Service Overview
TabTabTab is a productivity application available as a desktop app, web app, and browser extension. We provide AI-powered assistance including copy/paste functionality and specialized Google Sheets features.
Data We Collect
- Email Addresses: Collected via OAuth for login management and account creation
- Usage Analytics: Basic interaction tracking via PostHog (query start/stop/completion)
- Copy/Paste Data: Screenshots and text for AI processing (temporary, not stored)
- Google Sheets Data: Only when explicitly requested by users (see section below)
- Website Content: Web page content that is temporarily fetched only after you grant web browsing permission and request the agent to retrieve a specific URL. This data is processed in-memory (summarization/search) and is never stored.
Google Sheets Access Permission
Google OAuth Scope: drive.file
We request the drive.file
permission to provide AI-powered assistance for Google Sheets with a Cursor-like experience. This is a restricted scope that provides maximum privacy protection.
What This Restricted Permission Allows
- Only access files you explicitly open through our application
- Only access files we create on your behalf
- This restricted permission ensures we cannot see your existing spreadsheets unless you specifically choose to open them with us
- Maximum Privacy: We have no access to your Google Drive files unless you explicitly grant it per file
How We Actually Use It
- ✅ Read spreadsheet data only from files you've opened with our application
- ✅ Write to spreadsheets only when you explicitly request changes
- ✅ Create new spreadsheets when you request them
- ✅ Process data in real-time during active user sessions
- ❌ Cannot see your existing spreadsheets unless you open them with us
- ❌ Never store or cache spreadsheet content
- ❌ Never background access or monitoring
Copy/Paste & AI Features
Our original core functionality includes AI-powered copy and paste across applications:
- Screenshots during "magic copy" when no text is selected
- Screenshots during paste operations for context understanding
- Selected text processing through AI services
- All processing is real-time with no persistent storage
- Session data is cleared when operations complete
How We Handle Your Google Sheets Data
What We Do
- Only access your sheets when you ask us to within our extension
- Read data only when you request analysis or assistance
- Write data only when you explicitly request changes
- Process data in real-time during your active session
- Use secure HTTPS connections for all Google Sheets API calls
- Collect minimal analytics via PostHog for service improvement
What We Don't Do
- Store or cache any of your spreadsheet data
- Access your sheets in the background
- Read your sheets without your explicit request
- Share your data with third parties
- Keep any persistent copies of your data
- Monitor your Google account activity
- Access other Google services beyond Sheets
Data Processing
How We Process Your Spreadsheet Data
- Real-time Only: All processing happens during your active session
- No Storage: We never store your spreadsheet content on our servers
- User-Initiated: We only process data when you specifically request assistance
- Ephemeral: Any temporary data processing is immediately discarded
Analytics Collection
We collect minimal usage analytics through PostHog to improve our service:
- Starting agentic queries: When you begin using our AI assistant
- Stopping agentic queries: When you stop or cancel assistance
- Completing agentic queries: When our AI assistant finishes a task
- No Content Data: We never collect the actual content of your spreadsheets
Security Measures
- All communications use secure HTTPS encryption
- No persistent data storage of your spreadsheet content
- OAuth authentication through Google's secure system
- Regular security updates and monitoring
- Minimal data collection focused only on service improvement
Your Control Over Your Data
- Request deletion of your data
- Control permission access
- Manage email preferences
Regulatory Data Categories
To comply with app marketplace disclosure requirements, the limited data we collect maps to the following official categories:
- Personally Identifiable Information (PII): Your email address used for authentication and account management.
- Authentication Information: OAuth tokens and other credentials stored securely to keep your account safe.
- User Activity: High-level interaction events (query lifecycle events) captured for analytics via PostHog. We do not conduct continuous keystroke or mouse-movement logging.
- Website Content: The textual content of web pages fetched via the optional browsing permission. This content is processed transiently in-memory and discarded immediately after use.
No other categories (health, financial, personal communications, location, web history, etc.) are collected by TabTabTab. Website content is only accessed transiently as described above and is never persisted.
Questions About Data Usage?
We're committed to transparency. If you have any questions about how we handle your data, please contact us at:
Email: privacy@tabtabtab.ai
Last updated: 7/14/2025