Privacy Policy
# TakoTabs Privacy Policy
_Last updated: **September 1, 2025** · Version: **v1.2**_
**TakoTabs** is a consumer iOS app with a Safari Web Extension that helps you capture your current Safari tabs and organize them into named collections—then restore, open, or export them later. We also operate a public website/landing pages and a lightweight backend server, hosted on **Vercel** (including its global Edge network) using **Upstash Redis** for operational support. This policy explains what we (the publisher, "we") do and do not do with your data.
---
## Quick Summary
- **We collect only what's necessary**:
- **Safari captures (on your command):** tab title, URL, (optional) favicon URL, timestamp
- **App analytics (PostHog, app only):** session and feature usage events—no page content. You can opt out in-app at Settings > Privacy > Analytics
- **Purchases/entitlements (RevenueCat + App Store):** offering status, identifiers, purchase/restore events—no payment card details
- **AI grouping (OpenAI):** only titles + URLs (with dedupe/tagging), returns grouping labels
- **Website/backend technical logs (Vercel + Upstash):** IP, request metadata, error diagnostics—for delivery, reliability, and abuse protection
- **Data storage**:
- App data lives on your device (app sandbox & App Group container). Queued captures remain device-local
- Website/backend data is processed via Vercel/Upstash for security and infrastructure only
- **What we do not collect**:
- No page content, form entries, passwords, or continuous browsing history
- No ad tech SDKs and we do not sell or share your personal data for cross-context behavioral advertising
- **Your controls**:
- Delete your app data by emailing us or through the app's Settings
- You can opt out of analytics in-app at Settings > Privacy > Analytics
- **Compliance**:
- Data sent to processors is minimal, over TLS, bound by DPAs/SCCs where applicable
- Vercel is SOC 2 Type 2, ISO 27001:2022, and GDPR-supportive
- Links to all processor privacy policies and DPAs are in Section 14
---
## 1. Scope
This Privacy Policy applies to:
- The **TakoTabs iOS app**
- The **Safari Web Extension**
- Our **website/landing pages**
- The **backend server** hosted via **Vercel**, using **Upstash Redis**
Collectively, these make up our "Service."
**This policy does not cover:** Third-party services you may access through exported URLs or Apple's handling of App Store transactions.
---
## 2. Definitions
- **Personal Data**: Any information relating to an identified or identifiable individual (e.g., URL with identifiers, IP address)
- **Processing**: Collecting, storing, using, or deleting Personal Data
- **Controller**: 17244720 Canada Inc., headquartered in Ottawa, ON
- **Processor**: Services like PostHog, RevenueCat, OpenAI, Vercel, Upstash
- **App Group**: Apple's shared storage container for the app/extension
- **Service**: As defined above
- **Special Categories Data**: Sensitive personal data under GDPR (health, religion, etc.) which we do not intentionally collect
---
## 3. What We Collect
### A. Safari Captures (user-initiated)
- **Data**: title, URL, optional favicon URL, timestamp
- **Source**: triggered by you via Safari Web Extension
- **Note**: URLs may contain personal identifiers. We do not parse or extract these, but they are stored locally on your device
### B. App Analytics (PostHog; app only)
- **Data**: app/session and feature usage events (e.g., feature clicked, screen viewed, session duration)
- **No** semantic content from your browsing
- **Identifiers**: Anonymous device ID (not linked to your identity)
- **Opt-out**: You can disable analytics collection in-app at Settings > Privacy > Analytics
### C. Purchases & Entitlements
- **Data**: entitlement status, offering IDs, purchase/restore events, anonymous customer ID
- **No** payment details are stored by us
### D. AI Grouping (OpenAI)
- **Sent**: titles + URLs (+ dedupe/canonicalization). URLs are minimized to remove unnecessary parameters where possible
- **Returned**: grouping output. No page content
- **Processing location**: United States (OpenAI API). Limited data residency options may be available for eligible customers
- **Training/retention**: Per OpenAI's policies, content submitted via the API is **not used to train** OpenAI models by default. OpenAI may retain API inputs/outputs for **up to 30 days** to monitor for abuse/misuse; a **zero-retention** option is available for eligible customers. We do not opt in to model training, and we have not enabled zero-retention at this time. See OpenAI's [API Data Usage Policy](https://openai.com/policies/api-data-usage-policies) and [How your data is used](https://openai.com/policies/how-your-data-is-used-to-improve-model-performance).
