Privacy Policy — Uncluttr

Last Updated: March 2nd, 2026

This Privacy Policy explains how Nair Development Hub SRL ("Uncluttr", "we", "us") collects, uses, stores, and shares information when you use the Uncluttr browser extension and related services (the "Service").

If you do not agree with this policy, do not use the Service.

Contact: contact@uncluttr.net

1) Who is the controller?

For GDPR purposes, Nair Development Hub SRL, located at Romania, Ilfov, Str Tineretului 63, is the data controller of personal data processed through the Service.

2) What data we process

A) Data stored locally on your device (core extension functionality)

Uncluttr stores most data locally in your browser extension storage so it can provide tab/workspace functionality. This may include:

• Tab information: tab URLs, tab titles, and tab state (e.g., pinned, muted, active, last activated).
• Workspace and group information: workspace/group IDs, names, colors, ordering, collapsed state, and timestamps.
• Mappings: internal IDs that link browser tabs/groups/windows to Uncluttr's stable identifiers.
• Settings: your preferences and feature toggles.
• Internal marker tabs (extension pages): Uncluttr may create an internal extension tab to help maintain workspace state; this is not a normal website tab.

Where it's stored: your device (e.g., IndexedDB / extension storage).
We do not need to collect this data on our servers for core functionality.

B) Account and authentication data (optional)

If you choose to sign in, we process:

• Account identifiers (such as email, depending on your sign-in method)
• Authentication/session tokens (stored locally to keep you signed in)
• Plan and entitlement information (free/pro status)

Billing details (optional): If you purchase a paid plan, we (and/or our payment processor) may process billing details such as your name and billing-related identifiers to manage your subscription, invoices, and payment status.

C) AI grouping data (optional; only when you use it)

If you use AI grouping, Uncluttr sends data to our server for the purpose of generating grouping suggestions. This may include:

• Tab titles and URLs you choose to group
• Existing group/workspace metadata (e.g., group names/colors) to improve suggestions
• A request identifier and your account/plan status (to enforce limits)

Our server may forward relevant portions of this request to a third-party AI provider to generate the suggestions, then returns the result back to your extension.

AI outputs may be inaccurate. You remain in control of whether to apply suggestions.

To improve performance and reduce repeated processing, we may temporarily store a non-reversible hash derived from the AI grouping request (for example, a hash of a normalized representation of the request) and the corresponding AI response for a short period.
We do not store the raw tab list as part of this cache. The cache is used only to return the same result for the same request and to reduce repeated AI calls.
We do not intentionally include sensitive data in cached material, and we apply minimization measures described below.

D) Feedback and support (optional)

If you submit feedback or a support request, we process:

• The message content you submit
• Contact information you provide (and/or account identifiers if you are signed in)
• Basic metadata necessary to route/respond (e.g., time submitted)

E) Subscriptions and billing (optional)

If you purchase a paid plan:

• Payments are processed by Stripe
• Stripe may process billing details (e.g., payment method and invoices)
• We may store subscription status and Stripe identifiers (e.g., customer/subscription IDs) to manage your plan

F) Basic technical logs

When you use network features (sign-in, AI grouping, billing portal, feedback), our servers may process limited technical data such as:

• IP address, timestamps, request IDs
• Error logs and security events
• Rate-limiting signals (to prevent abuse)

3) Why we process data (purposes)

We process data to:

1. Provide core extension features (tab/workspace/group management, restore, search, settings)
2. Provide optional account features (sign-in, plan/entitlements)
3. Provide optional AI grouping (generate grouping suggestions)
4. Provide support and handle feedback
5. Process subscriptions and manage billing
6. Maintain security, prevent abuse, and improve reliability

4) Legal bases under GDPR

Depending on the feature, we rely on:

• Contract (Art. 6(1)(b)): to provide the Service and the features you request
• Legitimate interests (Art. 6(1)(f)): to secure the Service, prevent abuse, and debug/improve reliability
• Consent (Art. 6(1)(a)): where required or appropriate for optional processing (you may withdraw consent at any time)
• Legal obligation (Art. 6(1)(c)): for accounting/tax and other compliance obligations (e.g., billing records)

AI data minimization and storage: When you use AI grouping, we process the data needed to generate suggestions (such as tab titles and URLs). We do not build a persistent database of your tab lists or AI grouping requests.
We may retain limited information briefly for:

• Caching (to avoid repeated AI calls for identical requests), and
• Security/error logging (to diagnose failures and prevent abuse).

