you start. Browser OCR uses local browser APIs when available.
AI features
Local fallback runs in the extension, and loopback LLM endpoints stay on your device. Remote AI is blocked until you opt in and confirm you are at least 18. Every remote note action shows an editable payload before sending, with email, web-address, and captured-source redaction enabled by default.
TabNotes hosted AI sends reviewed text to the TabNotes AWS API in eu-central-1 and then to the paid Google Gemini API with stateless processing and store: false. Paid-service prompts and responses are not used to improve Google products, but limited abuse-monitoring retention may apply. Bring-your-own-provider requests go to the provider you configure.
Payments and licensing
Stripe hosts payment collection; TabNotes does not receive full card details. The AWS license service retains a hashed license lookup plus Stripe customer or subscription state. Transaction, tax, refund, and dispute records may be retained where legally required.
Optional analytics
Analytics are off by default. With consent, TabNotes may queue coarse install, activation, review, and license milestones. Payloads exclude note text, selections, images, page titles and addresses, provider keys, and raw license keys. Sending the queue requires a configured HTTPS endpoint and your Send queued events action.
Recipients and transfers
Depending on your choices, recipients may include Google Chrome Sync, AWS, Google Gemini, Stripe, and a provider endpoint you configure. Providers may process data outside your country under their applicable data-processing and transfer terms. TabNotes does not sell personal data or use browsing activity for advertising, credit, or data-broker purposes.
Retention, exports, and deletion
Browser data remains until you delete it, clear extension storage, or uninstall TabNotes. Local diagnostics are limited to 30 days and AWS infrastructure logs to up to 30 days. Optional analytics remain until sent, reset, consent is withdrawn, or browser data is deleted. Exports occur only when you start them; encrypted backups require the correct passcode to restore.
Your rights
Depending on your location, you may request access, correction, deletion, restriction, portability, or objection, and withdraw consent at any time. You may complain to the data-protection authority where you live, work, or believe an infringement occurred. Most extension data is managed directly in Dashboard → Privacy. For server-held licensing or payment records, email admin@learnhubplay.nl.
Security and Chrome Web Store Limited Use
TabNotes uses HTTPS, purpose-limited payloads, optional custom-host access, AI send review, local credential clearing, encrypted backups, short-lived hosted-AI authorization, and privacy-minimized logs.
The use of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. TabNotes uses data only to provide or improve its disclosed single purpose and never for advertising or sale.
Changes
Material policy changes update the effective date and the in-product notice version so you can review the choices again.
Contact
Contact TabNotes through the public support page or by email at admin@learnhubplay.nl.