### E. Hosting & Backend Logs (Vercel + Upstash Redis)
- **Vercel**:
- IP address, request metadata (timestamp, paths, headers), error diagnostics
- Used purely for service delivery, security, performance
- Retention: up to 1 day on the Hobby plan (Observability Basic); up to 30 days with Observability Plus
- **Upstash Redis**:
- Used only for device authentication, anti-replay protection, rate-limiting—not storing user tab or AI data
- Data expires automatically after application-configured TTLs (we set ≤ 24 hours for these keys)
- Audit logs retention: 7 days on the Free plan
### F. What We Do Not Collect
- No page bodies, form input, passwords, or ongoing browsing history
- No ad tech, no direct identifiers like name or email unless you contact us
- No Special Categories Data (we do not intentionally collect health, political, religious, or other sensitive data)
---
## 4. Why We Collect It
- **App functionality**: capture, group, restore/export tabs; integrate with Shortcuts
- **Analytics**: monitor general usage to improve features (app only) and detect/prevent abuse
- **Purchases**: enable Pro features and manage subscriptions
- **AI grouping**: provide optional grouping helpers
- **Website reliability**: ensure uptime, security, and performance via Vercel and Redis
- **Legal compliance**: fulfill legal obligations and protect our rights
---
## 5. How We Process Data
- **App**: stores data on-device; analytics and AI grouping via TLS to respective processors
- **Website/backend**: handles requests via Vercel's Edge network; Redis is used transiently for auth/rate-limiting; all communication over TLS
- **No persistent user tab data** is stored on servers
- **Data minimization**: We only process the minimum data necessary for each purpose
- **Encryption**: All external transmissions use TLS 1.2 or higher
- **Cookies/Tracking**: Our Sites may use strictly necessary cookies and basic analytics (e.g., cookieless or first-party). We do not use cross-site advertising cookies. See Section 7 for California disclosures and the Sites' cookie banner (where applicable) for choices.
---
## 6. Legal Bases (GDPR/UK GDPR)
| Activity | Data | Legal Basis | Legitimate Interest Assessment |
|----------|------|-------------|--------------------------------|
| App core functionality | Titles, URLs, etc. | Contract performance (Art. 6(1)(b)) | N/A |
| AI grouping | Titles, URLs | Contract performance (Art. 6(1)(b)) | N/A |
| App analytics (PostHog) | Usage events | Consent (Art. 6(1)(a)) OR Legitimate interests with opt-out | Improving app, detecting issues, preventing abuse; balanced against minimal privacy impact of anonymous analytics |
| Purchases & entitlements | Purchase metadata | Contract performance / Legal obligation (financial records) | N/A |
| Website logs (Vercel/Redis) | IP, metadata | Legitimate interests (security, performance) | Ensuring service availability and preventing abuse; temporary retention minimizes impact |
**Right to Object**: Where we rely on legitimate interests, you have the right to object. See Section 12 for how to exercise this right.
---
## 7. CCPA/CPRA Disclosures (California)
We **do not sell** your personal information or share it for cross-context behavioral advertising.
| Category | Example Data | Collected | Purpose | Retention | Sold/Shared? | Service Providers |
|----------|--------------|-----------|---------|-----------|--------------|-------------------|
| Identifiers | IP Address, URL metadata, tab titles/URLs | Yes | Service, analytics, security | App: until deleted; Logs: up to 1 day (Vercel Hobby) | No | Vercel, Upstash, PostHog, RevenueCat |
| Commercial Information | Purchase metadata | Yes | Entitlements, support | 7 years (accounting) | No | RevenueCat, Apple |
| Analytics / Infra Logs | App and backend usage events | Yes | Performance monitoring | 90 days (PostHog); up to 1 day (Vercel Hobby) | No | PostHog, Vercel, Upstash |
| Inferences | Group labels | Yes | Feature enhancement | On-device until deletion | No | OpenAI |
| Sensitive Data | N/A | No | — | — | — | — |
**Your California Privacy Rights**: You have the right to know, delete, correct, and opt-out of sale/sharing. You may also designate an authorized agent. We will not discriminate against you for exercising these rights.
**Opt-out Signals (GPC)**: Where applicable to our Sites, we honor Global Privacy Control (GPC) signals as a request to opt out of sale/sharing.
---
## 8. Children's Data
Our Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child submitted data, contact us immediately to delete it.
