Privacy Policy

Nkata ("we", "us", or "our") operates the Nkata browser extension, the dashboard at app.nkata.xyz, and the website at nkata.xyz. This policy explains what data we collect, how we use it, and the choices you have.

We do not sell your personal data. We do not serve ads. Data you provide is used solely to operate and improve the Nkata service.

Account information. When you sign up via Google or GitHub OAuth, we receive your name, email address, and profile picture from the OAuth provider. We store these to identify you within your team's workspace.

Comments and annotations. When you leave a comment, we store the comment text, the URL of the page it was left on, the DOM element anchor (a CSS selector path used to re-locate the element), and a lightweight DOM snapshot used to restore context.

Screenshots. When you annotate an element, the extension captures a screenshot of the visible tab at that moment. Screenshots are uploaded to and stored on Cloudflare R2 object storage and are accessible only to members of your project.

Auth token (local). The extension stores your authentication token in Chrome's local storage on your device. This token is never transmitted to any third party and is used only to authenticate requests to the Nkata API.

Usage data. We may collect basic, anonymous usage metrics (e.g. feature usage frequency) to improve the product. This data is not linked to your identity.

• To provide the Nkata service — storing and displaying your comments, screenshots, and threads to project members.
• To send @mention email notifications when a teammate mentions you in a comment.
• To authenticate you across sessions without requiring repeated sign-in.
• To improve the reliability and performance of the extension and dashboard.

The Nkata Chrome extension requests the following permissions:

• All URLs: Nkata must run on any webpage so you can leave comments on staging sites, production pages, and internal tools. No page content is transmitted anywhere except the screenshot and element anchor you explicitly choose to annotate.
• Active tab / screenshot capture: Used only when you click an element to annotate. A screenshot of the visible tab is captured at that moment and attached to your comment.
• Storage: Your auth token and selected project are saved locally on your device so you remain signed in.
• Cookies: Used only to read the Nkata session cookie from app.nkata.xyz to sync your login state when you open the extension popup.

The extension does not read, collect, or transmit your browsing history, form data, passwords, or any page content beyond what you explicitly annotate.

We do not sell, rent, or share your personal data with third parties except:

• Cloudflare R2 — for storing screenshots you upload via the extension.
• Email provider — to deliver @mention notifications you trigger.
• OAuth providers (Google, GitHub) — only at sign-in; we receive a profile token and do not receive access to your Google or GitHub account data beyond your public profile.
• Legal requirements — if required by law or to protect the rights and safety of our users.

Comments, screenshots, and account data are retained for as long as your account is active. You may delete individual comments from the dashboard at any time. To delete your account and all associated data, contact us at privacy@nkata.xyz.

All data in transit is encrypted via HTTPS/TLS. Auth tokens are stored in Chrome's local storage and never logged or transmitted to third parties. Screenshots are stored in a private Cloudflare R2 bucket accessible only to authenticated project members.

Depending on your location, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Object to or restrict certain processing.

To exercise any of these rights, email privacy@nkata.xyz.

Nkata is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top. Continued use of Nkata after changes constitutes acceptance of the revised policy.

Questions about this policy? Email us at privacy@nkata.xyz.