Where feasible, we minimize what is retained (e.g., retaining a hash key instead of raw inputs, and redacting or excluding sensitive values from logs). Retained troubleshooting data is kept only for a short period and then deleted or anonymized.

5) Sharing and third parties (processors)

We share data only as necessary to provide the Service:

• Authentication / database provider (e.g., Supabase) for sign-in and profile/plan data
• Payment processor (Stripe) for subscriptions and billing
• Email delivery / support tooling (e.g., Loops) to forward feedback/support messages
• AI providers (only when you use AI grouping) to generate suggestions
• Infrastructure providers (hosting, security, rate limiting) to operate and protect the Service
• Analytics (optional): We may use analytics to understand how the Service is used (for example, feature usage counts, performance metrics, and error rates) so we can improve reliability and usability.

Analytics data may include events like button clicks or feature usage, basic device/browser metadata, and coarse timestamps. We aim to avoid collecting the contents of your tabs (URLs/titles) for analytics.
Where required by law, we will request your consent before enabling analytics that involves identifiers or similar tracking technologies, and you can disable analytics in settings where available.

These providers act as data processors where applicable, under contracts designed to protect your data.

We do not sell your personal data.

6) International data transfers

Some providers may process personal data outside the EEA/UK. When we transfer personal data internationally, we use appropriate safeguards such as:

• Standard Contractual Clauses (SCCs)
• Additional measures where required

You can contact us to request more details about the safeguards used for a specific provider.

7) Data retention

• Local extension data (tabs/workspaces/groups): retained on your device until you delete it, clear extension data, or uninstall the extension.
• Account/profile data: retained while your account is active and as needed afterward for security, dispute handling, and legal compliance.
• AI grouping requests: processed to generate suggestions; we may retain limited metadata such as usage counters and security logs.
• Feedback/support: retained as long as needed to respond and for reasonable support records.
• Billing records: retained as required by law and accounting requirements; Stripe retains data under its own policies.
• Caching (AI grouping): Hash-based cache keys and cached responses, where used, are retained for up to 1 hour and then deleted.
• Security and error logs: Operational logs used for security, abuse prevention, and debugging are typically retained for a short period of time, unless a longer period is required to investigate abuse or comply with legal obligations.
• Analytics: Analytics data is retained for as long as necessary to support product development, performance monitoring, and service improvement. When it is no longer required for these purposes, it is deleted or anonymized.

8) Your GDPR rights

If you are in the EEA/UK, you have rights including:

• Access to your personal data
• Rectification (correction)
• Erasure
• Restriction of processing
• Objection (where we rely on legitimate interests)
• Data portability (where applicable)
• Withdrawal of consent (where we rely on consent)
• Complaint to your supervisory authority

How to exercise rights: email contact@uncluttr.net.

Local data note: Much of your data (like tab URLs/titles) is stored locally on your device. You can delete it directly by clearing Uncluttr's data or uninstalling.

9) Security

We use reasonable technical and organizational measures to protect data, such as access controls, token validation for protected endpoints, and anti-abuse protections (e.g., rate limiting). No method of transmission or storage is fully secure.

10) Children

The Service is not directed to children under 13 (or the minimum age required by your jurisdiction). We do not knowingly collect personal data from children.

11) Chrome Web Store user data compliance (Limited Use)

Uncluttr complies with Chrome Web Store policies, including requirements applicable to extensions that handle user data.

In particular:

• We only use data to provide the user-facing features described in this policy.
• We request permissions only when necessary for functionality (e.g., managing tabs/groups, storing settings, optional sign-in).
• If you use AI grouping, tab titles/URLs may be sent to our server and an AI provider only to generate suggestions.

12) Changes to this policy

We may update this Privacy Policy. If changes are material, we will update the "Last updated" date and provide additional notice where appropriate.

13) Contact

Controller: Nair Development Hub SRL
Email: contact@uncluttr.net
Address (optional): Romania, Ilfov, Str Tineretului 63