๐ CSS Conflict Inspector
Privacy Policy
How this extension handles data โ plain language, no legalese.
๐ CSS Conflict Inspector
Privacy Policy
How this extension handles data โ plain language, no legalese.
CSS Conflict Inspector โ Privacy Policy Effective date: April 2026
Summary
This extension reads CSS styles on the current tab to diagnose why Klaviyo components may not be displaying correctly. It stores only the test profile you configure (email, phone, name) and your last 5 scan URLs, both locally on your device. It does not track your browsing. It sends data in two cases: when you click the Identify button (which transmits the selected email address to Klaviyo's identify API to test profile creation), and when you voluntarily submit a feedback report.
1. Who we are
The CSS Conflict Inspector is an internal tool built and maintained by Klaviyo Support. It is intended for use by Klaviyo support agents and authorised team members.
2. What the extension does
When you click Scan Page, the extension inspects the active browser tab to:
Detect Klaviyo signup forms, review widgets, and customer agent components on the page.
Read the page's CSS stylesheets to identify rules that may be hiding or conflicting with those components.
Check the Klaviyo script tag for configuration issues.
Display results in the extension panel โ nothing is sent anywhere at this stage.
All analysis happens locally, inside your browser. No data is transmitted until you explicitly use the Identify feature or submit a feedback report (see Sections 3 and 4).
The extension also provides the following additional features:
Test Submit โ When you run Test Submit, the test email, phone, and name from your Settings are submitted to the merchant's Klaviyo signup form. This triggers a real API call to Klaviyo โ the intended behaviour for testing form submission end-to-end. No data is sent to any Klaviyo Support system as part of this action.
Mobile Preview โ Activating Mobile Preview overrides the tab's screen dimensions, device pixel ratio, and User-Agent using Chrome's DevTools Protocol to emulate iOS or Android devices. No page content is read or captured during this process.
Site Scanner โ Fetches the list of active Klaviyo forms for the merchant account via Klaviyo's API using the company ID detected on the page. Only form metadata (name, ID, type, targeting) is retrieved and displayed locally in the panel.
Force Open โ Sends a signal to Klaviyo's onsite SDK to open a specified form on the active tab, bypassing display conditions. All processing happens locally in the tab.
Identify โ When you click the Identify button, the email address you have selected in the Identify panel is transmitted directly to Klaviyo's identify endpoint (a.klaviyo.com/api/identify) to create or update a profile in the merchant's Klaviyo account. This is the intended behaviour for testing real-time profile identification. The email is also pushed through the page's Klaviyo SDK to keep the browser session in sync. No data is sent to any Klaviyo Support system as part of this action.
Export โ Clicking the Export button downloads a CSV file to your local device containing the results of the current scan (site URL, component type, issues found, CSS rules, element paths). Nothing is transmitted externally โ the file is saved locally only.
3. Data the extension reads and stores
The extension reads the following from the active tab only when you trigger a scan or feature:
Data
Why it's read
Stored?
Page URL
Shown in the scan summary so you know which site was inspected
Locally in chrome.storage.local, last 5 scans only
Test profile (email, phone, first name, last name)
Entered by the agent in Settings to auto-fill Klaviyo forms during Test Submit
Yes โ locally in chrome.storage.local until changed or the extension is uninstalled
Email address (Identify panel)
Transmitted to Klaviyo's identify API when you click Identify, to test profile creation on the merchant's account
Not stored by the extension โ sent directly to Klaviyo
CSS stylesheet rules
To identify conflicting rules affecting Klaviyo components
Not stored โ used only during the active scan session
DOM element attributes
To locate Klaviyo form containers, buttons, and inputs
Not stored
Inline script content
To detect patterns like localStorage.clear() that affect form behaviour
Not stored
Klaviyo script tag attributes
To check the script type, placement, and company ID
Not stored
The extension does not read passwords, cookies, browser history, bookmarks, or any content outside the active tab.
