Privacy Policy

1. Data We Process

Linxy Tab processes different categories of data in different ways. The overview below reflects how the extension actually works:

2. Data Stored Locally

By default, your content is stored in your browser's chrome.storage.local. This data does not leave your device unless you explicitly enable sync, AI, sharing, or other external features described in this policy.

We have no access to your locally stored data and cannot recover it if you clear your browser data. We strongly recommend using the built-in Export feature or enabling WebDAV sync for backup purposes.

3. User-Initiated Saving and Tab Features

Linxy Tab reads tab title and URL only for user-initiated actions. It does not continuously track or upload browsing history for advertising or profiling.

• Open Tabs panel: reads currently open tab titles and URLs when you open the panel.
• Save current page / Save all tabs / Quick Save (Alt+S): triggered only when you choose these actions.
• Save-and-close and tab stash workflows: user-initiated; may move tabs into Inbox staging.
• Recent Visited: shows locally stored last-opened timestamps on saved cards — not a full browsing-history feed.
• Inbox (staging area): temporarily holds batches of saved tabs or cards locally until you organize them.
• Native bookmark import: reads browser bookmarks via the chrome.bookmarks API only when you explicitly trigger import.

4. Right-Click Save / Context Menu

Linxy Tab adds Chrome right-click menu entries so you can save content without opening the dashboard first. Context menu actions run only when you click them — there is no background monitoring of web pages.

• When used, the extension reads the page URL, link URL, page title, and/or selected text for the save action you chose.
• This information is stored locally as a bookmark card or note.
• No data is collected when the context menu is not used.

5. WebDAV Sync

WebDAV sync is optional and uses a server you configure (for example Synology NAS, QNAP, Nextcloud, Nutstore, or Teracloud). Linxy Tab does not host, relay, or have access to your WebDAV server or the data stored on it.

• When enabled, Linxy Tab may upload your full Linxy Tab library to your WebDAV server, including bookmark titles, URLs, descriptions, structure, Inbox batches, Trash records, settings, and backup metadata.
• WebDAV credentials are used only in the Authorization header for authentication. They are not written into the sync payload.
• Your WebDAV password is stored locally with XOR obfuscation. This is obfuscation, not strong encryption.
• P2P Sync (PeerJS): optional direct browser-to-browser sync via WebRTC. Signaling servers are used only for initial peer discovery and do not receive your encrypted data payload.

You are solely responsible for the security, availability, and privacy practices of your chosen sync infrastructure.

6. AI Features and AI Providers

• AI Search: may send matched candidate card titles, URLs, and descriptions (sanitized and budget-truncated) to your configured AI provider or local Ollama for semantic search.
• AI Review (Organize Center): sends structure summaries only — workspace/collection/group names, counts, and sample card titles with domains. It does not send full URLs, descriptions, or your complete library.
• Knowledge Map structure diagnosis: sends hierarchy names and count statistics only. It does not send card titles, URLs, descriptions, or page body content.
• AI Auto-Rewrite / Auto-Categorize: when enabled, sends relevant card content to your configured provider. These features are opt-in and can be disabled.
• Local AI (Ollama): you can run AI features entirely on localhost (11434). In this mode, data stays on your machine.
• Optional host permissions: additional AI provider domains and https://*/* are requested only after explicit user configuration or action (custom AI endpoints, link health checks).

Usage of third-party AI services is subject to their respective privacy policies. Linxy Tab records limited AI feature interaction statistics on official servers (model ID and prompt type only) — no prompt content is logged by us.

7. Linxy Assistant Context

Linxy Assistant (the in-extension AI companion) sends your typed instruction plus bounded plugin context to your configured AI provider when you use AI-powered commands.

• Context may include current view, workspace name summaries, visible or selected bookmark titles and domains, and truncated selected URLs — controlled by your Privacy & Context settings and a character budget.
• It does not send your full bookmark library, open tabs list, Trash/Inbox datasets, API keys, WebDAV passwords, license codes, or payment information.
• The search bookmarks tool delegates to AI Search and follows the same bounded payload rules described above.
• Local-only commands (such as opening settings or sync panels) do not call external AI services.
• Privacy consent is required before the first AI send.

8. Knowledge Map, AI Review, and Space Cleaner

• Knowledge Map: structure and layout state is stored locally. AI structure diagnosis sends hierarchy summaries only (see Section 6). Export features process your local data in the browser.
• AI Review (Organize Center): generates suggestions from local structure summaries sent to your AI provider when you click Generate (see Section 6).
• Space Cleaner: scans locally stored bookmark data to find duplicates, broken links, or unused items. Scan results are cached locally. Link health checks, when run, connect only to URLs you choose to check — not to Linxy servers for profiling.

9. License Verification and Pro Entitlements

When you activate a Pro license, the extension sends your license key and device binding metadata to official Linxy verification servers. This is used solely to:

• Validate your license key authenticity
• Enforce the device activation limit (up to 3 devices per license)
• Check for license expiration (annual licenses only)
• Verify Creator subscription and Pro entitlement status
• Fetch remote configuration and feature flags

Periodic silent license verification may run via chrome.alarms. If verification fails due to network issues, the extension continues to function with an offline grace period — your workflow is not interrupted by transient network errors.

