Privacy Policy

How we collect, use, and protect your data

Last updated: December 2024

TPMJS ("we", "us", or "our") operates tpmjs.com as a tool registry for AI agents. This Privacy Policy explains how we collect, use, and protect information when you use our service.

What Data We Collect

Public NPM Package Metadata

We automatically collect and index public metadata from npm packages that use the tpmjs-tool keyword. This includes:

•Package name, version, and description
•Tool metadata (parameters, return types, descriptions)
•Download statistics from npm registry
•Repository information (GitHub stars, README, license) when publicly available
•Publication and modification timestamps

This data is already public on npm and GitHub. We do not collect any private or non-public package information.

Usage Analytics

We collect basic analytics to understand how visitors use our site:

•Page views and navigation patterns
•Search queries and tool interactions
•Browser type, device information, and screen size
•Approximate geographic location (country/region level only)
•Referral sources (how you found our site)

Analytics data is aggregated and anonymized. We do not track individual users across sessions or devices.

Technical Logs & Error Data

Our hosting infrastructure (Vercel) automatically logs:

•IP addresses (retained for 7 days for security purposes)
•Request timestamps and response times
•API usage patterns and rate limiting data
•Error messages and stack traces (for debugging)

What We Don't Collect

✓No user accounts: TPMJS does not currently require user registration or login
✓No personal information: We don't collect names, email addresses, or contact details (unless you voluntarily email us)
✓No tracking cookies: We don't use third-party advertising or behavioral tracking cookies
✓No sensitive data: We don't collect payment information, social security numbers, or other sensitive personal data

How We Use Your Data

Operating the Service

•Indexing and displaying npm package information
•Calculating quality scores and health checks
•Providing search and discovery functionality
•Executing tools in our playground environment

Improving the Service

•Understanding which tools and features are most popular
•Identifying and fixing bugs and performance issues
•Optimizing search relevance and ranking algorithms

Security

•Preventing abuse, spam, and malicious activity
•Rate limiting API requests to ensure fair usage
•Detecting and blocking DDoS attacks

Third-Party Services

TPMJS relies on the following third-party services to operate:

Vercel

Hosting

Our website and API are hosted on Vercel's infrastructure.

Neon

Database

Tool metadata and sync data are stored in a PostgreSQL database hosted on Neon.

NPM Registry

Data Source

Package metadata is sourced from the public npm registry.

Railway

Sandbox Execution

The playground uses Railway to execute tools in isolated Deno environments.

Data Retention

NPM Package Metadata

Retained indefinitely to provide historical context and maintain package listings. Updated automatically when packages are republished or metadata changes.

Analytics Data

Aggregated analytics are retained for up to 90 days.

Server Logs

Technical logs including IP addresses are automatically deleted after 7 days per Vercel's retention policy.

Your Rights (GDPR Compliance)

If you are in the European Union, you have the following rights under GDPR:

Right to Access

Request a copy of any personal data we hold about you.

Right to Rectification

Request correction of inaccurate data. Note: NPM package data is sourced from npm; corrections must be made by republishing the package.

Right to Erasure

Request deletion of your data. To remove a tool from TPMJS, unpublish it from npm or remove the tpmjs-tool keyword.

Right to Object

Object to processing of your data for specific purposes (e.g., analytics).

Right to Data Portability

Request a machine-readable copy of data about your packages. All package data is already available via our public API.

To exercise any of these rights, contact us at hello@tpmjs.com. We will respond within 30 days.

Cookies & Local Storage

TPMJS uses minimal cookies and local storage:

Essential Cookies

Used for basic site functionality (theme preferences, session state). These cannot be disabled.

Examples: theme preference (light/dark mode)

Local Storage

Playground conversation history is stored locally in your browser and never sent to our servers.

We do not use third-party advertising or tracking cookies.

Data Security

We take reasonable measures to protect data from unauthorized access:

✓All data in transit is encrypted via HTTPS/TLS
✓Database connections use encrypted connections
✓API endpoints are protected with rate limiting
✓Tool execution happens in isolated sandbox environments
✓Regular security updates and dependency scanning

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

Children's Privacy

TPMJS does not knowingly collect information from children under 13. The service is intended for developers and AI practitioners. If you believe we have inadvertently collected data from a child under 13, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of TPMJS after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us:

In Summary

•We collect public npm package data and basic usage analytics
•We don't require user accounts or collect personal information
•We don't sell or share your data with third parties for marketing
•We use industry-standard security practices
•You have rights under GDPR if you're in the EU