4. Feedback reports โ what is sent and where it goes
Each detected issue has a ๐ / ๐ button. If you choose to submit a report, the following information is sent to a private Google Sheet maintained by the Klaviyo Support team:
Field
Example value
Verdict
correct or false_positive
Site URL
Component type
Signup Form
Form ID
XEaCqu
Issue label
Hidden by CSS: display: none
Flagged CSS rule
.shopify-section { overflow: hidden }
Source file
/themes/dawn.css
Comment (optional)
Free-text note entered by the agent
Timestamp
2026-04-17T10:23:00Z
This data is transmitted via HTTPS to a Google Apps Script web app and appended to a Google Sheet accessible only to the Klaviyo Support team. It is used solely to improve the accuracy of the extension's detection rules.
Submission is always voluntary. Closing the feedback row or ignoring it sends nothing. No data is collected passively.
5. Data retention and deletion
Local storage โ The last 5 scan summaries and your test profile are stored in chrome.storage.local. Scan summaries are automatically overwritten as new scans are run. Your test profile persists until you change it in Settings or uninstall the extension. All local data is permanently deleted when the extension is uninstalled. You can also clear it at any time via chrome://extensions โ CSS Conflict Inspector โ Clear Storage.
Feedback sheet โ Submitted feedback rows are retained for as long as needed to improve detection quality. Agents may request deletion of any submission by contacting the Klaviyo Support tooling team.
6. Third-party services
Feedback data is processed by Google Apps Script and stored in Google Sheets, both products of Google LLC. These services are subject to Google's Privacy Policy. When you use the Identify feature, the email address you select is transmitted to Klaviyo's identify API (a.klaviyo.com), which is subject to Klaviyo's Privacy Notice. No other third-party services receive data from this extension.
7. Permissions used and why
Permission
Reason
activeTab
Grants access to the current tab only when you click the extension icon. Required to read the page's CSS and DOM for scanning.
scripting
Required to inject the analysis script into the active tab when you trigger a scan, Pick Element, Test Submit, or Force Open.
storage
Stores your test profile (email, phone, name) and the last 5 scan summaries locally so they persist between sessions.
sidePanel
Displays the extension's interface as a Chrome side panel alongside the active tab, allowing you to view results while the live page remains visible.
debugger
Used exclusively by Mobile Preview to attach Chrome's DevTools Protocol and send device emulation commands (screen dimensions, pixel ratio, User-Agent). No network traffic is captured or intercepted. The debugger is detached cleanly when Mobile Preview is turned off.
tabs
Required to identify the active tab's URL and ID, send messages between the side panel and content scripts, monitor tab navigation events during Force Open operations, and open Klaviyo dashboard links in new tabs.
Host permission (https://a.klaviyo.com/*)
Allows the background service worker to fetch Klaviyo's geo-IP and forms list APIs on behalf of the Site Scanner and geo-targeting features, and to call a.klaviyo.com/api/identify when the agent uses the Identify feature to test real-time profile creation. Required because content scripts on merchant pages are blocked from making cross-origin requests to Klaviyo's API directly. This permission is not used to read merchant page content.
The extension does not request permissions to access all websites, your browsing history, cookies, or any data outside the active tab. The host permission for a.klaviyo.com is restricted to Klaviyo's own API and is not used to read merchant page content.
8. Children's privacy
This extension is intended for use by Klaviyo employees and authorised support agents only. It is not directed at children under the age of 13 and does not knowingly collect information from minors.
9. Changes to this policy
If we make material changes to this policy, the effective date above will be updated and the change will be noted in the extension's release notes. Continued use of the extension after a policy update constitutes acceptance of the revised policy.
10. Contact
Questions about this privacy policy or requests to delete submitted feedback data should be directed to the Klaviyo Support Tooling team via your internal Slack channel or by emailing sakariye.ali@klaviyo.com.
ยฉ 2026 Klaviyo, Inc. ยท CSS Conflict Inspector ยท Internal Tool