Sumi

Privacy Policy

Last updated: April 13, 2026

Overview

Sumi is a focus tool that blocks distracting websites and hides algorithmic feeds on YouTube, Reddit, and Twitter/X during focus sessions. The Chrome extension works as a companion to the Sumi desktop app. Your privacy is important to us, and Sumi is designed to work with minimal data.

Data We Store Locally

All extension data is stored locally on your device using Chrome's built-in storage API. This includes authentication tokens, session state (active session, remaining time, blocked domains), and your plan limits. This data never leaves your browser except as described below.

Data We Collect

Sumi does not track your browsing history, watch history, or any activity on the websites you visit. We do not sell any personal data.

When you sign in, the extension communicates with our servers to sync your active focus session (start time, end time, mode, and configured domain lists) and your plan limits. Session data is stored in our database to enable syncing between your desktop app and browser extension.

If you use Intent Mode and write a reason for visiting a blocked site, that text stays on your device and is never sent to our servers.

Account Data

When you create a Sumi account, we store your email address and subscription status via Supabase (our authentication and database provider). Authentication uses email and password with a one-time verification code sent to your email on sign-up. Payment processing is handled by Stripe. We do not store your payment details.

Permissions

The extension requests only the permissions necessary for its functionality:

  • storage — saves authentication tokens and session state locally
  • alarms — syncs session state with the desktop app every 30 seconds
  • scripting — injects content scripts to hide algorithmic feeds on supported sites
  • tabs — finds open tabs on supported sites to apply blocking when a session starts
  • webNavigation — intercepts navigation to blocked websites in Intent Mode
  • host permission (all URLs, optional) — requested after sign-in to enable site blocking and feed hiding across all websites. Only granted with your explicit consent.

Third-Party Services

Sumi uses the following third-party services:

  • Supabase — authentication and real-time session syncing
  • Stripe — payment processing for Pro subscriptions

No data is shared with advertising networks, analytics providers, or any other third parties.

Changes

We may update this policy from time to time. Any changes will be reflected on this page with an updated date.

Contact

If you have questions about this policy, reach out via our feedback page.