Privacy Policy

Service Overview

TabTabTab is a productivity application available as a desktop app, web app, and browser extension that provides AI-powered assistance. Our approach to your data is simple: we don't store or retain any of your personal content or spreadsheet data.

Data Collection and Usage

We collect and process the following data to provide our services:

  • Account Information: Email addresses collected through OAuth for login management and account creation
  • Usage Analytics: Basic usage patterns tracked through PostHog (starting, stopping, completing queries)
  • Copy/Paste Functionality: Selected text and screenshots for our AI-powered copy/paste features
  • Google Sheets Access: Spreadsheet data only when you explicitly request assistance (see Google Sheets section below)
  • Website Content: Web page content fetched only after you grant web-browsing permission and the agent decides that accessing a specific URL helps fulfill your request. This content is processed in-memory for summarization/search and is never stored.

What We Collect

We collect minimal analytics data through PostHog to improve our service:

  • When you start an agentic query
  • When you stop an agentic query
  • When you complete an agentic query
  • Basic usage patterns (no personal data or spreadsheet content)

What We Don't Collect

  • Your spreadsheet data or content
  • Personal information from your sheets
  • File names or sheet names
  • Any data when you're not actively using our extension
  • Background data or passive monitoring

Data Security

We implement industry-standard security measures:

  • All communications with Google Sheets use secure HTTPS connections
  • No data persistence - all processing is ephemeral
  • Minimal data collection focused only on service improvement
  • Regular security audits and updates

Copy/Paste & AI Features

Our original functionality includes AI-powered copy and paste across applications:

  • Screenshots taken during "magic copy" operations when no text is selected
  • Screenshots during paste operations to understand context
  • Selected text processing through AI services
  • All processing happens in real-time with no persistent storage
  • Data is cleared when sessions end

Google Sheets Permissions

Google OAuth Scope: drive.file

Why we need this permission:

  • To provide AI-powered assistance for working with Google Sheets
  • To read spreadsheet data only from files you explicitly open through our application
  • To write to spreadsheets only when you explicitly request changes
  • To create new spreadsheets when you request them through our application

What this restricted permission means:

  • ✅ Only access files you explicitly open with our application
  • ✅ Only access files we create on your behalf
  • ✅ Process data in real-time during active sessions
  • ✅ Never store or cache spreadsheet content on our servers
  • ❌ Cannot see your existing spreadsheets unless you open them with us
  • ❌ Never access files in the background
  • ❌ Never store user spreadsheet data

Email Collection via OAuth

We collect email addresses through Google OAuth for:

  • User authentication and login management
  • Account creation and identification
  • Service communications when necessary
  • We do not share emails with third parties

Your Rights

You have the right to:

  • Request deletion of your data
  • Control permission access
  • Manage email preferences

Contact Us

For any privacy-related questions or concerns, please contact us at:

Email: privacy@tabtabtab.ai

Updates to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the effective date.

Last updated: 7/16/2025

Regulatory Data Categories

In accordance with app marketplace disclosure requirements, we group the limited data we collect into the following official categories:

  • Personally Identifiable Information (PII): Your email address collected through OAuth. We do not collect names, physical addresses or any other PII.
  • Authentication Information: OAuth tokens and credentials issued by the provider so that you can securely log in. These tokens are stored securely and are never shared or sold.
  • User Activity: High-level usage events (e.g. starting, stopping or completing queries) captured by PostHog analytics. We do not log keystrokes, mouse movements, or screen contents outside the copy/paste feature that you explicitly trigger.
  • Website Content: The textual content of web pages fetched through the optional web-browsing permission. This data is processed transiently in-memory and immediately discarded after use.

We do not collect any data in the unchecked categories such as health information, financial information, personal communications, location, or web history. Website content is accessed only when you explicitly permit it and is never stored.

Website Content Permissions

Optional Web-Browsing Permission

Why we might access a website:

  • To retrieve and summarize information that the agent determines is useful for your explicit request (e.g. populating data in Google Sheets).
  • To search or filter page content on your behalf.

How this works in practice:

  • ✅ A tab is opened on your behalf only when you have enabled the permission and the agent deems it necessary.
  • ✅ Page content is processed in real-time via an LLM to create summaries, answer questions, or extract data.
  • ❌ We never store or cache the raw website data.
  • ❌ No background scraping or monitoring of your browsing activity.