Legal

Privacy Policy

Glassy — New Tab · Last updated: June 6, 2026

This Privacy Policy explains how the Glassy Chrome extension ("Glassy", "we", "us") handles your data. Glassy is local-first: by default, everything stays on your device. Cloud features (an account and sync) are entirely optional and opt-in.

1. Summary

  • No account required. Glassy is fully usable without signing in. In that mode, none of your data leaves your device.
  • Optional account. If you choose to sign in with Google, we create an account to enable cross-device sync and Pro features.
  • We never sell your data, and we never show ads.

2. Data stored locally on your device

The following is saved on your computer using the chrome.storage.local API and stays on your device unless you enable sync:

  • Your name (for the greeting) and greeting/clock styling
  • Theme, font, and layout preferences
  • Background image URL or preference
  • Your To-Do list items
  • Your Notes
  • Your Quick Links
  • Your search engine preference
  • Your Focus Timer settings and stats

3. Account & authentication (optional)

If you choose "Continue with Google", we use Google OAuth (via our backend provider, Supabase) to sign you in. We receive and store your email address, and your name and profile picture from your Google account. We use this only to identify your account, enable sync, and manage your subscription. We do not access your Gmail, contacts, or any other Google data.

4. Cloud sync (Pro)

If you are signed in and have a Pro subscription, your workspace — to-dos, notes, quick links, and visual settings — is stored on our backend (Supabase) so it can sync across your devices. This is the only situation in which your content leaves your device, and it happens only because you opted into an account and Pro. Custom uploaded wallpapers are not uploaded. You can stop syncing at any time by signing out; your local data remains on each device.

5. Payments

Pro subscriptions and donations are processed by Paddle, our Merchant of Record. Paddle handles your payment details — we never see or store your card information. We store only your subscription status and Paddle customer/subscription identifiers, to know whether your account is Pro.

6. Third-party services

  • Google — sign-in (OAuth).
  • Supabase — authentication and, for Pro users, database hosting. Row-level security ensures you can access only your own data.
  • Paddle — payment processing (Merchant of Record).

We do not use advertising or analytics trackers.

7. Permissions and why Glassy needs them

All permission data is used only within your browser, and is transmitted only as described above (account/sync, if you enable it).

  • storage — save your settings, notes, and tasks.
  • identity — sign you in with Google (only if you choose to).
  • notifications — alert you when a Focus Timer session ends.
  • alarms — run the Focus Timer in the background.
  • contextMenus — the 'Save to Glassy Notes' right-click option.
  • activeTab & scripting — capture a screenshot of the current page when you click the screenshot action.
  • downloads — save screenshots and data exports to your computer.
  • offscreen — play timer sounds.
  • tabs (optional) — the Tab Manager tool; requested only when you use it.
  • topSites (optional) — the "Most Visited" widget; requested only when you enable it.
  • management (optional) — the Extensions Manager tool; requested only when you use it.

8. Your rights

  • Export: download all your data as a JSON file at any time (Settings → Export).
  • Deletion: you can delete your account and all associated cloud data. Deleting your account removes your cloud-stored data from our backend.

9. Data retention

Local data persists on your device until you remove it. Cloud data (for signed-in users) is retained while your account exists and is deleted when you delete your account.

10. Security

Data in transit is encrypted (HTTPS). Cloud data is protected by row-level security, so each user can access only their own records. Payment data is handled entirely by Paddle.

11. Children

Glassy is not directed to children under 13, and we do not knowingly collect data from them.

12. Changes to this policy

We may update this policy; the "Last updated" date above will reflect any changes.

13. Contact

Questions about this policy? Email mobaidkhan2@gmail.com.