Privacy Policy

Effective February 11, 2026 · Last updated February 11, 2026

Data We Access

Tab Information

Raft reads the URLs, titles, and state (pinned, audio playing, tab group membership) of your open tabs. This information is used to:

• Suspend inactive tabs to save memory
• Save and restore browsing sessions
• Detect and close duplicate tabs when requested
• Apply protection rules (e.g., never suspend pinned tabs)

This data is stored in your browser's local storage and never leaves your device unless you explicitly enable cloud sync.

Settings and Preferences

Your Raft configuration (suspension timeout, auto-save interval, whitelist, etc.) is stored locally and is not transmitted anywhere.

Cloud Sync (Optional)

Google Drive

• Raft connects to Google Drive using Chrome's built-in OAuth flow.
• We request only the drive.appdata scope, which limits access to a private, app-specific folder. Raft cannot see, read, or modify any of your other Google Drive files.
• All session data is encrypted on your device using AES-256-GCM with a password only you know before it is uploaded.

What Is Stored in Google Drive

• Encrypted session data (tab URLs, titles, window/group structure)
• An encrypted sync manifest

OAuth Tokens

OAuth tokens are used solely to authenticate with Google Drive and are stored in your browser's local storage. They are never sent to any server other than Google's APIs.

Data Retention

Cloud-synced data remains in your Google Drive app folder until you disconnect from cloud sync in Raft's settings, at which point it is deleted. Uninstalling Raft does not automatically remove data from Google Drive — disconnect from cloud sync first if you wish to delete it.

Legal Basis for Processing (GDPR)

For users in the European Union and European Economic Area, we process data under the following legal bases:

• Legitimate interest — Processing tab data locally is necessary for the extension to function as described.
• Consent — Cloud Sync is entirely opt-in. You choose whether to enable it and provide your own encryption password.

Data We Do NOT Collect

• No browsing history
• No analytics or telemetry
• No usage statistics
• No crash reports
• No personally identifiable information
• No cookies or tracking pixels
• No data shared with third parties

Data Storage and Security

• All local data is stored using Chrome's chrome.storage.local API, protected by your operating system's user account.
• Cloud-synced data is encrypted with AES-256-GCM. Keys are derived from your password using PBKDF2 with 600,000 iterations.
• We do not operate any servers. Raft is a fully client-side extension.

Your Rights (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

• Access — You can request a copy of any personal data we hold about you.
• Rectification — You can request correction of inaccurate data.
• Erasure — You can request deletion of your data.
• Portability — You can request your data in a portable format.
• Restriction and objection — You can request that we limit or stop processing your data.

Since Raft collects no personal data beyond what is described above (and most of that stays on your device), these rights are largely satisfied by default.

To exercise any of these rights, contact us at privacy@raftapp.io.

Data Deletion

• Uninstalling Raft removes all locally stored data.
• To delete cloud-synced data, disconnect from cloud sync in Raft's settings before uninstalling.

Children's Privacy

Raft does not knowingly collect any data from children under 13 (or under 16 in the EU/EEA). Since we collect no personal data from any user, no special provisions are needed.

Changes to This Policy

If we make material changes, we will update the date above and notify users through the extension's update notes.

Contact

Questions about this policy, or need to make a data subject access request? Reach us at privacy@raftapp.io.