Privacy Policy

Last updated: March 2026

Overview

macNewTab is a Chrome extension providing a macOS-style new tab experience. It includes widgets for clock, calendar, search, notes, and links. This extension is built for personal convenience. It does not store personal information on external servers.

Google Sign-In

macNewTab uses Google Sign-In only to let users access their Google Calendar events securely within the extension. The sign-in process is handled entirely by Google’s own authentication interface. The extension never has access to your password or sensitive credentials.

Permissions

The extension requests only the minimum permissions required:

• identity — for optional Google Sign-In and calendar events.
• https://www.googleapis.com/auth/calendar.readonly — to read your Google Calendar events (if enabled).
• storage — to save local preferences and optional user notes via Chrome Sync.
• chrome_url_overrides — to replace the default new tab page.

All data stays on your device or your personal Google account. macNewTab does not share data with third-party servers.

Data Collection and Usage

macNewTab does not transmit personal data to our servers.

Any data retrieved via Google APIs (such as calendar events) is displayed only within your local browser session and not stored or shared externally.

Optional User Notes (Website Content): The notes syncing is disabled by default. Syncing is an opt-in feature. If enabled, text is saved using chrome.storage.sync. This syncs notes across your devices via your Google account. We do not read or store this text on external servers. Notes are not sold or used for tracking.

Data Protection Mechanisms for Sensitive Data

We ensure security for your Calendar Events and Synced Notes:

macNewTab ensures robust security for the Google user data it accesses (Calendar Events). Since the extension does not transmit or store this sensitive data on any external servers controlled by the developer, the following mechanisms are in place:

• Secure Communication (TLS/HTTPS): All data fetched from and sent to Google APIs, including the authentication process (OAuth 2.0 via chrome.identity), is transmitted exclusively over secure, encrypted channels using Transport Layer Security (TLS/HTTPS). This prevents eavesdropping and tampering during data transfer.
• Client-Side Processing: Sensitive Calendar data is processed and rendered entirely within the user's local browser environment. It remains on the user's device and is secured by the operating system and browser's built-in sandboxing and security features.
• OAuth 2.0 Compliance: We adhere strictly to the OAuth 2.0 protocol, ensuring that we never handle or store the user's Google credentials (passwords). We only interact with Google's secure access tokens.
• Data Minimization: The extension is limited to read-only access (calendar.readonly) to Google Calendar data, significantly reducing the security surface area.

Data Retention and Deletion

You control your data:

• Retention: Google user data is retained only for the duration of the browser session or as a temporary cache in local browser storage to improve performance while the extension is installed. Notes stay in your Chrome Sync data until you delete them. They are not on any developer-controlled servers.
• Uninstallation: Removing the extension deletes local data. Synced data can be cleared via Chrome Sync settings.
• Revoking Access: You can stop calendar access at Google Account Security.

Third-Party Services

We use official Google and Chrome APIs. Review Google’s Privacy Policy for more info.

Contact

Questions? Contact the developer via the Chrome Web Store or GitHub.