Privacy Policy

Last Updated: 30 May 2026

This Privacy Policy explains how TapHTML (that's us) collects, uses and protects information when you use our website, dashboard, browser extensions, and live chat widget.

We believe in privacy by default. We do not sell your data and we do not display advertisements.

1. Information We Collect

A. From Dashboard & Browser Extensions

• Account Information: Your name, email address and password.
• Passkey Data: If you enable Passkey authentication, we store the public key and credential ID generated by your device. We do not collect or store biometric data or private keys.
• Widget Configuration: Settings related to your customized chat widget.
• Widget Assets: Media files uploaded directly from your device to customize your chat widget.
• Gmail Integration: If you connect your Gmail account, we store your email address and OAuth tokens. These tokens are used strictly to grant permission to send emails on your behalf.
• Web Push Tokens: If you enable Web Push, we store a unique, anonymized device token generated by your browser to route notifications to you.
• Notification Credentials: If enabled via the dashboard, we store your Slack OAuth access tokens, Discord Webhook URLs, and Telegram Chat IDs.
• Extension Scope: Our browser extensions are designed for managing your chats and messages. They do not track browsing history or read data from other websites.

B. From Widget

• Communication Data: The contents of the chat messages sent between the visitor and the website owner.
• Visitor Metrics: Basic technical information necessary to route messages and provide conversation history.

C. Technical Data

When you access our service, our infrastructure provider (Cloudflare) may temporarily process basic technical information to protect against attacks and ensure network security.

2. How We Use the Information

• To display various metrics on your dashboard.
• To authenticate your dashboard and extension access via secure tokens or Passkeys.
• To transmit and store chat histories so you can communicate with your visitors.
• To send email replies to your visitors via your connected Gmail account.
• To send real-time notification alerts regarding new visitor messages via your chosen channels (Web Push, Slack, Discord, or Telegram).
• To maintain service security and prevent malicious activity via Cloudflare.

We absolutely do not:

• Use your data for targeted advertising.
• Sell any user or visitor data to third parties.
• Enable optional third-party tracking or "analytical" cookies from Cloudflare.
• Track user or visitor activity across our dashboard, browser extensions, or embedded widgets.
• Read your inbox. When you connect Gmail, we strictly use send permission and never access, read, or monitor your existing emails.
• Send any form of marketing, advertisements, or unsolicited spam through any available channel (including Email, Slack, Discord, Telegram, or Web Push).

3. Third-Party Services

• IONOS: Our primary VPS and database hosting provider in Berlin, Germany. They host our core infrastructure, data, and any user-uploaded assets locally. They act as a data processor and do not have independent access to your data.
• Cloudflare: Used for CDN and security. All optional tracking is disabled; they only process technical data required for service delivery and protection.
• GitHub: Our source code and website deployments are hosted transparently via GitHub at https://github.com/prodsaas/taphtml.
• Google & Gmail API: We use Google OAuth for secure login. When you connect your Gmail, we store your OAuth tokens in our database for sending email to your visitors. We do not share, transfer, or disclose any data obtained via Google APIs to any third-party platforms.
• Notifications (Slack, Discord, Telegram): Data is only transmitted to these platforms if you explicitly enable and configure these integrations.
• Browser Extensions: We distribute our extensions via the Chrome Web Store and Firefox Add-ons. These platforms may collect anonymized installation telemetry as governed by their respective privacy policies.

4. Google API Services User Data Policy

TapHTML's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not share or transfer Google user data (such as your Gmail OAuth tokens or email address) to third parties, except for the technical service provider (IONOS) that host our infrastructure and act as processors on our behalf. We never use Google user data for serving advertisements, retargeting, or any other marketing purposes.

5. Data Retention and Security

We retain account data and conversation history only for as long as necessary to provide the service. Because TapHTML processes end-user chat data on behalf of the website owner, the website owner is responsible for managing the deletion of their specific chat logs. We implement industry-standard security measures, including secure database configurations, to protect your data from unauthorized access.

6. Your Data Rights (GDPR, CCPA and Global Compliance)

Regulations regarding the collection and use of personal data vary by country and region, including but not limited to GDPR in the EU, CCPA in the USA, and similar laws worldwide. To exercise your rights to access, correct, export, or delete your data, please contact us via GitHub at https://github.com/prodsaas/taphtml or email us at [email protected]. If you are an end-user who chatted on a website utilizing our widget, please contact the owner of that website directly.