SORTY PRIVACY POLICY

Last updated: July 11, 2026

INTRODUCTION

AETRYX LTD (“we”, “us”, “our”), a company registered in Scotland, United Kingdom, operates Sorty — an AI-powered browser extension and web dashboard for tab management, task tracking, and focus (“Sorty”, the “Service”). We take your privacy seriously.

This policy explains how we collect, use, and protect your personal data when you use the Sorty Chrome extension, the sorty.dev dashboard, and our website.

As the data controller, AETRYX LTD is responsible for your personal data under UK GDPR and the Data Protection Act 2018.

[CONFIRM BEFORE PUBLISHING: registered company number and registered office address of AETRYX LTD — required on a compliant UK privacy policy.]

WHAT IS PERSONAL DATA?

Personal data is any information relating to an identified or identifiable individual.

WHAT DATA DO WE COLLECT?

We collect the following categories of data:

  • Account data: your name, email address, and authentication data, via Supabase Auth (including Google sign-in if you choose that option).

  • Payment data: if you subscribe to Sorty Pro, Stripe processes your payment details directly. We do not store your full card number on our servers — we retain only subscription status, plan tier, and billing history metadata provided to us by Stripe.

  • Browser and tab data: with your permission, Sorty reads open tab titles, URLs, and page content to power tab sorting, AI chat, page summaries, and Tab Memory. This is processed to deliver the feature you triggered and, where you use AI features, is sent to our AI provider (see “AI processing” below).

  • Content you create: tasks, notes, web clips, and project data you create inside Sorty are stored so the product can function and sync across your devices.

  • Files you upload: documents, images, or other files you add to Sorty are stored via Supabase Storage.

  • Usage and diagnostic data: feature usage, session length, and error logs, used to keep the Service reliable and to enforce plan usage limits (e.g. daily AI message limits).

  • Integrations you connect: if you connect Spotify or other third-party integrations, we store the minimum tokens/data required to operate that integration, per that provider’s own terms.

We do not intentionally collect sensitive personal data (e.g. health, religious belief, biometric data) or data relating to children. Sorty is not directed at, and should not be used by, anyone under the age of 16.

HOW DO WE COLLECT YOUR DATA?

We collect data when you: create an account; install and use the Sorty extension; interact with the sorty.dev dashboard; contact us; or subscribe to a paid plan.

We may also receive data about you from third parties: if you sign in with Google, we receive your basic profile information (name, email address, avatar) from Google in accordance with your Google account permissions.

HOW AND WHY DO WE USE YOUR DATA?

We only use your data where we have a lawful basis to do so:

  • To provide the Service — organising tabs, storing tasks/notes, running the AI chat, and syncing your data across devices. Legal basis: performance of our contract with you (our Terms of Use).

  • To operate your subscription and process payments via Stripe. Legal basis: performance of a contract, and our legitimate interest in receiving payment for services rendered.

  • To keep the Service secure and working properly, including enforcing Free/Pro plan usage limits and detecting abuse. Legal basis: our legitimate interests, balanced against your rights.

  • To respond to support requests and communicate essential service updates (e.g. changes to this policy, planned downtime). Legal basis: legitimate interests / performance of contract.

  • To send you optional product updates or marketing, only if you have opted in. Legal basis: consent, which you may withdraw at any time.

AI PROCESSING

Certain Sorty features (AI chat, tab sorting, page summaries, focus mode suggestions) send relevant content — such as tab titles, page text, or your chat messages — to our AI provider, Anthropic (Claude API), in order to generate a response or complete the action you requested. We do not send this content for any purpose other than fulfilling your request. Anthropic’s processing of this data is governed by our agreement with Anthropic and their own data-handling commitments for API customers.

[CONFIRM BEFORE PUBLISHING: exact retention period Anthropic applies to API inputs under your commercial agreement, and whether prompt content is used for model training — state the true answer here rather than this placeholder.]

DO WE SHARE YOUR PERSONAL DATA?

We share personal data only with service providers who need it to operate Sorty on our behalf, including:

  • Supabase (database, authentication, and file storage)

  • Railway (application server hosting)

  • Anthropic (AI processing for chat and AI-powered features)

  • Stripe (payment processing)

  • Resend (transactional email, e.g. account and billing notifications)

We require these providers to protect your data and to use it only on our instructions. We do not sell your personal data. We will share data with legal or regulatory bodies if required by law.

