This Privacy Policy describes how TabDo for Microsoft To Do ("we", "us", or "our") collects, uses, and discloses your information when you use our Chrome Extension (the "Extension"). We are committed to keeping this policy clear, honest, and human-readable.
Information We Collect
TabDo is a client-side Chrome Extension designed to help you quickly save web pages as tasks in your Microsoft To Do account. To provide this core functionality, we access the following information:
- Browser Data: We require access to your currently active tab's URL and title to create tasks with the correct context. The "Save All Tabs" feature additionally accesses the titles and URLs of all open tabs in your current window.
- Microsoft Account Information: We use the browser's identity API to securely authenticate you via OAuth 2.0 PKCE. We do not see or store your password. We receive a short-lived access token to communicate with the Microsoft Graph API on your behalf.
- Local Storage: We use the storage API to save your preferences — such as your preferred task lists, default reminder times, and extension settings — locally on your device. This data may sync across your browsers if you have browser profile syncing enabled.
How We Use Your Information
We use the information we collect strictly to provide and improve the Extension's features:
- To create tasks in your Microsoft To Do account using your selected tabs' URLs, titles, and your inputted notes.
- To fetch your Microsoft To Do task lists so you can select a destination for your tasks.
- To apply your customized user preferences stored locally on your device.
We do not collect or send your personal data to any external third-party servers. All communication happens directly between your browser and Microsoft's secure Graph API servers, for the sole purpose of managing your Microsoft To Do tasks.
Data Sharing and Disclosure
We do not sell, rent, or share your personal information with any third parties.
Your data is only shared with Microsoft via the Microsoft Graph API to facilitate the creation and management of tasks in Microsoft To Do. We operate strictly within the permissions you explicitly grant when authenticating.
The only external service TabDo communicates with is Microsoft's official servers (graph.microsoft.com and login.microsoftonline.com). No analytics platforms, no advertising networks, no crash reporters — nothing else.
Permissions Required
The Extension requests the following Chrome permissions to function properly. Each has a specific, limited purpose:
Security
All communication with Microsoft's servers occurs exclusively over HTTPS using official Microsoft APIs. We use OAuth 2.0 PKCE — the industry-standard secure flow for public clients like browser extensions — meaning no client secret is ever embedded or transmitted.
Access tokens are short-lived and stored within your browser's sandboxed chrome.storage.local environment. They are never transmitted to any server we operate, and are discarded when you sign out.
TabDo is built with 100% Vanilla JavaScript — no third-party libraries, no minified bundles hiding unknown code. The extension's source is straightforward and fully auditable.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, or for operational, legal, or regulatory reasons. When we make changes, the "Last Updated" date at the top of this page will be revised accordingly.
We encourage you to review this Privacy Policy periodically. Continued use of the Extension after any changes constitutes your acceptance of the updated policy.
Contact Us
If you have any questions, concerns, or feedback regarding this Privacy Policy or how TabDo handles your data, please contact the developer via the official Chrome Web Store listing page or the extension's support channel.
We take all privacy concerns seriously and will respond promptly to any inquiries.
Contact via Chrome Web Store