Privacy Policy

Effective 5 May 2026 · Last reviewed 5 May 2026

The short version

YancoTab does not collect, transmit, or sell any personal data. There are no accounts, no analytics, no tracking, and no servers operated by us. Everything you create stays in your browser. The only outbound network requests are to public APIs for weather, map navigation, and website favicons.

1. Who this policy applies to

This policy covers the YancoTab browser extension (Chrome, Edge) and the YancoTab web app at the addresses listed in the Chrome Web Store and on our landing page. YancoTab is a single-developer open-source project maintained by Yaman Addas.

2. Data we collect

None. YancoTab has no backend, no analytics SDK, no telemetry, and no event reporting. We never see your notes, todos, search queries, bookmarks, files, settings, or any other content you create or save in the extension.

3. Data stored on your device

Everything you create is saved locally in your browser using two web platform storage mechanisms:

• localStorage — used by individual apps for their content (notes, todos, files, game state, etc.). Cleared if you uninstall the extension or clear site data.
• chrome.storage.sync — used to replicate a small subset of preferences (theme, wallpaper, dock layout) across the Chrome browsers you are signed into. This data is encrypted in transit and at rest by Google as part of Chrome Sync. We do not have access to it. See Google's privacy policy for details on Chrome Sync.

4. Permissions we request

YancoTab declares exactly one permission in its manifest:

• storage — required to read and write your settings and app data via the two storage mechanisms above.

We do not request access to your browsing history, open tabs, bookmarks, cookies, downloads, clipboard, microphone, or camera. YancoTab injects no content scripts and runs no persistent background service worker that observes your browsing (the sw.js file in the source code is a standalone web-app cache worker and is not registered by the extension manifest). The Maps app's "Nearby" button requests your browser's current location — this prompts the standard browser location dialog and is described in §5 below.

5. External services contacted by your browser

A small number of features rely on third-party APIs. Requests are made directly from your browser — they do not pass through any server we operate. No request includes any account identifier or personal data; the parameters sent are limited to what is needed to fulfil the request.

• Open-Meteo (api.open-meteo.com, geocoding-api.open-meteo.com) — weather forecasts and city search. Sends: city name or geographic coordinates. No API key required. See Open-Meteo terms.
• OpenStreetMap Nominatim (nominatim.openstreetmap.org) — reverse geocoding when you opt in to "use my location". Sends: latitude/longitude. See Nominatim usage policy.
• National Weather Service (api.weather.gov) — US weather alerts. Sends: latitude/longitude. Public-domain US government API.
• Google Favicon Service (www.google.com/s2/favicons) — fetches website icons for bookmark tiles you create. Sends: the domain of the site whose icon you chose to display. See Google's privacy policy.
• Maps app — Google Maps (www.google.com/maps) — the Maps app opens Google Maps in a new browser tab for searches, directions, and map views. When you tap "Nearby", the app requests your browser's current location via the standard browser geolocation dialog; if you grant it, your coordinates are passed directly to Google Maps in the URL of the new tab. We do not receive or store your location. See Google's privacy policy for how Google handles location and map data.
• Browser app web requests — when you use the in-tab Browser app to navigate to a URL, your browser contacts that URL the same way it would in a normal tab. YancoTab is not in the middle of that request.

Each of these third parties may log your IP address as part of normal web traffic. We have no control over their logs and receive no copy of them. If this is a concern, the affected features (Weather, Maps app, Browser app, bookmark favicons) can be left unused without affecting the rest of the extension.

6. Cookies and tracking

YancoTab itself sets no cookies and embeds no trackers, pixels, or third-party scripts. The Content Security Policy enforced by the extension forbids loading remote code, inline scripts, and eval.

7. Data sharing and selling

We do not sell, rent, trade, or share any user data. We do not have any user data to share.

8. Children's privacy

YancoTab is suitable for general audiences and does not knowingly collect information from anyone, including children under 13. Because no data is collected at all, no parental consent or COPPA disclosure obligation applies.

9. Your rights and how to exercise them

Because we hold no data about you, there is nothing to request, port, or delete on our side. To remove all YancoTab data from your device:

• Uninstall the extension from chrome://extensions, or
• Open Settings inside YancoTab and use Export to back up your data, then Reset all data to wipe local storage.

10. Security

YancoTab follows Manifest V3 best practices: a strict Content Security Policy, no inline scripts, no remote code, validated URL schemes, and no host permissions. The full source is published under the MIT licence on GitHub for independent audit. To report a vulnerability, please open a private security advisory on the GitHub Security tab.

11. Changes to this policy

If this policy changes, the updated version will be published at this URL and the "Last reviewed" date at the top will be updated. Material changes will also be noted in the project CHANGELOG.

12. Contact

Questions or concerns can be sent to contact@yancoverse.com or filed as a public issue on GitHub.