Privacy Policy for OneMove Tab Shield

1. Introduction

Welcome to OneMove Tab Shield (referred to as "the Extension", "we", "us", or "our"). OneMove Tab Shield is a Chrome browser extension operated by OneMove("Company", "we", "us"). The Extension is designed to help users eliminate distractions, stay focused, and achieve their goals by blocking user-configured websites during active focus sessions.

We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share information when you install and use the Extension, as well as when the Extension synchronizes with our backend API hosted at https://onemoveflow.com(referred to as the "Service" or "Website").

By installing and using the Extension, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not install or use the Extension.

2. Information We Collect

To provide our core focus-session and distraction-blocking functionality, the Extension may process the following categories of information:

• Account and Authentication Information: When you log into your OneMove account through the Extension, we process your email address and authentication/session tokens (cookies or JWTs) to verify your account status and membership credentials.
• Focus Session Information: We track active focus state data including active task titles, timer durations, remaining focus seconds, remaining break seconds, session running/paused states, and capture logs (distractions or ideas you manually log during a session).
• Settings and Preferences: We process your personal settings, configuration preferences, and task lists, including your custom-defined blocked website domains.
• Browsing Activity (Limited Scope): The Extension monitors browsing activity (tab URLs) strictly locally on your machine. This monitoring is solely used to identify whether a URL you are visiting matches your user-configured blocklist during an active focus session. We do not track, log, or record your browsing history, search history, or page interactions.
• No Sensitive Information: The Extension does not collect health information, financial information, government identification numbers, biometric data, or record keystrokes.

3. How We Use Information

We process and use the collected information only to provide and maintain the core functionalities of the Extension. Specifically, we use this information to:

• Authenticate your account and verify your subscription status.
• Synchronize focus timer states, active task queues, and captured distraction logs in real-time between the Extension and the Website.
• Determine when a target browser tab matches a domain on your blocklist during an active focus session and redirect it to a local warning block page.
• Auto-resume or unblock websites when focus sessions are paused, completed, or during scheduled breaks.

We do NOT sell your data. • We do NOT share your data with advertisers or brokers. • We do NOT use your data for profiling, creditworthiness decisions, lending evaluations, or marketing campaigns.

4. Chrome Extension Permissions

To perform its functions, the Extension requires specific API permissions within the Google Chrome browser. Below is an explanation of why each permission is required:

• storage: Allows the Extension to save active focus states, task lists, and settings locally in the browser so that your session state is maintained if the background service worker goes to sleep or the browser is restarted.
• tabs: Required to detect the active tab's URL and window details to determine if a website should be blocked, to redirect tabs to the block page, and to focus your dashboard tab when a session timer expires.
• notifications: Used to show desktop system alerts and notifications immediately when a focus session finishes, reminding you to complete or adjust your tasks.
• alarms: Used to schedule reliable background timers (such as periodic synchronization and focus expiry alarms) that run independently of active browser tabs.
• Host Permissions (https://*.onemoveflow.com/*, http://localhost:3000/*): Required to allow the Extension background script to communicate with the OneMove backend API to fetch and update focus session data.

5. Data Storage and Security

Local Storage: The Extension stores settings, blocklists, and active focus timer parameters locally in the browser using the chrome.storage.local API.

Backend Synchronization: To ensure a seamless cross-device experience, active focus states, task statuses, and manual inbox captures are synchronized with the OneMove secure databases hosted at https://onemoveflow.com.

Data Security: We implement industry-standard security measures (such as HTTPS/TLS encryption for all API communications and bcrypt password hashing on our servers) to protect your synchronized account information from unauthorized access, alteration, or disclosure.

6. Data Sharing and Disclosure

We respect your privacy and only share your data under very limited circumstances:

• Service Providers: We may share data with trusted third-party service providers (such as database hosting and payment processors) solely to host and run our Service. These third parties are strictly prohibited from using your data for any other purposes.
• Legal Compliance: We may disclose your information if required to do so by law, court order, or governmental regulation, or in the good faith belief that such action is necessary to conform to legal requirements.
• Business Transfers: If OneMove is involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different Privacy Policy.

7. Third-Party Services

The Extension links and synchronizes with the Website, which may integrate third-party services (such as Stripe for subscription billing processing). We encourage you to review the privacy policies of these third-party integrations as their data processing practices are governed by their respective statements.

8. User Rights

Depending on your jurisdiction (such as under the GDPR or CCPA), you may have certain rights regarding your data, including the right to access, correct, delete, or object to/restrict the processing of your personal data. To exercise any of these rights, please contact us at support@onemoveflow.com.

9. Data Retention

We retain your synchronized personal data (such as account credentials and task lists) only for as long as is necessary to provide you with the Service or as required by law. Local storage data can be wiped at any time by uninstalling the Extension or clearing browser data.

10. Children's Privacy

The Extension is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it from our servers immediately.

11. International Users

The Extension and Website are hosted in the United States and other global cloud regions. If you are accessing the Service from the European Union, Asia, or any other region with laws governing personal data collection, use, and disclosure that differ from United States laws, please be advised that through your continued use, you are transferring your personal data to the United States and consent to that transfer.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this document. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Information

If you have any questions or concerns about this Privacy Policy or how the OneMove Tab Shield extension handles your data, please contact us:

• Operator: OneMove
• Website: https://onemoveflow.com
• Support Email: support@onemoveflow.com