10. Limited Feature Interaction Statistics

We collect minimal operational statistics to understand general usage trends and improve the product. These are not used for advertising profiling:

• Daily Active User (DAU): an anonymized device identifier (randomly generated UUID), Pro/Free plan status, and extension version may be reported once per day.
• Sponsor/recommendation events: impression and click events may include limited operational fields such as ad ID, event type, and plan group (guest/vip/kol). Browsing history is not included.
• AI feature usage: model ID and prompt type only. No prompt content, user identity, or card data is included.
• Creator/recommendation interactions: limited counts for recommendation and creator features where enabled.

Statistics can be remotely disabled via the Kill Switch (see Section 11). None of this data is sold or used to build advertising profiles.

11. Kill Switch & Remote Configuration

Linxy Tab includes a Kill Switch mechanism that allows us to remotely disable specific features in emergency situations (for example a critical security vulnerability or legal compliance requirement). The Kill Switch can independently toggle:

• Statistics / telemetry reporting
• Sponsor card display
• AI features
• Creator broadcast system
• Version update notifications

The extension checks Kill Switch configuration on startup and when the Pro panel is opened. This mechanism fetches feature-flag configuration only — it does not upload your bookmark or card content.

12. Creator, Recommendation, and Shared-Site Features

Creator and recommendation features are entirely opt-in:

• Creator Share: when a Creator publishes a navigation site, the selected collection is uploaded to our server after explicit confirmation. Shared content is publicly accessible via a share link.
• Creator Broadcast: Creators can send push notifications to subscribers. Broadcast messages are stored on our server. No subscriber personal data is exposed to the Creator.
• Creator Subscriptions: subscription status is stored on our server. You can unsubscribe at any time.
• Official website message bridging: content scripts on official Linxy domains may relay website messages to the extension for onboarding or account-related flows.

If you do not participate in Creator or recommendation features, no Creator-related bookmark content is uploaded.

13. Sponsor or Recommendation Cards

Free-tier users may see sponsor or recommendation cards in the sidebar. These are content recommendations from our partners:

• Sponsor/recommendation content requests and interaction events may include limited operational fields such as plan group or event type — not browsing history.
• Impressions and clicks are tracked for billing and product analytics purposes.
• Pro users can disable sponsor cards via the sidebar toggle.
• We do not use third-party advertising networks, behavioral targeting, or tracking cookies for ad profiling.

14. Payment Information

15. Third-Party Integrations

The extension may interact with third-party services that you configure or enable:

• AI Providers (OpenAI / Anthropic / Google / DeepSeek / Ollama / BYOK): bounded prompts and context are sent directly to your configured provider. We do not proxy or log prompt content. See Sections 6–7.
• WebDAV Servers: sync data is transmitted directly to your self-hosted server. See Section 5.
• Official Linxy APIs: license verification, remote config, feature flags, and limited statistics. See Sections 9–10.
• RSS Feeds: requests are made directly from your browser to feed URLs you subscribe to.
• Webhook Cards: HTTP requests are sent directly to URLs you specify.
• Browser Bookmarks: import reads native bookmarks locally for conversion into Linxy Tab cards.
• Favicon Service: favicons are fetched via Chrome's built-in chrome://favicon/ API. No data is sent to our servers for favicons.

Use of third-party services is subject to their respective privacy policies and terms of service.

16. Data Import, Export, and Time Machine Backups

You can export all your data at any time as a JSON file via the Settings panel. Import operations are processed entirely in your browser — no data is uploaded to our servers during import/export.

Before a JSON import overwrites your current data, a snapshot is automatically created in the Time Machine backup system, allowing you to restore your previous state if needed.

Time Machine automatically creates local snapshots:

• Up to 7 daily snapshots (rotating)
• Up to 4 weekly snapshots (rotating)
• Up to 6 monthly snapshots (rotating)

All snapshots are stored locally in your browser's storage. They are never transmitted to our servers unless you separately enable WebDAV sync.

17. Data Retention and Deletion

• Local data: retained in your browser until you manually clear it or uninstall the extension. Uninstalling permanently deletes all locally stored data.
• License data: retained for the duration of your license plus 30 days after expiration, after which it is anonymized on our servers.
• Usage statistics: aggregated counts retained for up to 90 days. Individual device records are discarded after aggregation.
• Creator shared content: retained until the Creator deletes the share or their account is terminated. Subscribers can unsubscribe at any time.
• Payment records: retained by Paddle in accordance with their data retention policies and applicable financial regulations.

18. Your Rights

Depending on your jurisdiction (including GDPR in the EEA, CCPA in California, and similar laws), you may have the right to:

• Access the personal data we hold about you
• Request correction or deletion of your data
• Object to or restrict processing of your data
• Data portability (export your content in a machine-readable format)
• Withdraw consent at any time (where processing is based on consent)

Since most of your data is stored locally on your device, you can exercise many of these rights directly through the extension's built-in features (Export, Delete Data, Clear Storage). For server-side data, please contact us at hello@linxytab.com.

19. Children's Privacy

The extension is not intended for children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child under the applicable age, we will take prompt steps to delete such information.

20. International Data Transfers

Our verification and statistics servers are located in the United States and Hong Kong. If you are accessing the extension from the European Economic Area (EEA), United Kingdom, or other regions with data transfer restrictions, please be aware that your license verification data and limited statistics may be transferred to and processed on servers outside your jurisdiction. We implement appropriate safeguards to ensure your data remains protected.

21. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also notify you through the extension's notification center. You are encouraged to review this Privacy Policy periodically.

22. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: hello@linxytab.com
• Website: https://linxytab.com