LeafTab Privacy Policy

Last updated: April 10, 2026

LeafTab ("we", "us", or "our") respects your privacy. This Privacy Policy explains what data the extension handles, which permissions it may request, and how those permissions are used.

1. Data We Handle

• Stored locally by default: shortcuts, scenario modes, wallpaper settings, search preferences, UI preferences, and local search history are stored in your browser using local extension storage.
• Cloud sync (optional): if you sign in and use sync, LeafTab stores your shortcut backup payload and necessary account metadata on the configured LeafTab backend (such as leaftab.cc) so your data can sync across devices.
• WebDAV sync (optional): if you enable WebDAV, backup data is sent only to the WebDAV address you configure. LeafTab does not scan your device files; it only reads and writes the backup payload created by the extension.
• Anonymous usage statistics (optional): if you opt in, LeafTab may send shortcut domain names only (for example, google.com) to help improve icon coverage. This does not include full URLs, page content, browsing history entries, or personal identity data.
• Search queries: your typed query is processed locally for suggestions and shortcuts. A query is sent to your selected search engine or target site only when you explicitly submit a search.

2. Browser Permissions Explained

LeafTab requests some permissions only when you use related features.

• search: used to submit searches through the browser's search service when you choose the system search engine option.
• permissions: used to request optional browser permissions or site access at runtime, only when you trigger a related feature.
• activeTab: used to read the title and URL of your currently active tab so LeafTab can help you quickly add the current page as a shortcut. This is only used when you actively trigger that feature.
• identity: used to support Google Sign-In through the browser's identity / OAuth flow. This is only used when you explicitly choose to sign in with Google.
• bookmarks (optional): used to let you search and open browser bookmarks directly from the new tab search box.
• history (optional): used to let you search, suggest, and open browser history entries from the new tab search box.
• tabs (optional): used to let you search, switch, and manage currently open tabs, and to support experiences such as avoiding duplicate LeafTab tabs.
• Host access: used for LeafTab backend requests, wallpaper/weather/icon resources, font loading, GitHub-hosted resources, and user-configured WebDAV sync targets. Access to a custom WebDAV origin is requested on demand when you actually use WebDAV sync.

3. What LeafTab Does Not Do

• It does not sell your data.
• It does not read bookmarks, history, or tabs unless you grant the related optional permission.
• It does not upload your browser history, bookmark contents, or open-tab list to our server for unrelated purposes.
• It does not request browser geolocation permission. Weather features rely on the city you choose or related weather-service responses, not on continuous device location tracking.

4. Third-Party Services

Depending on which features you use, LeafTab may connect to third-party services such as:

• LeafTab backend: authentication, sync, and optional statistics.
• Weather and wallpaper services: for weather data and Bing wallpaper content.
• Icon services: for fetching website favicons used by shortcuts.
• Google Identity / OAuth services: only when you explicitly choose Google Sign-In.
• GitHub Pages / GitHub raw / Google Fonts: for public resources used by the extension or related pages.
• User-configured WebDAV server: only when you enable WebDAV backup or restore.

5. Google Sign-In (Optional)

• Triggered only by you: Google Sign-In is used only after you click a Google login action. LeafTab does not silently sign you in with Google.
• Data used for authentication: Google Sign-In may process basic Google account data returned by Google, such as a stable Google account identifier (sub), email address, email verification state, and limited profile information needed to complete sign-in and create or recover your LeafTab account.
• Scope principle: the sign-in flow uses Google OpenID Connect scopes such as openid, email, and profile to complete authentication and account display. LeafTab does not request access to Google Drive, Gmail, Contacts, Calendar, or other Google data unless explicitly documented and approved by you.
• Token handling: Google OAuth / identity tokens are used to verify your sign-in and create a LeafTab session. After verification, LeafTab uses its own session token for the application. LeafTab does not store your Google password.
• Stored account data: if you use Google Sign-In, LeafTab may store the authentication provider, a stable Google account identifier, your LeafTab username, and the account data required for login and sync.
• Self-hosted backend compatibility: if you use a custom/self-hosted backend, Google login availability depends on whether that backend is configured with its own Google OAuth credentials and redirect URI. Without such configuration, Google login may be hidden or disabled while other login/sync methods remain available.

6. Your Controls

• You can choose whether to sign in and use cloud sync.
• You can enable or disable anonymous usage statistics in settings.
• You can choose whether to grant optional permissions such as bookmarks, history, and tabs.
• You can export, import, back up, or self-host supported parts of your data workflow.

7. Contact

If you have questions about this Privacy Policy, please contact:

Email: mason.life@proton.me