# Privacy Policy – API Sniffer Pro
**Last Updated: November 24, 2025**
## Introduction
API Sniffer Pro (“we”, “our”, or “the extension”) is committed to protecting your privacy. This Privacy Policy explains how we handle information when you use our Chrome extension.
## Information We Do NOT Collect
API Sniffer Pro does **not**:
- Collect any personal information
- Track your browsing history
- Send any captured API data to our servers
- Use analytics or tracking tools
- Share information with third parties
- Store data in the cloud
## Information Stored Locally
The extension stores the following data **locally on your device only**:
### 1. Captured API Requests
- HTTP request/response data for **backend API calls (fetch / XMLHttpRequest)**
- WebSocket messages (when enabled)
- Request headers and bodies
- Response data
- Timestamps and metadata
- **Only for domains you explicitly configure in the extension’s Domain Filter**
- **If you do not configure any domains, no requests are captured**
**Storage Location:** Chrome’s `storage.local`
**Retention:** Until you manually clear it using the “Clear” button or uninstall the extension
**Access:** Only you can access this data on your device
### 2. License Information
- License key (if you activate a PRO plan)
- License validation status
- Plan type and enabled features
**Storage Location:** Chrome’s `storage.local`
**Purpose:** To enable and validate PRO features
**Transmission:** License key and basic metadata are sent **only** to our license validation server (`https://us-central1-fournotfouraaps.cloudfunctions.net/api`) over HTTPS
### 3. User Preferences
- Domain Filter configuration
- Display and filter settings
- Other extension configuration options
**Storage Location:** Chrome’s `storage.local`
**Purpose:** To remember your settings between sessions
## Permissions Explained
API Sniffer Pro requires the following permissions:
### 1. `webRequest`
**Purpose:** To intercept and capture **backend API (fetch/XHR)** requests for analysis
**Data Access:** Can read request and response data for matching API calls
**Usage:** Only used to capture requests when DevTools is open and you are on the **API Sniffer Pro** tab, and only for domains configured in the Domain Filter
### 2. `storage`
**Purpose:** To save captured API logs, license data, and settings locally
**Data Access:** Stores data in Chrome’s local extension storage
**Usage:** All data stays on your device unless you explicitly clear it or uninstall the extension
### 3. `tabs`
**Purpose:** To identify which browser tab requests belong to
**Data Access:** Can read tab IDs and URLs
**Usage:** Only to associate captured requests with the correct tab in DevTools
### 4. `<all_urls>`
**Purpose:** Chrome requires `<all_urls>` to technically allow the extension to *be able* to inspect requests from any website
**Data Access:** In theory can intercept requests from all domains, but in practice the extension:
- **Only captures backend API requests (`xmlhttprequest`)**, and
- **Only for hostnames that match domains you configure in the Domain Filter**, and
- **If you do not configure any domains, no requests are captured at all**
**Usage:** Only when DevTools is open and the API Sniffer Pro panel is active
## Data Security
- All data is stored locally using Chrome’s secure extension storage
- No captured API data is transmitted to our servers (except license validation data as described)
- No encryption keys or sensitive credentials are intentionally stored
- You can delete all stored data at any time using the “Clear” button or by uninstalling the extension
## License Validation
When you activate a PRO license:
- Your license key is sent to our license validation endpoint
- **Server URL:** `https://us-central1-fournotfouraaps.cloudfunctions.net/api`
- **Data sent:** License key, extension version, platform
- **Data received:** Validation status, plan type, enabled features
- **Connection:** Encrypted via HTTPS
## Third‑Party Services
### License Server
- **Provider:** Google Cloud Functions (Firebase)
- **Purpose:** License validation only
- **Data Shared:** License key and basic extension metadata
- **Privacy Policy:** <https://firebase.google.com/support/privacy>
### Payment Processing (Future)
If paid subscriptions are enabled in the future:
- **Provider:** Stripe, Razorpay, or similar
- **Purpose:** Payment processing only
- **Data Shared:** Payment information handled by the payment provider
- **Note:** We never see or store your full payment details
## Children’s Privacy
API Sniffer Pro is not intended for children under 13. We do not knowingly collect information from children.
## Changes to This Privacy Policy
We may update this Privacy Policy occasionally. Changes will be posted on this page with an updated “Last Updated” date.
## Your Rights
You have the right to:
- Access the data stored locally by the extension
- Delete all data at any time
- Uninstall the extension
- Contact us with privacy concerns
## Data Deletion
To delete all data:
1. Click the **“Clear”** button in the API Sniffer Pro DevTools panel, or
2. Uninstall the extension, or
3. Clear Chrome’s extension data for API Sniffer Pro
## Contact Us
If you have questions about this Privacy Policy or data handling, please contact us at:
**Email:** (add your support email here)
## Compliance
This extension is designed to comply with:
- Chrome Web Store Developer Program Policies
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
## Consent
By using API Sniffer Pro, you consent to this Privacy Policy.