Privacy Policy
Effective February 9, 2026 · Last updated February 9, 2026
Your browsing data is stored locally on your device and is never sent to us or any third party.
Cloud sync is entirely optional and uses end-to-end encryption — we cannot read your data.
We collect no analytics, no telemetry, and no usage data.
Data We Access
Tab Information
Raft reads the URLs, titles, and state (pinned, audio playing, tab group membership) of your open tabs. This information is used to:
- Suspend inactive tabs to save memory
- Save and restore browsing sessions
- Apply protection rules (e.g., never suspend pinned tabs)
This data is stored in your browser's local storage and never leaves your device unless you explicitly enable cloud sync.
Settings and Preferences
Your Raft configuration (suspension timeout, auto-save interval, whitelist, etc.) is stored locally and is not transmitted anywhere.
Cloud Sync (Optional, Pro Feature)
Google Drive
- Raft connects to Google Drive using Chrome's built-in OAuth flow.
- We request only the
drive.appdatascope, which limits access to a private, app-specific folder. Raft cannot see, read, or modify any of your other Google Drive files. - All session data is encrypted on your device using AES-256-GCM with a password only you know before it is uploaded.
What Is Stored in Google Drive
- Encrypted session data (tab URLs, titles, window/group structure)
- An encrypted sync manifest
OAuth Tokens
OAuth tokens are used solely to authenticate with Google Drive and are stored in your browser's local storage. They are never sent to any server other than Google's APIs.
Pro Licensing
If you purchase Raft Pro, your license key is validated via the LemonSqueezy API. We send only the license key and a randomly generated device identifier to verify activation. We do not receive or store your name, email, or payment information — that is handled entirely by LemonSqueezy.
Data We Do NOT Collect
- No browsing history
- No analytics or telemetry
- No usage statistics
- No crash reports
- No personally identifiable information
- No cookies or tracking pixels
- No data shared with third parties
Data Storage and Security
- All local data is stored using Chrome's
chrome.storage.localAPI, protected by your operating system's user account. - Cloud-synced data is encrypted with AES-256-GCM. Keys are derived from your password using PBKDF2 with 600,000 iterations.
- We do not operate any servers. Raft is a fully client-side extension.
Data Deletion
- Uninstalling Raft removes all locally stored data.
- To delete cloud-synced data, disconnect from cloud sync in Raft's settings before uninstalling.
Children's Privacy
Raft does not knowingly collect any data from children under 13. Since we collect no personal data from any user, no special provisions are needed.
Changes to This Policy
If we make material changes, we will update the date above and notify users through the extension's update notes.
Contact
Questions about this policy? Reach us at privacy@raftapp.io.