How Data Works

OmniTab is designed with a local-first architecture. Here is exactly what that means for your data.

What stays on your device — always

The following data is stored in your browser’s local extension storage (chrome.storage.local). It never leaves your device unless you explicitly enable a connected feature.

  • Tab entities: URL, title, domain, favicon, open/closed status, timestamps (opened, last accessed, closed), window label, workspace assignment.
  • Dwell segments: Start and end timestamps and duration for each tab visit that exceeds the dwell threshold.
  • Cumulative time: Aggregated time per tab, URL, and domain.
  • Workspaces: Names, colors, icons, hierarchy, assignment rules, and window mappings.
  • Notes and clips: Freeform text notes and clipped text selections attached to specific URLs.
  • Settings and preferences: Column visibility, sort order, filter state, layout profile, hotkey configuration.
  • Pin state: Which tabs are pinned and when they were pinned.

In plain terms: OmniTab’s core features — tab tracking, dwell time, workspaces, search, notes, export — work entirely on your machine with no server involved.

What connected features add — opt-in only

Connected features expand what OmniTab can do. They are all optional and can be turned off individually at any time.

Cross-device sync — When you register a device for sync, OmniTab sends tab entity data to the server. This data is encrypted in transit. A randomly generated device ID and a user-provided device name identify your device. No hardware serial numbers or fingerprints are used.

Server-powered content — OmniTab’s server may deliver UI panels (productivity insights, announcements) as sanitized HTML rendered inside the extension. These panels are sanitized with DOMPurify before rendering. No remote JavaScript is executed.

Anonymous telemetry — OmniTab offers an optional anonymous telemetry system. It is off by default and requires explicit opt-in via Settings. When enabled, it collects only structural usage patterns — never URLs, titles, or page content. You can disable it at any time.

In plain terms: Nothing connects to a server unless you turn it on. When you do, the data is protected in transit and you can turn it off or delete it whenever you want.

What OmniTab never collects

No matter which features you enable, OmniTab never collects:

  • Page content, body text, or DOM structure (unless you explicitly clip a text selection)
  • Passwords, form inputs, or autofill data
  • Cookies, session tokens, or authentication credentials from other sites
  • Hardware fingerprints (CPU, GPU, RAM identifiers)

Your controls

You have full control over your data at every level.

Delete server data: In-app “Delete Server Data” button in Settings removes all your data from the server immediately.

Export everything: Use the export feature (CSV, JSON, tab list) to download all your local data at any time.

Disable sync: Toggle sync off and local tracking continues without any server communication.

Disable telemetry: Toggle off in Settings. Takes effect immediately.

Uninstall: Removing the extension deletes all local data. Server data is retained for 30 days, then deleted.

How your data is protected

In transit: All communication between your browser and the OmniTab server uses HTTPS/TLS encryption.

Authentication: API requests are signed with HMAC-SHA256 using a device-specific secret, preventing request forgery and replay attacks.

For the complete legal document, see the Privacy Policy.