← Back to MyOnlyTab

Privacy Policy

Last updated: February 2026

1. What We Collect

MyOnlyTab stores your tasks, focus preferences, site classifications, and settings locally on your device using browser storage (localStorage and chrome.storage). We do not collect, transmit, or store any personal data on our servers by default. The sections below describe the specific situations where data leaves your device.

2. AI Task Enrichment (Opt-in)

AI task enrichment is disabled by default. If you choose to enable it in Settings → Focus, the following data is sent to Mistral AI (an EU-based AI provider) for each enrichment request:

  • Task title and notes text
  • The current hour of day
  • Anonymised behavioural patterns learned from your past usage (e.g. your typical peak productive hour, which task types you complete most often)

No account information, name, email, or browsing history is included. Behavioural patterns are transmitted as qualitative labels only (e.g. "energizing", "draining") — raw numerical scores are never sent. You can disable AI enrichment at any time. Disabling it reverts all sorting to a fully local algorithm.

We have signed a Data Processing Addendum (DPA) with Mistral AI in accordance with GDPR Article 28. We have also opted out of model training in the Mistral console, meaning your data is never used to train or improve Mistral AI's models.

3. Cloud Sync (Optional)

If you enable cloud sync, your data is encrypted client-side (AES-256-GCM) before being uploaded to the cloud storage provider of your choice. We never have access to your unencrypted data. Sync is entirely optional and disabled by default.

4. Favicon Service

To display website icons, MyOnlyTab uses a self-hosted favicon service. Your server fetches favicons directly from the target website and caches them. If a direct fetch fails, our server may fall back to Google's favicon service (google.com/s2/favicons) as a last resort — in that case, Google receives the domain name and our server's IP address, not yours. Your browser only ever communicates with our server.

5. Wallpapers (Optional)

If you choose to use a wallpaper from the Unsplash library, the wallpaper image is loaded directly from Unsplash's CDN (images.unsplash.com). Unsplash may log your IP address and the image requested. Using solid colours or your own images involves no third-party requests.

6. Weather (Optional)

If you enable weather, you enter a city name in settings. That name is stored only on your device. Your browser sends it directly to Open-Meteo (an open-source, no-account weather API) to look up the forecast. We never collect GPS or device location, and our servers never see your city.

7. Browser Extension Permissions

The MyOnlyTab browser extension requests the following permissions:

  • tabs — to detect the current page domain for site classification and tab snoozing.
  • activeTab — to interact with the currently active tab when you use quick actions from the extension popup.
  • storage — to save your tasks, rules, and preferences locally.
  • contextMenus — to let you create tasks from right-click context menus.
  • alarms — to reopen saved tabs at their scheduled time.
  • scripting — to inject the content script that bridges communication between the webapp and extension.
  • system.display — to detect screen dimensions for split-view window positioning.
  • declarativeNetRequest — to redirect navigations to sites you have classified as distractions to an in-extension enforcement page, preventing the distraction site from loading. No browsing data is sent externally; the redirect target is a local extension page.
  • webNavigation — to detect single-page-application navigations so that site blocking rules apply even when a site changes its URL without a full page load.
  • notifications — to surface saved-tab reminders and focus-mode alerts.

No data from these permissions is transmitted to any external server. When a site is blocked, your browser is redirected to a page bundled inside the extension — the distraction site never loads and no request is made to it.

8. Rate Limiting & Server Logs

When you use features that make server-side requests (AI enrichment, search, wallpapers), our API server temporarily stores your IP address in memory to enforce rate limits (e.g. 60 requests per minute). This data is never written to disk or shared with third parties, and is automatically cleared when the rate-limit window expires (typically within 1 minute).

9. Analytics

We do not use any third-party analytics or tracking services. No cookies, tracking pixels, or fingerprinting scripts are loaded. If this changes in the future, we will update this policy and implement appropriate consent mechanisms.

10. Data Deletion

You can delete all your data at any time from the Settings page (Profile → Data Management). Uninstalling the extension removes all extension-stored data. Clearing browser data removes all webapp-stored data.

11. Contact

If you have questions about this privacy policy, please contact us at privacy@myonlytab.com.