Privacy Policy for Card Tab
Last updated: January 2, 2025
Introduction
Your privacy is important to us. This Privacy Policy explains how Card Tab ("we", "our", or "the extension") handles your data when you use our Chrome extension.
Information Collection and Use
Card Tab is designed with privacy in mind. We collect minimal data necessary for the extension's functionality.
Data We Collect
- Website URLs and Titles: When you add shortcuts via right-click menu or manual input
- Website Icons: Automatically fetched from public favicon services to improve visual experience
- User Preferences: Theme settings, layout preferences, and category organization
- Bookmark Data: Categories and shortcuts you create for your personal use
- Search Queries: Only for local bookmark search functionality - queries are not transmitted externally
Local Data Storage
By default, all your data is stored locally using Chrome's storage APIs:
- chrome.storage.local: Stores themes, layouts, and cached data
- chrome.storage.sync: Stores basic settings and default configuration (synced across your Chrome devices)
Optional Cloud Sync
You may optionally enable cloud synchronization using your own Supabase project:
- Data is stored in your own Supabase database that you create and control
- We do not have access to your Supabase project or data
- You provide your own Supabase credentials (URL and API key)
- Background images may be stored in your Supabase storage bucket
- Cloud sync is completely optional and can be disabled at any time
Information We Do Not Collect
- Personal identification information (name, email, etc.)
- Complete browsing history
- IP addresses for tracking purposes
- Analytics or usage tracking data
- External search queries (when using Chrome's default search engine)
- Full website content (only titles and URLs you explicitly add)
Search Functionality
Local Bookmark Search
The extension provides real-time search functionality for your saved bookmarks and categories. All search operations are performed locally within the extension and do not transmit data externally.
Default Search Engine Integration
When you select "Default (由浏览器决定)" as your search option, the extension uses Chrome's Search API to respect your browser's default search engine settings. This ensures we do not modify or override your preferred search experience.
Alternative Search Engines
When you select specific search engines (Google, Bing, 百度, DuckDuckGo), search queries are opened in new tabs using the respective search engine's public search URL. We do not intercept or modify these search queries.
Third-Party Services
Supabase (Optional)
If you choose to enable cloud sync, the extension communicates with your personal Supabase project. Supabase's privacy policy applies to data stored in your project.
Favicon Services
The extension may fetch website icons from public favicon services (like Google's favicon API) to display attractive icons for your shortcuts. These requests only include the domain name of websites you've added.
Chrome Search API
When using the "Default" search option, the extension utilizes Chrome's built-in Search API to respect your browser's default search engine. No search data is processed or stored by our extension.
No Analytics or Advertising
We do not use any analytics, advertising, or tracking services.
Extension Permissions
Our extension requests the following permissions and here's how we use them:
- storage: To save your bookmarks, categories, and preferences locally
- activeTab: To capture page information when you add bookmarks via right-click menu
- contextMenus: To provide the right-click "Add to Card Tab" functionality
- search: To access Chrome's Search API for respecting your default search engine when using "Default" search option
Content Script and Host Permissions
Card Tab injects a minimal script on all web pages (http://*/* and https://*/*) to enable the right-click menu functionality. This script:
- Only activates when you use the right-click menu - The script remains dormant until you actively choose "Add to Card Tab"
- Reads only basic page information - When activated, it captures the current page title, URL, and favicon URL
- Creates a temporary modal dialog - Displays a form overlay for you to edit bookmark details before saving
- Does not access web page content - No form data, user inputs, or sensitive page content is accessed
- Does not run background tracking - The script does not monitor your browsing activity or send analytics
- Operates only on explicit user action - Data collection only occurs when you actively choose to add a bookmark
- Temporary operation - The modal and associated data are removed immediately after use
This content script is essential for providing the convenient right-click bookmark functionality while maintaining strict privacy standards. The script only accesses publicly available page metadata (title, URL, favicon) and does not read any private or sensitive content from web pages.
Data Security
We implement appropriate security measures to protect your data:
- All data is stored locally by default
- Cloud sync uses secure HTTPS connections
- No data is transmitted to our servers
- You maintain full control over your Supabase project and data
- Search functionality respects Chrome's built-in security measures
Your Rights and Choices
- Data Control: You can export, import, or delete all your data at any time
- Cloud Sync: You can enable or disable cloud synchronization
- Data Portability: Export your data in JSON format
- Data Deletion: Uninstalling the extension removes all local data
Children's Privacy
Our extension does not knowingly collect personal information from children under 13. The extension is designed for general productivity use and does not target children specifically.
Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "last updated" date. Continued use of the extension after changes constitutes acceptance of the updated policy.
Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at: edaorenchan@gmail.com