OrbitHub Privacy Policy

Effective date: June 14, 2026 · Last updated: June 14, 2026

OrbitHub is a browser extension that replaces your new tab page with a personal start page featuring a speed dial, bookmarks, and built-in search. The extension can work entirely locally, or optionally sync your data across devices through the OrbitHub cloud service.

This Privacy Policy explains what data we collect, how we use, store, and protect it, and what rights you have.

1. Who we are

OrbitHub is developed and maintained by an independent developer. For any privacy-related questions, you can contact us:

Email: vladmaster29@gmail.com

2. What data we collect

We only collect data that is necessary for the extension and the sync feature to work. The amount of data we collect depends on whether you sign in and enable synchronization.

2.1. Data that stays local

If you do not sign in, your data (bookmarks, shortcuts, search engines, and appearance settings) is stored only locally in your browser (storage / chrome.storage.local) and is never sent to our servers.

2.2. Account data

When you register or sign in, we process:

Email — to identify your account, sign you in, and recover your password;
Password hash — we never store your password in plain text, only its cryptographic hash (if you use email-and-password sign-in);
Google ID and avatar URL — if you choose to sign in with Google (OAuth);
Temporary one-time password-reset code (stored hashed) and its expiry — only during the "forgot password" flow;
Technical timestamps — your account creation date and last sync time.

2.3. User content (when syncing)

When synchronization is enabled, the data you create in the extension is sent to and stored on our server:

Speed dial items and bookmarks — name, URL, icon, background color, folder structure, and sort order;
Custom search engines — name, search URL template, and icon;
Appearance and interface settings — clock, search bar, and dial panel visibility, default search engine, hidden built-in search engines, background image/gradient, and background blur and dim.

2.4. Data we do NOT collect

We do not track your browsing history.
We do not collect the contents of the websites you visit.
We do not use analytics trackers, ad networks, or third-party pixels.
We do not sell your data or share it with third parties for advertising.

In accordance with Mozilla Add-ons requirements, the extension declares the collection of personally identifying information (personallyIdentifyingInfo — email and account data) and bookmark information (bookmarksInfo — the links and speed dial entries you save).

3. Extension permissions and why they are needed

The extension requests the following browser permissions:

Permission	Why it is used
`storage`	Local storage of your bookmarks, search engines, and settings in the browser.
`activeTab` / `tabs`	Reading the current tab's URL and title to add it to your speed dial via the extension button.
`identity`	Secure sign-in with Google OAuth (`launchWebAuthFlow`).
Sync server access	Communication with the OrbitHub cloud API for sign-in and data synchronization.

The extension also replaces your new tab page (newtab) with the OrbitHub start page.

4. How we use data

We use the collected data solely to:

provide the core extension functionality (speed dial, bookmarks, search);
create your account and authenticate you when signing in;
synchronize your data across devices;
enable account recovery (password reset);
maintain the availability, security, and stability of the service.

We do not use your data for advertising, profiling, or sale to third parties.

5. Sign-in with Google

If you choose to sign in with Google, authentication is performed via Google OAuth. We only receive the basic profile data needed to create your account (identifier, email, and avatar URL). We do not have access to your Google password or to any other Google data.

Use of data received from Google is governed by the Google Privacy Policy.

6. Data storage and security

Passwords are stored only as cryptographic hashes, never in plain text.
Password-reset codes are stored hashed and have a limited validity period.
Data is transmitted between the extension and the server via network requests to the sync API.
Access to account data is restricted and used only to provide the service.

Despite the measures we take, no method of transmission or storage over the internet is completely secure, so we cannot guarantee absolute security.

7. Sharing with third parties

We do not sell, rent, or share your personal data with third parties, except where it is:

necessary for the infrastructure to function (the Google authentication provider, when you choose to sign in with Google);
required by law or in response to lawful requests from government authorities.

8. Data retention

We retain your account data and synced content for as long as your account exists. When you delete your account, the data associated with it (bookmarks, search engines, settings) is deleted cascadingly.

Local data is stored in your browser until you delete it or remove the extension.

9. Your rights

Depending on your jurisdiction, you may have the right to:

access the data we hold about you;
correct inaccurate data;
delete your account and its associated data;
withdraw consent by stopping the use of synchronization or removing the extension.

To exercise these rights, contact us at the address listed in Section 1.

10. Children's privacy

The service is not intended for children under the age of 13, and we do not knowingly collect data from such users.

11. Changes to this policy

We may update this Privacy Policy from time to time. For material changes, we will update the effective date at the top of this document. We recommend reviewing this page periodically.

← Back to OrbitHub