Last updated: July 8, 2026
Overview
Corvie is a browser extension for saving, organizing, searching, and revisiting browser tabs as structured sessions. This policy explains what data Corvie collects, how that data is used, and when it is shared with service providers.
Controller And Contact
Corvie is operated by Alex Teghipco. For privacy questions or requests, contact support@corvie.app.
Data Corvie Collects
- Firebase sign-in information, such as user ID, email address, sign-in provider, and authentication session metadata, when the user enables paid Corvie Cloud sync.
- Billing metadata for paid Corvie Cloud subscriptions, such as Stripe customer ID, subscription status, entitlement tier, and billing-management timestamps. Corvie does not store full payment card numbers.
- Saved tab data, including URLs, page titles, timestamps, tab order, window/session metadata, and tab group metadata.
- User-created organization data, including collections, tags, notes, comments, favorites, colors, pinned sections, and settings.
- Local settings, including display preferences, AI preferences, subscription mode, encrypted keyring metadata when cloud sync is enabled, and Google Calendar connection metadata.
- If hosted AI organization is enabled and used, selected saved tab titles, URLs, notes, tags, prompts, recent collection title references, and existing tag names may be sent to a Firebase Cloud Function and the selected hosted AI provider to generate summaries, tags, groups, and collection suggestions. If the optional "Follow URLs" setting is also enabled, the AI provider may fetch and read the content of linked pages as part of that request.
End-to-End Encryption
Free local-only libraries are stored in the browser's extension storage on that device and are not uploaded to Firebase by Corvie. They do not sync across browsers or platforms unless the user upgrades to Corvie Cloud and explicitly uploads the local library.
Saved tab data and user-created organization data are encrypted on the user's device before they sync through Corvie Cloud. Corvie's servers store only encrypted data and an encrypted ("wrapped") copy of the user's data key; the passphrase that unlocks it never leaves the user's devices, so neither Corvie nor its service providers can read a synced library.
- There is no passphrase reset. A user who loses both their passphrase and their one-time recovery code permanently loses access to their synced data — Corvie cannot recover it.
- Server-side records that remain outside the encryption are limited to account identity, encrypted-record counts and sizes, timestamps, and key-derivation parameters.
- Export files the user downloads are unencrypted JSON exports, intended as the user's own access, portability, and recovery copy; they should be stored carefully.
- When the user explicitly runs hosted AI organization, the selected data is decrypted on the user's device and sent to the AI provider for that request only, as described above.
How Data Is Used
- To save, locally persist, sync when paid cloud is enabled, organize, search, and restore the user's tab archive.
- To keep user preferences and organization settings consistent across devices.
- To provide optional AI organization when the user enables it.
- To maintain security, backups, abuse prevention, and account recovery operations.
Lawful Bases
- Contract: providing the extension's sync, account, export, and deletion features.
- Consent: optional hosted AI processing and optional Google Calendar access.
- Legitimate interests: security, abuse prevention, diagnostics, and backup integrity.
- Legal obligation: responding to privacy, deletion, and compliance requests.
Data Sharing
Corvie uses browser extension storage for free local libraries. For paid cloud features, Corvie uses Firebase and Google Cloud for authentication, syncing, Firestore storage, Cloud Functions, backup storage, and security operations. Corvie uses Stripe for paid subscription checkout, billing management, and subscription status webhooks. Synced library content reaches those services only in encrypted form, except for explicit hosted AI requests as described above. Hosted AI requests may use Google Gemini or FriendliAI depending on the selected model. Optional Google Calendar connections use Google's read-only Calendar APIs. Corvie does not sell user data, transfer user data to data brokers or advertising platforms, or use user data for personalized advertising.
Retention And Backups
Free local-only library data remains in the user's browser extension storage until the user deletes it, clears browser data, removes the extension, or loads another backup. Live account and synced library data are kept until the user deletes their data or account. Firestore point-in-time recovery is retained for 7 days, daily managed backups for 14 days, and weekly managed backups for 14 weeks. Disaster backup bucket snapshots are kept according to the bucket lifecycle and retention policy. When a user deletes data or an account, Corvie records a minimal erasure tombstone so deleted users can be re-deleted if an older backup is ever restored.
User Rights
Depending on location, users may have rights to be informed, access their personal data, correct inaccurate data, export data in a machine-readable format, delete data, restrict or object to processing, withdraw consent, and complain to a supervisory authority. Corvie provides in-app export and deletion controls where available. Requests can also be sent to support@corvie.app.
Remote Code
Corvie does not execute remotely hosted code. Network requests are used for authentication, syncing, storage, and optional AI/data processing.
The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.