Privacy Policy
This Privacy Policy explains what personal information the Nakama extension and the website at orenonakama.com collect, how we use, share and protect it, and the rights you have. Nakama is built to keep your data on your own device: it contains no advertising, no third-party analytics and no trackers, we never sell personal information, and your content is never stored on our servers.
1. Introduction
This policy applies to the Nakama Chrome extension, our stateless token-exchange functions, and the marketing site at orenonakama.com. By using the Service you acknowledge the processing described here.
2. Who We Are (Data Controller)
The data controller is Rexplore Inc., a company incorporated in the Republic of Korea. For any privacy request or question, contact help@rexplore.xyz.
3. Personal Data We Collect
3.1 Information you provide
When you sign in with Google we receive your basic account profile: your name, email address and profile picture. When you connect another service we receive the identifiers that service returns (for example a workspace or channel name).
3.2 Content you act on
Only when you trigger a feature, Nakama processes the specific item you selected — for example an email you ask it to summarize or reply to, an event, file, message or page. For the marketing tools (SEO/AEO/GEO, site structure and tracker inspection) it reads the URL and page content of the active browser tab you are viewing.
3.3 Information stored on your device
OAuth tokens for the services you connect, your settings, and any comments or tickets you write are stored only on your device in Chrome's extension storage (chrome.storage.local). They are not sent to us.
3.4 What we do not collect
We do not use advertising, third-party analytics or trackers; we do not build profiles; we do not sell or rent personal information; and we do not store your content on our servers.
4. How We Use Your Data
We use data solely to provide the feature you triggered:
- reading or displaying the message, event, file or page you selected;
- drafting a reply, comment or item you asked for;
- running the analyses you request (SEO scoring, performance, AI tests);
- maintaining your connections and settings on your device.
5. Legal Bases for Processing (GDPR Article 6)
Where the GDPR applies, we rely on: performance of our contract with you (providing the Service you requested); your consent (connecting a service, or running an AI/performance test that sends data to a third party — you may withdraw it at any time); our legitimate interests in operating and securing the Service in the limited, privacy-preserving way described here; and compliance with legal obligations.
6. Google User Data — Limited Use
Nakama's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. Google user data (such as Gmail, Calendar and Drive content) is used only to provide the user-facing features you trigger; is processed transiently — in your browser, and where you use AI features, relayed through our server to your chosen AI provider without being stored — and is not retained on our servers; is never sold or used for advertising; is never used by Nakama to train, fine-tune, or develop any AI model; and is not transferred to others except as necessary to provide those features at your request (for example, to the AI provider you choose — see "AI and Automated Processing" below), to comply with law, or as part of a merger where this policy continues to apply. We do not allow humans to read your Google user data except with your consent for support, to comply with law, or for security.
7. AI and Automated Processing
Some features send limited data to an AI or measurement provider, only when you start them:
- AI drafting and assistance — the message or page context you act on is sent, via Nakama's server proxy, to the AI provider in use (OpenAI's GPT by default; or, if you enable "use my own API key", OpenAI or Anthropic (Claude) called directly with your key) to generate the result you requested;
- Performance (Core Web Vitals) — the active tab's URL is sent to Google PageSpeed Insights;
- Live AI-visibility / answer / search tests — your brand name, domain and short page context are sent to OpenAI's GPT API with live web-search grounding (via Nakama's server proxy by default, or directly with your own key if enabled).
7.1 How this data is handled
Nakama is not an AI company. We do not use your content, or the AI's output, to train, fine-tune, or develop any AI model, to build profiles, or for advertising. The content you choose is relayed transiently through Nakama's server (which does not store it) to the AI provider in use, solely to produce the result you asked for. That provider — OpenAI by default, or OpenAI/Anthropic if you supply your own key — processes the data under its own terms and privacy policy, which you should review and which may permit the provider to use submitted data to operate or improve its own services. You can avoid this entirely by not using the AI features. These features are user-initiated and optional.
8. Data Retention
Because Nakama keeps data on your device, retention is mostly in your control:
- OAuth tokens — kept on your device until you disconnect the service or uninstall the extension; deleted immediately on disconnect;
- Settings, comments and tickets — kept in your browser's local storage until you delete them or uninstall;
- Content you act on — processed transiently and not retained on our servers;
- Token-exchange function logs — minimal operational logs without your content, retained for up to 14 days for security and debugging.
9. International Data Transfers
Processing happens on your device, on Google's infrastructure for the features you use, and on our stateless functions hosted by our cloud provider. Where personal data is transferred internationally (including to the Republic of Korea or the United States), we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.
10. Your Rights
10.1 EU/UK (GDPR)
You have the right to access, rectify, erase, restrict or object to processing, to data portability, and to withdraw consent at any time. Disconnecting a service withdraws consent and deletes its tokens immediately; uninstalling removes all local data. To exercise other rights, email help@rexplore.xyz — we respond within 30 days. You may also complain to your local supervisory authority.
10.2 California (CCPA/CPRA)
You have the right to know, delete and correct personal information, and to opt out of "sale" or "sharing" — which we do not do. We do not discriminate against you for exercising your rights.
10.3 Korea (PIPA)
You have the right to access your personal information, request correction or deletion, and request suspension of processing.
10.4 Japan (APPI) and others
You have equivalent rights of disclosure, correction and suspension of use under your local law.
11. Data Security
All network traffic uses HTTPS/TLS. OAuth tokens are stored only in Chrome's sandboxed extension storage on your device and deleted on disconnect. Our server component is a stateless token-exchange function with no database; service client secrets exist only in encrypted environment variables. We request the minimum OAuth scopes each feature needs. See our Security Policy for details.
12. Children's Privacy
Nakama is a work tool and is not directed to children under 14, and we do not knowingly collect their personal data.
13. Cookies and Local Storage
The extension uses Chrome's extension storage (not cookies) to keep your tokens and settings on your device. The marketing site uses only essential storage and does not run advertising or cross-site tracking cookies. See our Cookie Policy.
14. Third-Party Services
When you connect a service, data flows directly between your browser and that service at your request. Those providers process your data under their own privacy policies, including Google (Gmail, Calendar, Drive, Chat, Search Console, Analytics), Slack, Telegram, Microsoft Teams, Zoom, Webex, GitHub, Atlassian (Confluence), Figma, Notion, Dropbox, Instagram and others you choose to connect. Please review their policies.
15. Changes to This Policy
If this policy changes materially we will update this page and its effective date and, where appropriate, notify you through the Service.
16. Governing Law and Language
This policy is governed by the laws of the Republic of Korea, and any dispute is subject to the exclusive jurisdiction of the Seoul Central District Court (서울중앙지방법원) as the court of first instance, subject to your mandatory local rights. The English-language version is authoritative; translations are for convenience only and the English version prevails in case of conflict.
17. Contact
For privacy questions or to exercise your rights, contact help@rexplore.xyz.