← Back

Privacy policy

Last updated: 2026-05-24

Summary

Tabio is designed so that the operator cannot read the contents of your bookmarks. Bookmark titles, URLs, and folder structure are encrypted on your device with AES-256-GCM before they are transmitted. The encryption key is derived from a passphrase you choose and never leaves your device. The server only ever sees ciphertext.

End-to-end encryption

When you set a passphrase, Tabio derives an AES-256 encryption key from it using PBKDF2-SHA256 with 600,000 iterations and a per-account salt. That key, and the passphrase it is derived from, are held only in memory on your device and are never sent to the server.

Every bookmark record is encrypted with AES-256-GCM before being uploaded. The server, the hosting provider, and the operator of this service receive only opaque ciphertext and have no technical means to decrypt it. Even with full access to the database, the contents of your bookmarks cannot be recovered without your passphrase.

This design has a trade-off: if you lose your passphrase, your encrypted bookmarks cannot be recovered by anyone, including us. There is no recovery mechanism by design.

What we store

The data we hold falls into two categories:

Encrypted on your device before it reaches our server:

• Bookmark titles, URLs, descriptions, and folder structure.
• Profile names you create inside the extension.

Stored in plaintext (we can read this):

• Your email address, provided when you sign in through WorkOS AuthKit.
• An opaque user identifier issued by WorkOS, used to scope your data.
• Your subscription status and billing identifiers held by Stripe.
• Timestamps recording when records were created, updated, or last synced.
• Rate-limiting counters keyed by your user id.

What we do NOT store

• Your passphrase or any key derived from it.
• Bookmark contents in any form we can decrypt.
• Browsing history beyond what you explicitly save as a bookmark.
• Page contents, screenshots, cookies, or session tokens from sites you visit.
• Advertising identifiers, cross-site tracking data, or behavioural analytics.

Third parties

The service runs on the following providers. Each one only sees the data it strictly needs.

• Cloudflare — hosts the API (Workers), the ciphertext database (D1), and these pages (Pages). Sees only encrypted bookmark data.
• WorkOS — handles authentication (email and password, optional OAuth). Holds your email address and authentication metadata.
• Stripe — processes subscription payments. Holds your billing details (card or bank information) directly; Tabio receives only the customer and subscription identifiers, never your payment instrument.

Tabio does not load third-party analytics, advertising, or tracking scripts. No personal data is sold or shared for marketing purposes.

Where your data is stored

Encrypted bookmark data is stored in a Cloudflare D1 database. Cloudflare may replicate data across regions for availability; the ciphertext design means the storage region does not affect the confidentiality of your bookmarks. WorkOS and Stripe each operate their own regional infrastructure as described in their respective privacy policies.

Data retention and deletion

You can delete individual bookmarks and profiles from inside the extension at any time; deletions are removed from our database immediately. To delete your entire account, including all profiles, bookmarks, and your user record, email privacy@tabio.app. We process deletion requests within 14 days. Authentication records held by WorkOS and billing records held by Stripe are deleted according to their respective retention policies.

Your rights (EU/UK users)

Under the GDPR you have the right to access, correct, export, or delete the personal data we hold about you, and to object to or restrict its processing. Contact privacy@tabio.app to exercise any of these rights. You may also lodge a complaint with the data protection authority in your country of residence; in Germany this is the Berliner Beauftragte für Datenschutz und Informationsfreiheit.

Changes to this policy

If we change this policy in a way that materially affects how we handle your data, we will notify users by email before the change takes effect.

Contact

For any privacy question, contact privacy@tabio.app.