NPAS Mate — Privacy Policy

Last updated: April 10, 2026
Controller / Operator: NOKIA APJ SU
Contact: daniel.j.noh@nokia.com

This policy describes how the NPAS Mate Chrome extension (“the extension”) collects, uses, stores, and shares information when you use it. The extension is a side-panel assistant for Nokia NPAS performance dashboards (e.g. Apache Superset). It is not intended for general web browsing or unrelated purposes.

Required disclosure for Chrome Web Store: NPAS Mate handles personal or sensitive user data. The four sections below—user data collection, user data handling, user data storage, and user data sharing—each contain the full details for that topic. None of these sections is omitted.

User data collection

This section describes what user data is collected (or received by the extension).

We collect or receive only what is needed for the extension’s single purpose (NPAS dashboard assistance). This aligns with the data types you may see disclosed on the Chrome Web Store listing (e.g. personally identifiable information, authentication-related data, personal communications, and website content):

• Personally identifiable information: if your organization’s backend exposes it, a work email or similar identifier may be shown in the UI for identification.
• Authentication information: the distributed extension package does not embed LLM or third-party API keys. For Superset/dashboard API access, the extension may (depending on your organization’s configuration) use your existing browser session on the dashboard origin (e.g. same-site cookies sent only with standard HTTPS requests you trigger through the tool), and/or tokens or optional service credentials supplied by your organization’s NPAS Mate backend and cached locally as part of configuration—solely to perform dashboard and analysis features you request. We do not use this data to sign you in to unrelated sites.
• Personal communications: text you enter in the chat and optional images you attach or paste.
• Website content: when you use page analysis or related features, the active tab’s URL and page-derived content (e.g. dashboard/chart/table structure and metadata) from NPAS-related pages you are viewing.
• Settings and technical data: backend URL, selected model, conversation history, and cached server configuration in chrome.storage.local.

User data handling

This section describes how user data is handled after it is collected (processing, access, and permitted uses).

Collected data is processed only to provide chat, optional page context for answers, optional document retrieval (RAG), and display of settings returned by your backend. We do not use the data for unrelated tracking or profiling beyond operating these features. Data is not sold, not used for third-party advertising inside the extension, not used for creditworthiness or lending, and not used for purposes unrelated to the extension’s stated single purpose. Processing follows your organization’s policies where applicable.

User data storage

This section describes where user data is stored and for how long it may be kept.

Local storage: preferences, conversation history, and cached configuration (which may include backend-supplied tokens or credentials fields your operator configures) are stored in chrome.storage.local on your device until you clear them or remove the extension.

Remote storage: when you send messages or analysis requests, the content of those requests and responses may be processed and stored by Nokia LLM Gateway, your configured NPAS Mate backend, or other organization-controlled systems according to their retention and logging practices.

Retention: local chat history can be cleared using in-extension controls where available. Remote retention is determined by your backend operator; contact your organization or the contact above for organizational policies.

User data sharing

This section describes what user data is shared, with whom, and for what purpose.

Data is transmitted only to Nokia LLM Gateway (or equivalent endpoints declared in the extension manifest) and to the backend URL and approved dashboard hosts you or your organization configure, as required for the extension to function. We do not sell personal information to Google LLC or the Chrome Web Store for their independent use. Enterprise employers may access data on systems they control (e.g. server logs). We may disclose information when required by law or valid legal process.

1. What information we collect

We collect or receive the following categories of information:

• Information you provide: Text you type in the chat, optional images you paste or attach, and optional feedback (e.g. rating and free-text reason).
• Technical and usage data from the extension: Your selected backend URL, selected LLM model, and similar settings stored in chrome.storage.local; cached configuration returned by your backend (e.g. timeouts, model lists).
• Tab and page-related data: The URL of the active tab to determine whether the extension may run on NPAS-related pages. If you use page analysis, we read page content needed to describe charts, tables, and dashboard structure on that tab (within Chrome permissions you granted).
• Identifiers and account information: If your configured backend returns it, your work email address may be shown in the extension UI for identification.
• Data sent over the network: The above items may be sent as HTTPS requests and responses between the extension and (a) Nokia LLM Gateway or equivalent endpoints declared in the extension, and (b) your organization’s NPAS Mate backend (including localhost, tunnel URLs such as Cloudflare, and approved dashboard hosts in the manifest). Your organization’s servers may also create server or application logs when they receive those requests.

2. How we use and handle your information

We use the information above only to:

• Provide the extension’s features: chat with the configured LLM, optional dashboard/chart context for answers, optional document retrieval (RAG) via your backend, and display of model/settings from your server.
• Enable or disable the extension UI based on whether the current tab is an NPAS-related page.
• Store your preferences and recent conversation locally on your device when you use those features.
• Operate, debug, and improve the service as allowed by your organization’s policies (e.g. feedback you submit may be stored on your backend).

We do not use this information to sell personal data, to serve third-party ads inside the extension, or for creditworthiness or lending decisions. We do not use the data for purposes unrelated to the extension’s single purpose described on the Chrome Web Store listing and in this policy.

3. How and where we store your information

• On your device (local storage): Settings, backend URL, selected model, conversation history, and cached backend configuration are stored in the browser using chrome.storage.local. This data remains on your machine unless you clear it or uninstall the extension.
• On servers (remote storage): When you send messages or analysis requests, the content of those requests and responses may be processed and stored by Nokia-operated or your organization-operated servers, according to those operators’ retention and logging practices. The extension does not control third-party server logs; your employer’s or IT team’s policies apply.
• Retention: Local chat history can be cleared using in-extension controls where available. Remote retention is determined by your backend operator; contact your organization or the contact above for organizational policies.

4. Sharing and disclosure of information

• Service operation: Data is shared only as needed with Nokia LLM Gateway (or endpoints declared in the extension manifest) and with the backend URL you or your organization configure, so that chat, RAG, and dashboard-related features work.
• No sale to Google: We do not sell personal information to Google LLC or to the Chrome Web Store for their independent use.
• Employer / organization: If the extension is deployed in an enterprise context, your employer may access data on systems they control (e.g. server logs, admin tools). That processing is governed by your employment or IT policies.
• Legal: We may disclose information if required by applicable law or a valid legal process, consistent with Nokia and organizational obligations.

5. Security

Personal and sensitive user data is transmitted over the network using HTTPS (or other secure channels as configured for approved endpoints). API keys and secrets are not embedded in the distributed extension package; they should be configured on servers under your organization’s control.

6. Your choices

You may clear locally stored conversation history where the extension provides that option, change the backend URL in settings, or remove the extension from Chrome to delete locally stored extension data subject to browser behavior. For data held on organizational servers, contact daniel.j.noh@nokia.com or your internal support channel as appropriate.

7. Children

The extension is intended for professional use by adults in a workplace context; it is not directed at children.

8. Changes to this policy

We may update this page to reflect product or legal changes. The Last updated date at the top will change when we do. Material changes may also be communicated through your organization where applicable.