Privacy Policy

Effective date: May 27, 2026 · Last updated: May 27, 2026

The short version: 1stTab is built local-first. Your notes, todos, and preferences never leave your device. We have no analytics, no ads, and no tracking. Third-party APIs are contacted only when you explicitly enable the relevant feature.

1. Who We Are

1stTab is a Chrome browser extension developed and maintained by the 1stTab team. For privacy questions, contact us at aablotia@ablotia.com.

2. Data Stored Locally on Your Device

All of the following is stored in Chrome's chrome.storage API and never sent to our servers:

Notes and scratchpad content
To-do items
Dashboard preferences (theme, layout, widget config, greeting templates)
Bookmarks metadata and custom tags created within 1stTab
World clock configurations
Weather location preference
AI provider choice and API keys (Claude, OpenAI, Gemini, Finnhub)
Plus license status and custom CSS

Preferences stored in chrome.storage.sync may replicate across your signed-in Chrome devices via Google's sync infrastructure — subject to Google's Privacy Policy. No data is sent to 1stTab servers during sync.

3. Permissions Explained

Permission	What it accesses	Why
`storage`	Local & sync storage	Save notes, todos, preferences
`bookmarks`	Your Chrome bookmarks	Display, search, add, edit bookmarks on the dashboard
`history`	Recent page titles & URLs	History widget — data displayed locally only, never transmitted
`tabs`	Open tab titles, URLs, favicons	Tab Manager panel — search, switch, mute, close tabs
`sessions`	Recently closed sessions	Restore recently closed tabs in the Tab Manager
`identity`	Google OAuth 2.0	Optional Plus feature: Drive, Calendar, Tasks — only if you click "Connect Google"
`alarms`	Background timers	Schedule automatic refresh of weather, crypto, FX, stocks, and Drive backups
`system.cpu / .memory / .storage`	CPU%, RAM, disk usage	System Monitor panel widget — displayed locally, never transmitted
`favicon`	Chrome favicon cache	Display site icons from Chrome's local cache

4. Third-Party Services

The following services are contacted only when the associated feature is enabled.

Weather (Open-Meteo)

Your approximate location (city or coordinates) is sent to Open-Meteo to fetch current conditions. Open-Meteo does not require registration and does not sell data.

Cryptocurrency (CoinGecko)

Coin IDs you configure are sent to CoinGecko's public API. No personal information is included.

Foreign Exchange (ER-API)

Exchange rate requests go to open.er-api.com. No personal information is sent.

Stock Quotes (Finnhub) — Plus

Stock symbol requests are made from your browser directly to Finnhub using your own API key. Your key is stored locally. See Finnhub's Privacy Policy.

Favicons (Google)

Site URLs are sent to Google's favicon service (google.com/s2/favicons) to fetch icons. See Google's Privacy Policy.

Google Account (OAuth) — Plus

When you connect Google, 1stTab requests these scopes:

drive.appdata — private app-only folder for 1stTab backups
calendar.readonly — read upcoming events to display in the Calendar panel
tasks — read and update your Google Tasks in the Tasks panel
userinfo.email — display your connected email in settings

Calendar and task data is rendered locally and not stored on 1stTab servers. Subject to the Google API Services User Data Policy.

AI Providers (Anthropic Claude, OpenAI, Google Gemini)

When you use the AI Assistant or Smart Tagging, your typed message and a list of your bookmark titles and URLs are sent to your chosen provider's API over HTTPS. Your API key is stored locally and sent only to that provider — never to 1stTab servers. See each provider's policy: Anthropic, OpenAI, Google.

License Verification — Plus

When activating a Plus key, the license key is sent to our Cloud Function at us-central1-1sttab.cloudfunctions.net/verify. Only the key is transmitted — no account or personal info required.

5. What We Don't Collect

1stTab does not:

Collect analytics, telemetry, or crash reports
Use advertising or tracking networks
Sell or share your data for marketing purposes
Access or store your full browsing history on any server
Create user accounts or require registration

6. Children's Privacy

1stTab is not directed at children under 13. We do not knowingly collect data from children. Contact us if you believe a child has submitted personal information.

7. Data Deletion

All local data is deleted when you uninstall 1stTab. To remove Drive backups, disconnect your Google account in Settings → Plus, which deletes the extension's private backup folder.

8. Changes

We may update this policy when new features affect data handling. The "Last updated" date at the top reflects any changes. Continued use of 1stTab after an update constitutes acceptance.

9. Contact

Privacy questions or data requests: aablotia@ablotia.com