Privacy Policy

Effective Date: 2026-05-02
Version: 1.0 (MVP)

Tomicc (“we”, “us”, or “our”) operates the Tomicc Watch Chrome Extension and the tomicc.me dashboard. We prioritize “Honest Tracking” and “Privacy as Architecture.”

1. Data We Do NOT Collect

• Raw IP Addresses. We hash incoming IPs at ingestion using HMAC-SHA256 with a daily-rotated salt. Raw IPs never touch our logs or database. Yesterday’s salt is destroyed 24h after rotation, making prior hashes effectively non-reversible.
• Email Content. We do not read the body of your emails. We only read recipient addresses and subject lines to provide tracking visibility.
• Gmail Account Data. We do not request OAuth access to your Gmail account. The extension only interacts with the page’s DOM to inject tracking pixels and rewrite links.
• Web History. The extension only runs on https://mail.google.com. We do not see what other sites you visit.

2. Data We Collect

• Account Identity. Email address and display name provided via Clerk (our authentication provider).
• Tracking Metadata. Subject lines, recipient addresses (hashed for the global opt-out registry), and timestamps of pixel opens / link clicks against your tracked emails.
• Diagnostics. Coarse browser-bucket info (e.g. “Chrome-on-macOS”) and sampled performance data from the extension.

3. EU/UK Recipients

When the extension detects a recipient with an EU/UK address, it suppresses tracking before the email is sent — no pixel is injected, no links are rewritten, no event row is ever recorded. This is enforced at compose time, not at the server.

4. Recipient Opt-out

Recipients can opt out of Tomicc tracking globally. The opt-out registry is a global list keyed by HMAC-SHA256 hashes of email addresses; we never see the address itself. DNT and Sec-GPC headers from a recipient’s mail client also auto-create an opt-out.

5. Your Rights

• Deletion. Deleting your account via the dashboard scrubs your PII (email, display name, geography, timezone) immediately. Historical email rows are retained anonymously for billing and audit.
• Export. Email support@tomicc.me for a data export.
• Questions. Email support@tomicc.me.

6. Third Parties

We use Clerk for authentication, Vercel for application hosting, Cloudflare for edge compute and queueing, and Supabase for the database. None of these vendors receive recipient PII (only hashes). We do not sell or share data with advertisers.

7. Changes

We will update this page with an effective date when material changes are made. Material changes affecting data collection are also surfaced in the dashboard at next sign-in.