Privacy Policy
Effective April 15, 2026

Overview
TabMate is a browser-based research workspace for competitor research, customer-pain mining, and messaging work. It works by reading the page you are actively using, capturing selected text and page context, and grounding responses in that evidence. Because the product depends on page content and workspace continuity, some data is necessarily captured and stored. This policy describes what we collect, why, and what you can do about it.

What we collect
- Account data
When you create an account we collect your email address and create an account record. We store session metadata for authentication purposes including IP address and user agent string.

• Page and workspace content
  When you use TabMate on a page, context from the active tab may be captured and sent to our servers to ground the response. This may include the page URL, page title, visible page text or excerpt, selected text, pinned excerpts, and related page-structure context. When an ask is stored as part of conversation or workspace history, associated page context may also be stored so the work can continue across sessions.
• Browser content may be sanitized or redacted before it is forwarded to the configured LLM API. See our security overview for details on content controls.

Workspace-scoped data
- TabMate stores conversations, notes, research playbooks, and related workspace content on our servers so your work can persist across sessions. This is a necessary part of how the product functions.

• Operational and security metadata
  We log operational data including request metadata, usage records, and security events to support authentication, abuse prevention, debugging, and service reliability.
• Feedback submissions
  If you submit product feedback or account-deletion feedback, we store the category, free-text feedback, and related submission metadata for product improvement and support.
• Local browser storage
  The TabMate extension stores authentication tokens in chrome.storage.local on your device. It also stores some local extension state such as page-context cache records, pinned excerpts, and active-session state to support the side panel workflow. When account deletion is completed from the extension, TabMate clears local extension data on that browser profile/device.

What we do not do
- We do not passively scan background tabs you are not actively working in.
- We do not sell your data to third parties.
- We do not use your workspace content to train models without explicit consent.

Your control over stored data
You can delete individual conversations, memories, prompts, and workspaces directly from within the product. You can also delete your account from within the app. Account deletion disables the account immediately, clears TabMate's local extension data on this browser profile/device when deletion is completed from the extension, and schedules permanent deletion of associated server-side data. Most user-owned application data is scheduled for permanent deletion within 7 days, although timing may vary slightly for queued purge jobs. Some minimal deletion-support records, such as deletion ledger entries and feedback submissions, may be retained longer for support, audit, abuse-prevention, or operational purposes.

If you need help with deletion or data access, contact us at the email address below.

Third-party services
- TabMate routes asks through a third-party LLM API provider, currently OpenAI, to generate responses. Content sent to that provider is subject to the provider's processing and data-handling terms. On our side, we do not retain separate copies of LLM API responses beyond what is stored as part of your conversation history and workspace data.

• OpenAI's API data-handling and retention practices are governed by OpenAI's own terms and documentation.
• Hosting location
  Primary application data is hosted on infrastructure in the EU. Requests that use a third-party LLM API are also subject to that provider's processing and data-handling terms.