Privacy policy.

You own every Tab you open on TabTab — its domain, code, customer list, agent conversations, and data. We process this data on your behalf to run the OS, but we do not sell it, rent it, or share it with third parties for marketing. This policy covers what we collect when you sign up, what your Tabs generate, and what we capture when you visit this site.

When you sign up: Name, email, phone, company name, billing address, and payment information (processed by Stripe — we never store card numbers).

When your Tabs run: Data the agents create or process inside your Tab — customer records, conversations, code, files, ad accounts, social connections. We retain this for you so the Tab keeps running.

When you visit this site: Anonymous analytics via Vercel Analytics and PostHog (cookieless mode). Page views, referrer, device type, country. No cookies. No fingerprinting. No cross-site tracking.

When you contact us: Name, email, and message content submitted through our forms.

Account information is used to run the OS and bill you. Tab-generated data is used to keep your companies running and to respond to agent actions. Site analytics are used to improve the site. We do not sell, rent, or share your personal information with third parties for marketing purposes.

Frontier and standard model inference is routed to third-party providers (Anthropic, OpenAI, Google) under their respective terms. We send only the data required to perform the agent task. We do not authorize providers to train on your data. Budget models are routed via OpenRouter to open-weight providers.

We use the following services to operate TabTab and this website:

• Stripe — Payment processing and Stripe Connect for Tabs
• Anthropic / OpenAI / Google — Frontier and standard model inference
• OpenRouter — Budget / open-weight model routing
• Railway / Vercel — Hosting and deploy targets for Tabs
• Resend — Transactional email
• PostHog — Cookieless product analytics
• Cloudflare — Anti-bot protection

Account and billing records are retained for 7 years for tax and legal compliance. Tab-generated data is retained for as long as your account is active and for 30 days after cancellation, unless you request immediate deletion. Site analytics are anonymized and aggregated after 90 days.

All data in transit is encrypted via TLS. Sensitive fields (tax IDs, payment tokens, third-party credentials) are encrypted at rest using envelope encryption. We do not store passwords in plaintext — credentials are hashed with argon2id. Access to production systems is restricted and audited.

You may request access to, correction of, export of, or deletion of your personal data at any time by emailing privacy@tabtab.com. We respond within 30 days. If you are in the EU, UK, or California, you have additional rights under GDPR, UK GDPR, and CCPA respectively.

We may update this policy. Material changes will be posted here with a revised date. We will not retroactively reduce your rights without notice.