Privacy Policy

These are saved locally in your browser and never leave your device except as described in Section 2:

• Your AI API key (OpenAI, Anthropic, or Google) and your selected provider/model.
• Your preferences — tone, length, persona, signature, and any custom instructions.
• A random anonymous installation ID (a UUID generated on your device) used to count distinct users in analytics. It is not linked to your identity, email, or AI account.

When you click “generate,” Tappy sends a request to Tappy’s backend service, which relays it to the AI provider you selected. The request contains:

• The message context you are replying to (the email thread or LinkedIn post/message text visible on the page) and your generation options.
• Your API key, which is passed through to your chosen AI provider to authorize the request.

This data is used solely to generate your reply draft and is streamed back to you. Tappy’s backend does not store the message content or your API key — they are held only in memory for the duration of the request.

Third parties involved:

• Your chosen AI provider (OpenAI / Anthropic / Google) receives the message context and your API key to generate the reply. This is governed by that provider’s own privacy policy.
• Tappy’s backend (hosted on Railway) relays your request in transit only; it is not persisted.
• PostHog (EU region) receives anonymous usage events only (see Section 3).

Tappy uses PostHog (hosted in the EU) to understand how the extension is used so we can improve it. Analytics events contain no message content and no API keys. Each event includes only:

• The anonymous installation ID described in Section 1.
• Non-content metadata such as: which surface was used (email vs. LinkedIn), the selected tone/length/intent, which AI provider and model, generation duration, success or failure, error type, and approximate output length.
• Coarse technical information (such as approximate region derived from IP) that PostHog collects automatically. We do not store your raw IP address in our own systems.

• We do not sell or rent your data to anyone.
• We do not use your data for advertising.
• We do not store your emails, messages, drafts, or API keys on our servers.
• We do not require you to create an account or share personal contact details.
• We do not use your data for creditworthiness or lending purposes.
• We do not transfer your data to third parties except as required to provide the core feature (Section 2).

• storage — to save your API key and preferences on your device.
• activeTab / scripting — to add the “generate reply” button and insert drafts into the page you are actively using.
• Host access to Gmail, Outlook, Zoho Mail, LinkedIn — to run on those sites so Tappy can read the message you’re replying to and place the generated draft.

Data stored on your device (Section 1) remains until you remove it or uninstall the extension. Message content and API keys are not retained by Tappy after a request completes. Anonymous analytics events are retained by PostHog per their standard retention settings.

• You can view, change, or delete your stored API key and preferences at any time from the extension’s popup.
• Uninstalling the extension removes all locally stored data.
• You can stop all data transmission by not using the generate feature.

Tappy is not directed to children under 13 and does not knowingly collect data from them.

We may update this policy as the extension evolves. Material changes will be reflected by updating the “Last updated” date above.

Questions about this policy or your data? Contact deepanjan@inxtinct.co.