Tabfolio — Privacy Policy

Last updated: May 14, 2026

Tabfolio is a Chrome extension that helps you organize your browser tabs. It is designed to be private by default: no personal data ever leaves your device through Tabfolio’s own infrastructure, because Tabfolio has no infrastructure. There are no Tabfolio servers, no analytics, no telemetry, no accounts.

This document describes exactly what data the extension touches, where it lives, and which third-party endpoints it talks to.

What Tabfolio stores locally

Tabfolio uses Chrome’s built-in chrome.storage.local API to persist data on your computer. The stored shape is:

• Spaces: the named collections of hibernated tabs you create. Each Space holds the URL, title, favicon URL, and timestamp for every tab you hibernate into it, plus the optional icon and color you chose for the Space.
• Preferences: which Spaces are currently expanded, your preferred card size (visual / compact), your group-by setting (window / domain), and the ID of the most recently used Space.
• Thumbnail cache: a small key/value cache of URL → preview-image URL pairs (with a 7-day TTL) so we don’t refetch the same metadata on every manager open. The cache holds the URLs of preview images, not the images themselves.

This data never leaves your computer. It is automatically deleted when you uninstall the extension.

Tabfolio does not read, store, or transmit:

• Page content from any site you visit.
• Browsing history beyond the URLs of currently open tabs (which Chrome itself exposes via its tabs API).
• Form data, passwords, cookies, or any other site-specific information.
• Any personally identifying information.

What network requests Tabfolio makes

Tabfolio makes outbound HTTP requests in three narrowly scoped situations. None of these requests carry any identifier of you or your installation.

1. Open Graph image fetches

To render a preview image at the top of each tab card, Tabfolio’s background service worker performs a single GET request to the URL of each open tab. It reads only the <head> of the response and parses <meta property="og:image"> (or <meta name="twitter:image">). The request is made with credentials: 'omit', so no cookies are sent.

• What’s sent: the URL of a tab you already have open, with a default browser User-Agent.
• What’s stored: the resolved og:image URL (a string), cached locally for 7 days.
• Where it goes: the origin server of each open tab. Tabfolio does not proxy these requests through any third party.

2. Favicon proxy fallback

When a tab’s own favicon can’t be loaded (because the site blocks cross-origin loading via Cross-Origin-Resource-Policy), Tabfolio displays a high-resolution favicon fetched from a public favicon CDN. Two providers, tried in order:

• Google favicon service — https://www.google.com/s2/favicons?domain=<host>&sz=128
• DuckDuckGo favicon service — https://icons.duckduckgo.com/ip3/<host>.ico

These are unauthenticated GETs of an image. The provider sees the domain of a tab you have open — nothing else.

3. Video thumbnail CDNs

For YouTube and Vimeo tabs, Tabfolio extracts the video ID from the URL and renders the public thumbnail directly:

• https://i.ytimg.com/vi/<id>/mqdefault.jpg
• https://vumbnail.com/<id>.jpg (Vimeo)

These are standard unauthenticated image requests. They reveal that you have a YouTube/Vimeo tab open, which the provider would already know from your visit to the page itself.

Permissions

The extension declares the following Chrome permissions. Each is used only for the purpose listed.

• tabs — list, focus, move, and close tabs in the user’s windows. Required for the core tab-management feature.
• storage — persist Spaces and preferences via chrome.storage.local. Required to remember hibernated tabs across sessions.
• windows — open hibernated tabs in a new window, focus the manager tab. Required for the “open in new window” action.
• host_permissions: <all_urls> — needed so the background service worker can fetch the Open Graph metadata of any tab you have open. Tabfolio never accesses sites you have not opened yourself.

Third-party services

Tabfolio fetches static woff2 font files (Geist Mono) that are bundled inside the extension itself. There is no runtime call to Google Fonts or any other font CDN.

The only third-party servers Tabfolio talks to at runtime are listed in the “Network requests” section above: the origin server of each open tab (for og:image), Google’s favicon service, DuckDuckGo’s favicon service, YouTube’s thumbnail CDN, and Vimeo’s thumbnail CDN. Each provider’s privacy policy governs their handling of those requests.

Analytics

There are none. No analytics SDK, no error reporting, no telemetry pings, no installation counter beyond Chrome’s own.

Children

Tabfolio is a general-purpose productivity tool and does not knowingly collect any data from anyone.

Data export / deletion

All data is stored locally via chrome.storage.local. To export, you can open Chrome’s developer tools on the extension’s background page and inspect storage. To delete, uninstall the extension — Chrome automatically removes all extension storage on uninstall.

Changes to this policy

We will update this document whenever the extension’s data practices change. The “Last updated” date at the top reflects the most recent change. Older versions are preserved in the project’s public git history.

Contact

For privacy questions, contact us at hello@round6creative.com.