Privacy Policy

Last updated: March 11, 2026

Looking for a plain-language explanation? See How Data Works for a non-legal overview of how OmniTab handles your data.

Overview

OmniTab is a Chrome browser extension that tracks tab activity, dwell time, and workspace organization to help you understand and improve how you use the web. This policy explains what data OmniTab collects, where it is stored, and what controls you have.

The short version: OmniTab works locally by default. No data leaves your browser unless you explicitly enable connected features such as cross-device sync or telemetry. We do not sell your data. We do not serve ads to paid users.

What data OmniTab collects

Data stored locally on your device (always)

OmniTab stores the following in your browser’s local extension storage (chrome.storage.local). This data never leaves your device unless you enable a connected feature:

Tab entities: URL, title, domain, favicon, open/closed status, timestamps (opened, last accessed, closed), window label, workspace assignment.
Dwell segments: Start/end timestamps and duration for each tab visit that exceeds the dwell threshold.
Cumulative time: Aggregated time per tab, URL, and domain.
Workspaces: Names, colors, icons, hierarchy, assignment rules, and window mappings.
Notes and clips: Freeform text notes and clipped text selections attached to specific URLs.
Settings and preferences: Column visibility, sort order, filter state, layout profile, hotkey configuration.
Pin state: Which tabs are pinned and when they were pinned.

Data sent to our server (only when you enable connected features)

When you register a device for cross-device sync, OmniTab sends the following to our server:

Device information: A randomly generated device ID, device name (user-provided), browser version, operating system. No hardware serial numbers or fingerprints.
Tab entity data: The same entity data listed above, encrypted in transit using your sync group’s encryption key.
Notes and clips: Encrypted before transmission. The server cannot read your note content.
Heartbeat metadata: Timestamp, sync revision cursor, active personality ID, active layout profile. Used for sync protocol operation.

Data we never collect

Browsing history beyond what you see in the OmniTab dashboard
Page content, body text, or DOM structure (unless you explicitly clip a text selection)
Passwords, form inputs, or autofill data
Cookies, session tokens, or authentication credentials from other sites
Hardware fingerprints (CPU, GPU, RAM identifiers)

Anonymous telemetry (opt-in only)

OmniTab offers an optional anonymous telemetry system. It is off by default and requires explicit opt-in via Settings.

When enabled, telemetry collects only structural usage patterns — never URLs, titles, or page content. Examples: how many tabs are open, which features are used, how often workspaces are switched. This data is used to improve OmniTab and to power aggregate productivity insights (available to all users who opt in).

You can disable telemetry at any time. Previously collected data is retained in aggregate form only and cannot be linked back to your device after anonymization.

Server-generated content

OmniTab’s server may deliver UI panels (productivity insights, weekly reports, announcements) as sanitized HTML rendered inside the extension. These panels are generated based on your aggregated local data and tier. Panel content is sanitized with DOMPurify before rendering. No remote JavaScript is executed.

Data encryption and security

All data transmitted between your browser and our server is encrypted using HTTPS/TLS.
API requests are authenticated using HMAC-SHA256 request signing with a device-specific secret.
The device secret is stored encrypted on the server and in your browser’s local storage.

Data retention

Local data: Retained on your device until you clear it. Closed tab entities are automatically pruned based on your tier (Free: 7 days / 100 max; Plus: 90 days / 1000 max; Pro: unlimited).
Server data: Retained while your device is registered. If you unlink a device, its server-side data is deleted within 30 days.
Telemetry data: Anonymized and aggregated. Individual device records are purged after anonymization.

Your rights and controls

Delete server data: In-app “Delete Server Data” button in Settings removes all your data from our server immediately.
Export your data: Use the export feature (CSV, JSON) to download all your local data at any time.
Disable sync: Toggle sync off at any time. Local tracking continues without any server communication.
Disable telemetry: Toggle off in Settings. Takes effect immediately.
Uninstall: Removing the extension deletes all local data. Server data is retained for 30 days, then deleted.

Children’s privacy

OmniTab is a general-audience product. Server features (sync, telemetry) require age confirmation: users must confirm they are 13 years of age or older. Users under 13 can use all local (client-only) features but cannot enable server features.

We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information through our server features, please contact us and we will delete it promptly.

Third-party services

Cloudflare: DNS, CDN, and tunnel services. Subject to Cloudflare’s privacy policy.
Stripe: Payment processing for Plus and Pro subscriptions. Subject to Stripe’s privacy policy. We do not store credit card numbers.
Chrome Web Store: Extension distribution. Subject to Google’s privacy policy.

OmniTab does not use Google Analytics, Facebook Pixel, or any third-party tracking scripts.

Changes to this policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated “Last updated” date. For material changes, we will notify users via the OmniTab dashboard announcement system.

Contact

For privacy questions, data deletion requests, or concerns:

Email: support@omnitab.net