Privacy Policy
Last updated: 4 July 2026
Who we are
Tabtime (“we”, “us”) provides automatic time tracking for client work at tabtime.io, together with a Chrome extension and an IDE extension (for Cursor, VS Code, and other VS Code-based editors) that record working time and sync it to your Tabtime dashboard. This policy explains what data we collect, why, and what control you have over it. Questions: support@tabtime.io.
What we collect
Account information. Your email address and a password when you sign up. Passwords are handled by our authentication provider (Supabase) and stored only in hashed form — we never see or store your plaintext password.
Data you enter. Client names, retainer budgets, hourly rates, currency, and other settings you configure in the dashboard.
Time-tracking data. When you pair an extension with your account using a device token, it records and sends to your dashboard:
- From the Chrome extension: the name of the active named tab group, the website domain (hostname only, e.g.
figma.com), and the start time, end time, and duration of each session. - From the IDE extension (Cursor, VS Code, etc.): the workspace folder name, the client it is mapped to, and the start time, end time, and duration of each session.
Payment information. If you subscribe to a paid plan, payment is processed by Stripe. We receive your subscription status and plan; we never receive or store your card number.
Technical data. Like nearly every web service, our hosting infrastructure records standard request logs (IP address, browser user agent, timestamps) for security and reliability. We do not use them to profile you.
Website analytics (optional). If you accept analytics cookies on tabtime.io, we use Google Analytics and Microsoft Clarity to understand aggregate usage of our marketing site (for example page views and navigation patterns). These tools may set cookies or similar identifiers in your browser once you consent. We configure them for analytics only — not advertising — and tracking stays disabled until you accept. You can accept or reject via the cookie banner, or change your choice anytime using “Cookie settings” in the site footer.
Cookies
Essential cookies. When you sign in, our authentication provider (Supabase) sets session cookies so you stay logged in. These are strictly necessary to operate your account and do not require consent.
Analytics cookies (optional). With your consent, Google Analytics and Microsoft Clarity may store cookies or local storage entries to distinguish visits and measure site usage. The tags are present on the site with tracking disabled by default; we only enable measurement after you click “Accept analytics” on the cookie banner. If you reject, tracking stays off.
Your choice is stored locally in your browser (under tabtime_analytics_consent) so we remember it on return visits. You can withdraw consent at any time via “Cookie settings” in the footer and choosing Reject.
Third-party processors. Google Analytics is provided by Google LLC; Microsoft Clarity is provided by Microsoft Corporation. Each processes data under its own privacy policy as our processor for website analytics. We do not sell data collected through these tools.
What we never collect
- Full URLs, page titles, or page content — only the domain.
- Anything from ungrouped tabs, unnamed tab groups, or browser pages (chrome:// and extension pages).
- Screenshots, keystrokes, mouse movement, or webcam/microphone input.
- File names, file contents, or code from your IDE workspaces — only the workspace folder name.
- Browsing activity while the extension is paused, while you are idle, or while Chrome is not the focused window.
How we use your data
We use your data solely to provide Tabtime: showing your tracked time, retainer usage, and reports; syncing your extensions; and operating your subscription. We do not sell your data, share it with advertisers, or use it for any purpose unrelated to time tracking.
Where your data lives
Your data is stored in a Postgres database managed by Supabase, and the web application is hosted on Vercel. Payments are processed by Stripe. These providers act as processors on our behalf and do not use your data for their own purposes. Data is encrypted in transit (TLS) and at rest.
Retention and deletion
We keep your data for as long as your account exists. You can delete tracked time, clients, and device pairings from the dashboard at any time, and export your data as CSV from the Reports page. To delete your account and all associated data, email support@tabtime.io and we will complete the deletion within 30 days.
Your rights
Depending on where you live (including under UK and EU GDPR), you have the right to access, correct, export, restrict, or delete your personal data, and to object to its processing. You can exercise most of these directly in the dashboard; for anything else, email us and we will respond within 30 days. You also have the right to complain to your local data-protection authority.
Changes to this policy
If we make material changes to this policy, we will update the date at the top of this page and notify you by email or in the dashboard before the changes take effect.