Privacy Policy
Last Updated: November 2, 2025
1. Introduction
Welcome to TabNook ("we," "us," or "our"). We are committed to protecting your privacy and ensuring
the security of your personal information. This Privacy Policy explains how we collect, use, store,
and protect your information when you use our web-based dashboard service and Chrome browser extension
(collectively, the "Service").
By using TabNook, you agree to the collection and use of information in accordance with this policy.
If you do not agree with this Privacy Policy, please do not use our Service.
2. Information We Collect
2.1 Account Information
When you create a TabNook account, we collect:
- Personal Information: First name, last name, and email address
- Authentication Information: Encrypted password (never stored in plain text)
- Account Preferences: Settings and customization choices
2.2 Usage Data
We automatically collect certain information about your use of the Service:
- Dashboard Content: Topics, pages, widgets, links, notes, todos, and other content you create
- Activity Logs: Login times, feature usage, and interaction patterns
- Device Information: IP address, browser type, operating system, and device identifiers
- Location Data: General location information (if you provide it for weather features)
2.3 Gmail API Data
If you enable the ToReadLater feature, you grant TabNook limited access to your Gmail account through
the Google Gmail API. We access and use only the following Gmail data:
- Messages: We read email messages labeled as newsletters or matching your filter criteria
- Labels: We read your existing Gmail labels and can create new labels when you use the Newsletter Setup Wizard
- Filters: We create Gmail filters when you use the Newsletter Setup Wizard to automatically organize incoming newsletters
- Message Modification: We can mark messages as read and apply/remove labels
Important: All Gmail data processing happens entirely in your web browser using JavaScript.
We do NOT send your email content to our servers. Your Gmail access token is stored only
in your browser's local storage, not on our servers.
2.4 Google Calendar Data
When you enable the Gmail Calendar widget, you provide your Gmail address to embed your publicly
accessible calendar. We do not access private calendar data through any API.
2.5 Chrome Extension Data
When you install and use the TabNook Chrome Extension, we collect and process additional information
to provide extension functionality:
Authentication Data
- Email Address: Used to authenticate your extension login
- User ID: Stored locally in the extension to maintain your login session
- Login Credentials: Passwords are never stored in the extension; only validated during login
Content Data Collected by Extension Features
- VideoDigest Feature:
- YouTube video URLs and titles from videos you choose to save
- Video transcripts (when available) for AI summarization
- Generated AI summaries stored on our servers
- Add Link Feature:
- Page URLs and titles from webpages you choose to save as bookmarks
- Link text from specific links you save
- Add Note Feature:
- Selected text from webpages you choose to save as notes
- Page titles and URLs where text was selected
- Add ToDo Feature:
- Selected text from webpages you choose to save as todo items
Technical Data
- Browser Information: Chrome version and extension version
- Active Tab Information: Current page URL and title (only when you actively use a feature)
- Extension Usage: Which features you use and when
Extension Privacy Principles:
- The extension only accesses page content when you actively choose to save something
- We do NOT monitor your browsing history or track which pages you visit
- We do NOT access page content unless you explicitly use a save feature (VideoDigest, Add Link, Add Note, or Add ToDo)
- All data transmission is encrypted via HTTPS
- Your extension login state is stored locally on your device only
Permissions Used by Chrome Extension
The TabNook Chrome Extension requests the following permissions:
- contextMenus: Add right-click menu options for quick actions
- activeTab: Access current page title and URL only when you use a feature
- storage: Store your login state locally in the extension
- notifications: Show success or error messages when you save content
- scripting: Extract YouTube video transcripts for AI summarization
- Host Permissions:
- tabnook.com - Communicate with TabNook servers
- youtube.com - Extract video transcripts for VideoDigest feature
- http://*/* and https://*/* - Allow saving content from any webpage you visit
3. How We Use Your Information
We use the collected information to:
- Provide, operate, and maintain the Service (web dashboard and Chrome extension)
- Authenticate and authorize your access to your account
- Display your Gmail newsletters in the ToReadLater feature (processed client-side only)
- Create Gmail filters and labels when you use the Newsletter Setup Wizard
- Process and save content you choose to add via the Chrome extension
- Generate AI summaries of YouTube videos you save through VideoDigest
- Save bookmarks, notes, and todos you create through the extension
- Save your preferences and settings across devices
- Improve and personalize your experience
- Monitor and analyze usage patterns to improve the Service
- Detect, prevent, and address technical issues and security threats
- Respond to your inquiries and support requests
- Send service-related notifications (account changes, feature updates)
4. How We Store and Protect Your Information
4.1 Data Storage
- Account Data: Stored securely in our MySQL database with encrypted passwords
- Gmail Access Tokens: Stored only in your browser's local storage, never on our servers
- Email Content: Never stored on our servers; processed only in your browser
- Extension Login State: Stored locally in Chrome's extension storage on your device
- User Content (links, notes, todos): Stored encrypted on our servers
- YouTube Transcripts: Processed through our AI service and discarded; only summaries are stored
- User Settings: Stored in our database and encrypted when sensitive
4.2 Security Measures
We implement appropriate technical and organizational security measures, including:
- Encrypted password storage using industry-standard hashing algorithms (bcrypt)
- Secure HTTPS connections for all data transmission between extension and servers
- Regular security audits and updates
- Access controls and authentication mechanisms
- Encrypted storage of sensitive user data
- SQL injection and XSS prevention measures
- Server-side validation of all extension requests
5. Gmail API Specific Disclosures
5.1 Limited Use Disclosure
TabNook's use and transfer to any other app of information received from Google APIs will adhere to
Google API Services User Data Policy,
including the Limited Use requirements.
