Umbra

Browse in the umbra.

Privacy Policy

Last updated: April 1, 2026

The short version: Umbra is built to protect your privacy. We don't collect your browsing data, we don't track you, and we don't sell anything to advertisers. Your data stays on your device.

1. What We Don't Collect

Umbra does not collect, store, or transmit:

Your browsing history (it doesn't exist — tabs are ephemeral)
URLs you visit
Search queries
Cookies or site data (destroyed when tabs close)
Your IP address
Device fingerprints
Location data
Personal information of any kind

2. What Stays on Your Device

The following data is stored locally on your device only and is never transmitted to our servers:

Bookmarks — encrypted with AES-256-GCM using a key stored in your device's Keychain
Settings — search engine preference, privacy toggles, DNS provider
Whitelisted sites — domains where you've chosen to disable content blocking
Content blocker cache — downloaded blocklist rules cached for performance

3. What Our Servers Handle

Our server at umbra.norsehor.se provides:

Blocklist updates — compiled content blocking rules derived from EasyList and EasyPrivacy. When your app checks for updates, we see a standard HTTPS request but do not log your IP address or associate requests with any user identity.

If you create an Umbra account (optional, for syncing whitelists across devices), we store only your email address and encrypted whitelist data. We do not correlate this with browsing activity because no browsing activity is ever transmitted to us.

4. Third-Party Services

Search engines: When you search, your query is sent directly to your chosen search engine (DuckDuckGo, Startpage, or Brave Search). Umbra does not proxy, intercept, or log these queries.

Apple: If you purchase Umbra Pro via the App Store, Apple processes the transaction. We receive a receipt confirming your subscription status but no payment details.

DNS providers: Umbra uses encrypted DNS-over-HTTPS. Your DNS queries go to your chosen provider (Cloudflare, Google, or Quad9) — not to us.

5. Content Blocking

Umbra blocks ads, trackers, and fingerprinting scripts using WebKit Content Blocker rules. This blocking happens entirely on your device — blocked requests never leave your device, and we never see what was blocked.

6. Anti-Fingerprinting

Umbra injects scripts to reduce your browser fingerprint by normalizing canvas, WebGL, AudioContext, and navigator properties. This processing happens locally on your device.

7. Children's Privacy

Umbra does not knowingly collect information from children under 13. The app does not contain age-gated content or features directed at children.

8. Changes to This Policy

If we change this policy, we'll update the date at the top and notify users through an app update. The core commitment — we don't collect your browsing data — will not change.

9. Contact

Questions about this policy? Email privacy@norsehor.se.