Privacy Policy: Technical Register
Last updated: [launch date]
Last updated: [launch date]
Architecture: why we hold no conversation data
Tangent renders ChatGPT's own conversation tree. The tree is fetched by your browser, from ChatGPT, using your existing ChatGPT session. This is the same data ChatGPT already sends your browser. It lives in page memory only:
- Conversation text, summaries, and your ChatGPT auth token exist in-memory in the page and are gone when the tab closes. They are never written to disk and never sent to any server of ours.
- The extension's network destinations are exactly:
chatgpt.com(the conversation data, as always),clerk.accounts.dev/ our Clerk frontend API (sign-in session), andapi.addtangent.com(the endpoints below).
What we persist
chrome.storage.local, mirrored to Cloudflare D1 (EU jurisdiction; at-rest
encrypted) when signed in, keyed by your Clerk user id:
| Key | Content |
|---|---|
forcedTangents |
per-conversation lists of message UUIDs you branched |
archivedRoots |
per-conversation lists of message UUIDs you archived |
mergeRecords |
per-conversation merge bookmarks (message UUIDs + a consumed flag) |
These are opaque identifiers. They reference messages inside your ChatGPT account and are meaningless without it. No message text, no titles, no summaries.
Additionally, an entitlement cache (plan, entitled, a timestamp) is stored
locally so a network outage doesn't lock you out.
Server endpoints and what they see
| Endpoint | Data |
|---|---|
/sync |
the three ID-lists above (authenticated, your user id from the session token) |
/layout |
the conversation tree's anonymized structure: sequential integers + parent/child links + branch type, regenerated per request. No text, no message UUIDs, no conversation id. Positions are computed in-memory and returned; nothing is persisted. (This is how the map is drawn; the layout engine runs server-side.) |
/checkout, /reconcile |
your Clerk user id; creates/queries your Creem subscription |
/config |
anonymous GET: feature kill-switches + status banner; no user data sent |
/webhooks/* |
server-to-server from Creem/Clerk (signature-verified) |
Sub-processors
- Clerk Inc.: authentication. Holds: email, OAuth profile (name, avatar), session metadata, and your subscription status (plan name + an entitled flag). DPA
- Creem: merchant of record. Holds: payment instrument, billing address, invoices, VAT handling. We receive webhooks referencing your customer id; we never receive card data. Terms & data handling
- Cloudflare: hosting (Workers + D1). Holds the three ID-lists. DPA
Deletion cascade
Deleting your account in Clerk emits a signed user.deleted webhook to our
Worker, which deletes all rows for your user id from D1. Local
chrome.storage.local data is removed by uninstalling the extension.
No telemetry
The extension contains no analytics SDK, no error reporting, no usage tracking.
The only "phone home" is the anonymous /config poll described above.
Controller
The data controller is Ozan Demirezen (Denmark), reachable at support@addtangent.com.