5.2 How We Use Gmail Data
Gmail data accessed through the Gmail API is used exclusively for:
- Displaying your newsletter emails in the ToReadLater reading pane
- Creating filters and labels to organize your newsletters automatically
- Marking messages as read when you view them
- Applying labels to messages during the Newsletter Setup Wizard
5.3 What We DON'T Do With Gmail Data
- We do NOT store your email content on our servers
- We do NOT share your Gmail data with third parties
- We do NOT use your Gmail data for advertising purposes
- We do NOT analyze your emails for any purpose other than displaying them to you
- We do NOT send emails on your behalf without explicit action
5.4 Revoking Access
You can revoke TabNook's access to your Gmail account at any time by:
- Clicking "Sign Out" in the ToReadLater feature
- Visiting Google Account Permissions and removing TabNook
- Disabling the ToReadLater feature in your TabNook settings
6. Data Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:
- With Your Consent: When you explicitly authorize us to share your information
- AI Service Provider: YouTube video transcripts are sent to our AI provider (xAI/Grok) solely for generating video summaries; transcripts are not stored by the AI provider
- For Legal Reasons: When required by law, subpoena, or other legal process
- To Protect Rights: When necessary to protect our rights, property, or safety, or that of our users
- Business Transfers: In connection with a merger, acquisition, or sale of assets (users would be notified)
7. Third-Party Services
TabNook integrates with third-party services, including:
- Google APIs: Gmail API and Google Calendar (embedded iframes)
- xAI/Grok: AI service for video summarization (transcripts only, not stored)
- OpenWeatherMap: For weather data
- Quote APIs: For inspirational quotes
- Stripe: For payment processing (if you subscribe to premium features)
These third-party services have their own privacy policies. We recommend reviewing their policies
to understand how they handle your data.
8. Cookies and Local Storage
We use cookies and browser local storage to:
- Maintain your login session on the web dashboard
- Store your preferences and settings
- Remember your Gmail access token (stored only in local storage, not in cookies)
- Store your Chrome extension login state locally
- Improve your user experience
You can control cookies through your browser settings, but disabling them may affect functionality.
9. Data Retention
- Account Data: Retained for as long as your account is active
- Usage Data: Retained for analytical purposes, typically 12-24 months
- Gmail Access Tokens: Stored only in your browser; cleared when you sign out or clear browser data
- Extension Login State: Stored locally on your device; cleared when you log out
- Email Content: Never stored; accessed only when you're actively using the ToReadLater feature
- Extension-Saved Content: Stored as long as your account is active; deleted when you delete the content or your account
- Video Transcripts: Not stored; discarded immediately after AI summary generation
You may request deletion of your account and associated data at any time by contacting us at
support@tabnook.com.
10. Your Rights and Choices
You have the right to:
- Access and review your personal information
- Correct inaccurate or incomplete information
- Delete your account and associated data
- Export your data
- Revoke Gmail access at any time
- Uninstall the Chrome extension at any time
- Opt-out of non-essential data collection
- Disable specific features (like ToReadLater or the Chrome extension)
- Request information about what data we have collected about you
11. Children's Privacy
TabNook is not intended for use by children under the age of 13. We do not knowingly collect
personal information from children under 13. If we become aware that we have collected information
from a child under 13, we will take steps to delete such information.
12. International Users
TabNook is hosted in the United States. If you are accessing the Service from outside the United States,
please be aware that your information may be transferred to, stored, and processed in the United States.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting
the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review
this Privacy Policy periodically.
14. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:
Email: support@tabnook.com
Website: https://tabnook.com
