Privacy Policy
Effective February 11, 2026 · Last updated February 11, 2026
Your browsing data is stored locally on your device and is never sent to us or any third party.
Cloud sync is entirely optional and uses end-to-end encryption — we cannot read your data.
We collect no analytics, no telemetry, and no usage data.
Data We Access
Tab Information
Raft reads the URLs, titles, and state (pinned, audio playing, tab group membership) of your open tabs. This information is used to:
- Suspend inactive tabs to save memory
- Save and restore browsing sessions
- Detect and close duplicate tabs when requested
- Apply protection rules (e.g., never suspend pinned tabs)
This data is stored in your browser's local storage and never leaves your device unless you explicitly enable cloud sync.
Settings and Preferences
Your Raft configuration (suspension timeout, auto-save interval, whitelist, etc.) is stored locally and is not transmitted anywhere.
Cloud Sync (Optional, Pro Feature)
Google Drive
- Raft connects to Google Drive using Chrome's built-in OAuth flow.
- We request only the
drive.appdatascope, which limits access to a private, app-specific folder. Raft cannot see, read, or modify any of your other Google Drive files. - All session data is encrypted on your device using AES-256-GCM with a password only you know before it is uploaded.
What Is Stored in Google Drive
- Encrypted session data (tab URLs, titles, window/group structure)
- An encrypted sync manifest
OAuth Tokens
OAuth tokens are used solely to authenticate with Google Drive and are stored in your browser's local storage. They are never sent to any server other than Google's APIs.
Data Retention
Cloud-synced data remains in your Google Drive app folder until you disconnect from cloud sync in Raft's settings, at which point it is deleted. Uninstalling Raft does not automatically remove data from Google Drive — disconnect from cloud sync first if you wish to delete it.
Pro Licensing
If you purchase Raft Pro, your license key is validated via the Lemon Squeezy API. We send only the license key and a randomly generated device identifier to verify activation. We do not receive or store your name, email, or payment information — that is handled entirely by Lemon Squeezy as the Merchant of Record.
When you make a purchase, Lemon Squeezy collects and processes your personal data (such as your name, email address, and payment details) under their own privacy policy. We do not have access to your payment information. Lemon Squeezy may share your email address with us for the purpose of license fulfillment and customer support.
Legal Basis for Processing (GDPR)
For users in the European Union and European Economic Area, we process data under the following legal bases:
- Legitimate interest — Processing tab data locally is necessary for the extension to function as described.
- Consent — Cloud Sync is entirely opt-in. You choose whether to enable it and provide your own encryption password.
- Contract performance — License validation is necessary to fulfill your Pro purchase.
Data We Do NOT Collect
- No browsing history
- No analytics or telemetry
- No usage statistics
- No crash reports
- No personally identifiable information
- No cookies or tracking pixels
- No data shared with third parties
Data Storage and Security
- All local data is stored using Chrome's
chrome.storage.localAPI, protected by your operating system's user account. - Cloud-synced data is encrypted with AES-256-GCM. Keys are derived from your password using PBKDF2 with 600,000 iterations.
- We do not operate any servers. Raft is a fully client-side extension.
Your Rights (EU/EEA Users)
If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):
- Access — You can request a copy of any personal data we hold about you.
- Rectification — You can request correction of inaccurate data.
- Erasure — You can request deletion of your data.
- Portability — You can request your data in a portable format.
- Restriction and objection — You can request that we limit or stop processing your data.
Since Raft collects no personal data beyond what is described above (and most of that stays on your device), these rights are largely satisfied by default. For any data held by Lemon Squeezy related to your purchase, please refer to Lemon Squeezy's privacy policy.
To exercise any of these rights, contact us at privacy@raftapp.io.
Data Deletion
- Uninstalling Raft removes all locally stored data.
- To delete cloud-synced data, disconnect from cloud sync in Raft's settings before uninstalling.
- To request deletion of any data associated with your license or purchase, contact us at privacy@raftapp.io or contact Lemon Squeezy directly.
Children's Privacy
Raft does not knowingly collect any data from children under 13 (or under 16 in the EU/EEA). Since we collect no personal data from any user, no special provisions are needed.
Changes to This Policy
If we make material changes, we will update the date above and notify users through the extension's update notes.
Contact
Questions about this policy, or need to make a data subject access request? Reach us at privacy@raftapp.io.