Permissions Explained
Raft requests only the permissions it needs. Here's exactly what each one does.
tabs
Lets Raft see your open tabs — URLs, titles, and states (pinned, audio playing).
Why: Core to saving sessions, suspending inactive tabs, and applying protection rules.
I never send your tab data anywhere. Everything stays local.
tabGroups
Lets Raft read and restore Chrome's tab groups.
Why: To preserve group names, colors, and collapsed state when saving and restoring sessions.
storage
Lets Raft save data to your browser's local storage.
Why: Sessions, settings, and tab activity data persist between browser restarts.
This storage is entirely local to your browser.
alarms
Lets Raft set background timers.
Why: Auto-suspension checks and auto-save run on a schedule, even when the popup is closed.
No tracking or heartbeats to external servers. Purely local timers.
contextMenus
Adds "Suspend this tab" and "Suspend other tabs" to Chrome's right-click menu.
Why: Quick access to suspension without opening the popup.
identity
Lets Raft use Chrome's built-in OAuth to connect to Google Drive.
Why: Optional cloud sync (Pro feature). Uses Chrome's secure identity system — Raft never sees your Google password.
I only access a private app-data folder and your email address. I cannot see your Drive files or contacts.
googleapis.com host permissions
Lets Raft communicate with Google's OAuth and Drive APIs.
Why: To complete sign-in and upload/download encrypted sessions.
All session data is encrypted before upload. These APIs are not used for tracking.
Google account permissions
When you enable cloud sync, Google's consent screen asks you to grant two permissions:
- "See your primary Google Account email address" — Raft reads your email address so the sync UI can show which account is connected (e.g. "Connected as you@gmail.com"). That's the only thing Raft does with it.
- "Associate you with your personal info on Google" — Google adds this automatically whenever an app requests your email. Raft doesn't use this for anything beyond the email address above.
Permissions I Don't Request
history — I don't need your browsing history. Only open tabs matter.
bookmarks — Sessions are managed separately from bookmarks.
webRequest — I don't inspect or modify web traffic.
<all_urls> — I don't inject scripts into pages. I only need tab metadata.
Questions? Open an issue or email privacy@raftapp.io.