INTERNATIONAL TRANSFERS

Some of our service providers are based outside the UK, including in the United States. Where we transfer personal data outside the UK, we rely on the UK’s International Data Transfer Addendum, Standard Contractual Clauses, or a provider’s equivalent data protection safeguards, as applicable to each provider’s terms.

[CONFIRM BEFORE PUBLISHING: verify the current data protection addendum/SCC status directly with Supabase, Anthropic, Railway, Stripe, and Resend, and update this section to name the actual mechanism relied upon for each. Do not publish “we do not transfer data outside the UK” — that would be inaccurate given this stack.]

BROWSER PERMISSIONS

The Sorty Chrome extension requests the following permissions, used only as described:

  • tabs / activeTab — to read tab titles and URLs for sorting, grouping, and Tab Memory.

  • storage — to save your preferences and cached data locally (chrome.storage.local) for performance and offline resilience.

  • scripting / content script access — to read page content when you trigger a summary, clip, or AI action on that page.

We do not read or process page content in the background without a triggered feature, and we do not sell browsing data to advertisers.

CHROME WEB STORE DISCLOSURES

In line with the Chrome Web Store User Data Policy:

  • We do not sell user data to third parties.

  • We do not use or transfer user data for purposes unrelated to Sorty’s single purpose (tab, task, and focus management).

  • We do not use or transfer user data to determine creditworthiness or for lending purposes.

  • We do not use browsing data for advertising.

AUTOMATED DECISION-MAKING

We do not use your personal data to make solely automated decisions that have legal or similarly significant effects on you. AI features in Sorty produce suggestions and content at your request; they do not make binding decisions about you.

THIRD-PARTY LINKS

The Service may include links to third-party websites or content. We have no control over these and recommend reviewing their own privacy policies before providing any data to them.

IS YOUR DATA SECURE?

We take data security seriously. Measures in place include Row Level Security policies on our database (so users can only access their own data), encrypted connections (HTTPS/TLS), and restricted employee access on a need-to-know basis. See our internal Security Practices document for further detail.

HOW LONG DO WE KEEP YOUR DATA?

  • Account, task, note, and project data: retained for as long as you maintain a Sorty account, or until you delete it.

  • Tab Memory history: retained per your plan’s Tab Memory window (currently 7 days on Free; see current plan details on sorty.dev).

  • Chat history sent to AI features: retained only as long as needed to provide the feature and maintain your chat history within the product, unless you delete a conversation.

  • Billing records: retained for 6 years after your relationship with us ends, to meet UK tax and accounting obligations.

You can delete your account and associated data at any time from Settings → Account → Delete Account.

YOUR LEGAL RIGHTS

Under UK GDPR, you have the right to:

  • Request a copy of the personal data we hold about you.

  • Ask us to correct inaccurate personal data.

  • Ask us to delete your personal data in certain circumstances.

  • Request that we restrict processing of your personal data.

  • Request that we transfer your personal data to you or a third party.

  • Withdraw consent where consent is our legal basis for processing.

  • Object to processing for direct marketing purposes.

  • Object to processing based on our legitimate interests.

More information on these rights is available on the Information Commissioner’s Office website: https://ico.org.uk/

HOW TO EXERCISE YOUR RIGHTS

To exercise any of these rights, contact us at privacy@sorty.dev. There is no fee to exercise your rights, though we may need to verify your identity first. We aim to respond within one month; complex requests may take longer, and we will tell you if that is the case.

CHANGES TO THIS POLICY

We review and update this policy periodically. Please check this page whenever you use Sorty, particularly before major feature releases.

CONTACT US

Questions about this policy or your data rights: privacy@sorty.dev

COMPLAINTS

We would appreciate the chance to resolve any concerns directly first — contact us at privacy@sorty.dev. You also have the right to complain to the Information Commissioner’s Office at any time: https://ico.org.uk/make-a-complaint/

Related documents

© All right reserved

Create a free website with Framer, the website builder loved by startups, designers and agencies.