---
## 9. Retention
- **App collections**: until you delete or uninstall
- **Trash**: automatically deleted after 7 days
- **Queued captures**: offline until imported or manually deleted
- **Entitlements/purchases**: retained for 7 years per accounting requirements
- **Analytics logs**: 90 days (PostHog default)
- **Runtime logs (Vercel)**: up to 1 day on the Hobby plan (Observability Basic); up to 30 days with Observability Plus
- **Redis data (Upstash)**: expires per key TTL (we set ≤ 24 hours for auth/rate-limit keys); audit logs retained approximately 7 days on Free plan, up to 30 days on pay-as-you-go, and up to 1 year on certain Pro plans
---
## 10. Security
- On-device data stored in app sandbox and Apple App Group with iOS encryption
- TLS 1.2+ required for all external communications
- Vercel has high security standards (SOC 2, ISO 27001)
- Upstash Redis used minimally for short-lived security purposes; no user content stored
- **Access controls**: Only authorized personnel can access production systems
- **Incident response**: We maintain procedures to detect and respond to data breaches
---
## 11. International Transfers
Processors may operate globally. We ensure appropriate safeguards:
- **PostHog**: EU-US Data Privacy Framework participant + Standard Contractual Clauses
- **RevenueCat**: Standard Contractual Clauses
- **Vercel**: Standard Contractual Clauses
- **Upstash**: Standard Contractual Clauses
- **OpenAI**: Standard Contractual Clauses
- **Apple (App Store)**: Apple's own controller obligations apply
We may rely on adequacy decisions, Standard Contractual Clauses, and additional safeguards for international data transfers as required by law.
---
## 12. Your Rights
**Under GDPR/UK GDPR (if applicable):**
- **Access**: Request a copy of your personal data
- **Rectification**: Correct inaccurate data
- **Erasure**: Delete your data (subject to legal exceptions)
- **Restriction**: Limit processing in certain circumstances
- **Portability**: Receive your data in a structured format
- **Object**: Oppose processing based on legitimate interests
- **Withdraw consent**: For consent-based processing (e.g., analytics if consent-based)
- **Lodge a complaint**: With your supervisory authority
**Under CCPA/CPRA (California residents):**
- **Know**: What personal information we collect, use, and disclose
- **Delete**: Request deletion of your personal information
- **Correct**: Fix inaccurate personal information
- **Opt-out**: Of sale/sharing (though we don't sell/share)
- **Non-discrimination**: Equal service regardless of privacy choices
---
## 13. Exercising Your Rights
- **Email**: info@takotabs.com (response within 30 days)
- **In-app**: Settings > Privacy > Analytics (toggle off)
- **Postal**: 17244720 Canada Inc., Ottawa, ON, Canada
- We may request verification of your identity before compliance
- **Authorized agents**: Must provide written authorization from you
We will respond to verifiable requests within 30 days, subject to permitted extensions.
---
## 14. Third-Party Processors
- **RevenueCat**: purchase metadata processor. [Privacy Policy](https://www.revenuecat.com/privacy) [DPA](https://www.revenuecat.com/dpa)
- **PostHog**: app analytics. [Privacy Policy](https://posthog.com/privacy) [DPA](https://posthog.com/legal/dpa)
- **OpenAI**: AI grouping. [Privacy Policy](https://openai.com/policies/privacy-policy) [API Data Usage](https://openai.com/policies/api-data-usage-policies)
- **Vercel**: hosting, delivery, logs. [Privacy Policy](https://vercel.com/legal/privacy-policy) [DPA](https://vercel.com/legal/dpa)
- **Upstash Redis**: operational auth/rate-limiting. [Privacy Policy](https://upstash.com/privacy) [Terms/DPA](https://upstash.com/terms)
All communicate over TLS, bound by contracts and security frameworks.
Apple App Store: separate controller. [Apple Privacy Policy](https://www.apple.com/legal/privacy/en-ww/)
---
## 15. Policy Updates
We'll update the "Last updated" date and notify via the app or website for material changes. Continued use after changes constitutes acceptance.
---
## 16. Contact
- **Controller**: 17244720 Canada Inc., Ottawa, ON, Canada
- **Email**: info@takotabs.com
- **Data Protection Inquiries**: privacy@takotabs.com
- **EU/UK Representative**: We do not currently appoint an EU/UK representative because we do not target or monitor individuals in the EU/UK at scale. If that changes, we will update this policy and appoint a representative as required by law.
---
## 17. Cookies Notice (Sites)
We may display a cookie banner on our Sites where legally required. You can manage non-essential cookies (if any) there. Essential cookies are required for site operation and cannot be disabled.
---
## Change Log
- **v1.2 (September 1, 2025)**: Enhanced GDPR/CPRA compliance; added analytics opt-out; clarified retention periods; added detailed processor safeguards; added GPC and cookies notes; clarified OpenAI training opt-out; clarified EU/UK representative status
- **v1.1**: Added website/backend scope with Vercel & Upstash, updated legal disclosures
- **v1.0**: Initial app + Safari extension-focused policy
---
**Final Note:** We do not collect user accounts or personal identifiers unless you voluntarily engage and send us your info.