TIBLR

    Privacy Policy

    Last updated: February 11, 2026

    1. Introduction

    TIBLR ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and safeguard your information when you use our task management platform, including our website, web application, and Chrome Extension ("TIBLR – Gmail to Tasks"). This policy applies to all personal and sensitive user data handled by our services.

    2. Chrome Extension ("TIBLR – Gmail to Tasks")

    This section specifically addresses data practices for our Chrome Extension, which is available on the Chrome Web Store. The extension allows you to create tasks in TIBLR from emails you are viewing in Gmail.

    2.1 Data Collection

    The extension collects the following user data only when you explicitly click the "Add to TIBLR" button while viewing an email:

    • Email Subject Line: Used as the task title.
    • Email Body Text: Used as the task description.
    • Email URL: A reference link back to the original email in Gmail.

    The extension also collects:

    • Authentication Credentials (email and password): Used solely to authenticate with the TIBLR service via our secure API. Your password is transmitted over HTTPS and is never stored locally. Only a session token is retained in Chrome's local storage.

    2.2 Data the Extension Does NOT Collect

    • We do not read, scan, or access emails you have not explicitly chosen to convert into tasks.
    • We do not collect browsing history, web browsing activity, or any data from websites other than mail.google.com.
    • We do not collect contacts, calendar data, or any other Gmail or Google account data.
    • We do not run background data collection, scanning, monitoring, or tracking of any kind.
    • We do not collect data for advertising, analytics, or any purpose unrelated to task creation.

    2.3 How Extension Data Is Used

    Data collected by the extension is used exclusively for the following purposes:

    • Task creation: Email subject, body, and URL are used to create a personal task in your TIBLR account.
    • Authentication: Your email and password are used to sign you in to the TIBLR service so that tasks are created under your account.
    • Quick List display: The extension displays your existing tasks from TIBLR so you can view and manage them.

    We do not use extension data for advertising, selling to third parties, or any purpose other than providing and improving the TIBLR task management service for you.

    2.4 How Extension Data Is Stored

    • Server-side: Task data (title, description, email link) is stored in our encrypted PostgreSQL database hosted on Supabase, a SOC 2 Type II compliant infrastructure provider. Data is encrypted at rest using AES-256 encryption.
    • Client-side (local): Only an authentication session token is stored locally in your browser via Chrome's storage API. No email content, passwords, or personal data is cached or stored locally on your device.

    2.5 How Extension Data Is Shared

    Data collected through the extension is shared with the following parties and no others:

    • Supabase Inc.: Our infrastructure provider that hosts our database and authentication services. Supabase processes data on our behalf under a data processing agreement and is SOC 2 Type II certified.

    We do not sell, rent, trade, or otherwise share email content or user data collected through the extension with any other third parties, advertisers, data brokers, or information resellers.

    2.6 Data Transmission Security

    All data transmitted between the extension and our servers is sent over HTTPS (TLS 1.2 or higher). No data is transmitted in plain text. Authentication credentials are transmitted securely and are never logged or stored in an unencrypted format.

    2.7 Data Retention and Deletion

    Tasks created from emails are retained for as long as your TIBLR account is active. You may delete individual tasks at any time from within the TIBLR application. You may also request complete deletion of your account and all associated data by contacting us at privacy@tiblr.com. Upon account deletion, all your data—including tasks created via the extension—will be permanently removed from our servers within 30 days.

    3. Information We Collect (Web Application)

    When you use the TIBLR web application, we collect the following information:

    3.1 Information You Provide

    • Account Information: Email address, name, and profile picture.
    • Task Data: Tasks, descriptions, due dates, priorities, and status updates you create.
    • Team Information: Company name and team member relationships.
    • Communications: Comments, mentions, and messages within the platform.
    • Integration Data: If you connect third-party services (e.g., Slack, Gmail, Zoom), we collect OAuth tokens and relevant data from those services to provide integration features.

    3.2 Information Collected Automatically

    • Session Data: Authentication tokens and session identifiers.
    • Usage Data: Task engagement metrics, feature usage patterns, and interaction data to improve the service.

    4. How We Use Your Information

    We use the information we collect to:

    • Provide, maintain, and improve the TIBLR task management service.
    • Create tasks from data you explicitly submit (including via the Chrome Extension).
    • Send notifications, reminders, and updates about your tasks.
    • Facilitate team collaboration features within your organization.
    • Respond to your comments, questions, and support requests.
    • Monitor and analyze trends and usage to improve the service.
    • Detect, investigate, and prevent security incidents and abuse.

    We do not sell, rent, or trade your personal data or any user content to third parties for advertising or marketing purposes.

    5. How We Store Your Information

    All user data is stored using the following security measures:

    • Encryption at rest: All data is stored in encrypted PostgreSQL databases hosted on Supabase infrastructure (SOC 2 Type II certified).
    • Encryption in transit: All data transmissions use HTTPS (TLS 1.2 or higher).
    • Access controls: Database access is restricted via Row Level Security (RLS) policies ensuring users can only access data within their organization.
    • Authentication tokens: OAuth tokens for third-party integrations (Slack, Gmail, Zoom) are stored encrypted in our database and are never exposed to client-side code.

    6. How We Share Your Information

    We may share your information with the following parties:

    • Your Team Members: Task information, comments, and activity are visible to members of your organization as part of the collaboration features.
    • Supabase Inc.: Our database hosting and authentication infrastructure provider. Supabase processes data on our behalf and is SOC 2 Type II certified.
    • Resend Inc.: Our email delivery provider, used to send notification and reminder emails on our behalf.
    • Legal Requirements: When required by law, subpoena, or to protect our legal rights.
    • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.

    We do not share user data with advertisers, data brokers, or information resellers.

    7. Data Retention

    We retain your personal information for as long as your account is active or as needed to provide you the Service. You may delete individual tasks, comments, and other content at any time. You may request deletion of your entire account and all associated data by contacting us at privacy@tiblr.com. Upon account deletion, all personal data will be permanently removed from our servers within 30 days. Backups containing your data may persist for up to 90 days before being purged.

    8. Your Rights

    Depending on your location, you may have the right to:

    • Access: Request a copy of the personal information we hold about you.
    • Correction: Request correction of inaccurate information.
    • Deletion: Request deletion of your personal information and account.
    • Restriction: Object to or restrict processing of your information.
    • Portability: Request an export of your data in a machine-readable format.
    • Withdraw Consent: Withdraw consent at any time where we rely on consent to process your data.

    To exercise any of these rights, contact us at privacy@tiblr.com. We will respond to your request within 30 days.

    9. Cookies and Tracking

    We use cookies and similar technologies solely to maintain your authentication session and preferences. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. You can control cookies through your browser settings, though disabling them may affect Service functionality.

    10. Children's Privacy

    The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

    11. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the "Last updated" date, and where possible, sending you a notification. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

    12. Contact Us

    If you have any questions about this Privacy Policy or our data practices, please contact us at: