Privacy Policy

Last updated: 16 June 2026

NestarioTabs is a browser extension that saves and restores your tab sessions. It is local-first: your tabs are stored on your own device, and they only leave it when you deliberately create a share link or use a team workspace. This policy explains exactly what we collect, why, and your choices.

1. Who we are

NestarioTabs ("we", "us", "the extension") is the data controller for the limited information described below. You can reach us any time at nestariotabs@gmail.com.

2. What the extension does with your tabs

When you save a session, NestarioTabs captures the URLs, titles, and favicons of the tabs and tab groups in your browser window, plus the names and colors of those groups. This data is stored using Chrome's own storage on your device:

Local storage (chrome.storage.local) — your sessions, snapshots, trash, folders, and settings stay on your device.
Chrome Sync (chrome.storage.sync, optional) — if you turn on syncing, your sessions are synced through your own Google/Chrome account so they follow you between your devices. This data is handled by Google as part of Chrome Sync; we never receive it.

Saving and restoring never sends your tabs to our servers. Those features work entirely on your device.

3. When your data leaves your device

Your tab data is only transmitted to our servers when you choose one of these features:

a) Share links

When you create a share link, the selected session (tab URLs, titles, and group names) is sent to and stored on our server so the link can display it. You may set an expiry date or a maximum number of views, and you can revoke a link at any time. Expired and revoked shares are deleted from our server. Anyone with the link can view the shared session until it expires or is revoked, so only share links with people you trust.

b) Team workspaces (Sign in with Google)

If you create or join a team, you sign in with Google and your team's shared workspaces (tab URLs, titles, and group names) are stored on our server so team members can access and edit them in real time. Team data is visible to members of that team and to the team owner.

4. Account data we collect

Team features require signing in with Google. We use Google's OAuth with only these basic, non-sensitive scopes: openid, email, and profile. From this we store:

Data	Why
Email address	To identify your account, link you to your teams, and show team members who you are.
Google account ID	To securely associate your sign-in with your account.
Session token	Stored on your device to keep you signed in.

We do not access your Gmail, Google Drive, contacts, or any other Google data. If you never use team features, we collect none of this.

5. What we do NOT do

We do not track your browsing activity or the websites you visit.
We do not sell, rent, or trade your personal information.
We do not use your data for advertising.
We do not run third-party analytics or trackers on your tab data.

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

6. How the data is stored and protected

Server-stored data (shares and team workspaces) is held in a managed PostgreSQL database (Supabase) accessed only by our backend. Connections are encrypted in transit (HTTPS). Share payloads are capped in size and rate-limited to discourage abuse. No security measure is perfect, but we work to protect your data with reasonable safeguards.

7. Data retention

Local sessions & snapshots: kept on your device until you delete them. Deleted sessions go to Trash until you empty it.
Share links: deleted when they expire, reach their view limit, or you revoke them.
Team workspaces: kept until a team member or owner deletes the workspace or the team.
Account data: kept while your account exists. Email us to delete your account and associated team data.

8. Your choices and rights

Use it without an account — saving and restoring need no sign-in.
Delete anytime — remove sessions, empty Trash, revoke shares, leave or delete teams from within the extension.
Sign out — disconnects your Google session and clears the local token.
Access or deletion requests — email nestariotabs@gmail.com and we'll help. Depending on where you live, you may have rights under the GDPR or CCPA to access, correct, or delete your data.
Uninstalling the extension removes its local data from your device.

9. Third-party services

Google — for Sign in with Google (OAuth) and optional Chrome Sync.
Supabase — managed database hosting for shares and team workspaces.
Favicon images — favicons shown on share pages may be fetched from public favicon services to display site icons.

10. Children

NestarioTabs is not directed to children under 13 (or the minimum age in your jurisdiction), and we do not knowingly collect their personal data.

11. Changes to this policy

We may update this policy as the product evolves. We'll revise the "Last updated" date above and, for significant changes, provide a more prominent notice.

12. Contact

Questions or requests? Email us at nestariotabs@gmail.com.