NewTabChat | Privacy Policy

Simple, clear details about what we collect and why.

Scope of This Policy

This Privacy Policy applies only to NewTabChat and not to third-party AI services accessed through deep links.

No Prompt Tracking

We believe your conversations are private. NewTabChat does not track, store, or log the text of your prompts. Your inputs are processed in real-time only to provide the service and are never saved on our application servers or sold to third parties.

What We Do Not Collect or Store

• Chat prompts, conversation text, or any content you type
• Precise location information
• Personal data or tracking mechanisms used for advertising, profiling, or sale to third parties

Analytics and Data Collection

To maintain and improve our site, we may use Cloudflare Web Analytics, a privacy-first analytics tool.

• What we collect: aggregate, non-personally identifiable technical information such as browser type, approximate/general region, and other non-identifying metrics. We do not access or store full IP addresses for analytics purposes.
• Exception: We have configured Cloudflare Web Analytics to exclude data from visitors in the EU to support GDPR compliance. Metrics from these regions are not collected or processed for analytics purposes.

Use of Information

Data collected via Cloudflare is used only for audience measurement and to ensure the technical health and performance of the website. We do not sell or share any user data for advertising purposes.

For security purposes (e.g., investigating threats or attacks), we may review limited request details including IP addresses via Cloudflare's tools.

Cloudflare - Technical Details We Share

Cloudflare processes visitor IPs for web security. So for purposes of their DPA, Cloudflare is the data processor and we are the data controller

Cloudflare's Web Analytics - designed for privacy, but to be transparent they process limited technical data to provide metrics:

• Timing metrics: minimal timing information to show site performance.
• Technical identifiers: User-Agent strings and referring page URLs. Cloudflare Web Analytics uses privacy-preserving techniques including anonymized/shortened IP processing (where applicable), with no client-side cookies or localStorage for metrics collection, and no individual fingerprinting; see Cloudflare's Privacy Policy. Note: Anonymized technical data like shortened IPs is not treated as personal information under applicable laws, as it cannot reasonably identify individuals.
• Network activity: server and network logs to detect threats and optimize routing.

Cookies and Similar Technologies

We use cookies and similar technologies (such as browser local storage) to deliver, secure, and personalize the service based on your interactions.

These technologies support:

• Local Storage for User Preferences: Stores settings you explicitly choose, such as toggling dark mode or AI chatbot chosen. Storage is applied only after your interaction (e.g., toggling a setting or performing a chat request), allowing the site to remember and apply your selection on return visits without repeated prompts. Examples include keys like theme (dark/light mode) or default_ai (chatbot preference). Only non-identifying preference values are stored.
• Cloudflare Security Cookies (e.g., cf_clearance): Required for website security, bot prevention, load balancing, and traffic management. They handle limited technical data like browser type and general region to protect against threats. No consent is required under applicable laws.
• Cloudflare Web Analytics Note: Cloudflare Web Analytics is cookie-free and does not use client-side storage for metrics collection.
• Cloudflare Cookie Policy: See Cloudflare's Cookie Policy for security cookie details, or your browser's documentation (e.g., Chrome DevTools) for local storage management.
• Management & Control: You can view, edit, or delete these items at any time through your browser settings (clear cookies, clear local storage, privacy extensions, etc.). Doing so may reset preferences on each visit but will not prevent site access.

European Union and Equivalent Jurisdictions: For users in the EU (including stricter implementations in France via CNIL, Germany via BfDI, and Belgium via GBA), our use of cookies and similar technologies complies with the ePrivacy Directive (Article 5(3)) and national implementing laws. These uses qualify as strictly necessary for providing the requested service or remembering user-initiated preferences and therefore do not require prior consent. Storage is kept minimal and anonymized where feasible.

United States and Other Regions: Our use of cookies and local storage complies with applicable state privacy laws (e.g., CCPA/CPRA in California, VCDPA in Virginia, and equivalent laws), which require transparency regarding data practices and provide opt-out rights where relevant.

We aim to provide a secure and functional experience while minimizing data collection and offering clear information and user control options via browser tools.

Data Retention

We may retain only minimal technical logs for operational and security purposes, and these logs are automatically deleted or rotated regularly. User preference data in local storage persists until you clear it or it expires via browser policies.

Your Privacy Rights

Because we collect only minimal, non-identifying technical data, most individual rights requests (access, deletion, etc.) will have limited applicability. Still, you may contact us at support@newtabchat.com to:

• Ask what technical data (if any) we hold related to your visit
• Request deletion of any retained logs associated with your IP (subject to our short retention periods)
• Opt out of any future analytics processing (though this may impair site functionality)
• Manage or withdraw preferences stored in local storage/cookies via browser tools

International Data Transfers

As a US-based service using global providers like Cloudflare, data may transfer to the US or other countries. For regions requiring safeguards (e.g., under PIPA, LGPD, FADP), we rely on Cloudflare's data processing agreements, including Standard Contractual Clauses where applicable (see their DPA). Anonymized data like shortened IPs is not considered personal information.

We do not specifically target users in the European Union, United Kingdom, South Korea, Brazil, Switzerland, or similar regions, but apply privacy-by-design principles globally.

Global Compliance

For users in regions requiring a legal basis (e.g., EU/UK under GDPR), our limited processing of technical data (performance, security, basic audience metrics) relies on our legitimate interests in operating, securing, and improving the Service. We have balanced these interests against your rights by minimizing data collected, anonymizing where possible, using privacy-first tools, and not using data for marketing or profiling. Cookie and local storage uses comply with the ePrivacy Directive via strict necessity exemptions.

We do not engage in "sales" or "sharing" of personal information as defined by other applicable U.S. state privacy laws (e.g., CCPA/CPRA, Virginia CDPA, etc.).

Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children.

If you believe a child under 13 has used the Service, please contact us so we can delete any associated technical logs.

Deep Links to Third-Party AI Services

When you perform an action resulting in a redirect deep link to a third-party AI or chatbot, that service may collect data according to its own privacy policy. NewTabChat does not control or have access to data collected by third-party AI services.

Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will always be posted on this page with a new "Last updated" date.

Contact

If you have questions about this policy, contact us at support@newtabchat.com