Privacy Policy – API Sniffer Pro

Your privacy is our priority. This policy explains how API Sniffer Pro handles your data.

Last Updated: November 27, 2025

Introduction

API Sniffer Pro ("we", "our", or "the extension") is committed to protecting your privacy. This Privacy Policy explains how we handle information when you use our Chrome extension.

Key Principle: All captured API data remains in your browser. We never transmit, store, or access your API logs on our servers.

Information We Do NOT Collect

API Sniffer Pro does NOT:

  • Collect any personal information
  • Track your browsing history
  • Send any captured API data to our servers
  • Use analytics or tracking tools
  • Share information with third parties
  • Store data in the cloud

Information Stored Locally

1. Captured API Requests

  • HTTP request/response data for backend API calls (fetch / XMLHttpRequest)
  • WebSocket messages (when enabled)
  • Request headers and bodies
  • Response data
  • Timestamps and metadata
  • Only for domains you explicitly add and grant permissions for
  • Storage Location: Chrome's storage.local
  • Retention: Until you manually clear it using the "Clear" button or uninstall the extension
  • Access: Only you can access this data on your device

2. License Information

  • License key (if you activate a PRO plan)
  • License validation status
  • Plan type and enabled features
  • Storage Location: Chrome's storage.local
  • Purpose: To enable and validate PRO features
  • Transmission: License key and basic metadata are sent only to our license validation server (https://us-central1-fournotfouraaps.cloudfunctions.net/api) over HTTPS

3. User Preferences & Allowed Domains

  • Display preferences
  • Extension configuration
  • List of domains you've explicitly allowed for monitoring
  • Storage Location: Chrome's storage.local
  • Purpose: To remember your settings between sessions

Permissions Explained

1. webRequest

  • Purpose: To intercept and capture backend API (fetch/XHR) requests for analysis
  • Data Access: Can read request and response data for matching API calls
  • Usage: Only captures data for domains you've explicitly granted permission for

2. storage

  • Purpose: To save captured API logs, license data, and settings locally
  • Data Access: Stores data in Chrome's local extension storage
  • Usage: All data stays on your device unless you explicitly clear it or uninstall the extension

3. tabs

  • Purpose: To identify which browser tab requests belong to
  • Data Access: Can read tab IDs and URLs
  • Usage: Only to associate captured requests with the correct tab in DevTools

4. optional_host_permissions

  • Purpose: To request access to specific domains at runtime
  • Data Access: Can only intercept requests from domains you explicitly approve
  • Usage: The extension will ask for your permission before monitoring any domain
  • User Control: You can add, remove, or clear all domain permissions at any time

Data Security

Security Measures

  • All data is stored locally using Chrome's secure extension storage
  • No captured API data is transmitted to our servers (except license validation data as described)
  • No encryption keys or sensitive credentials are intentionally stored
  • You can delete all stored data at any time using the "Clear" button or by uninstalling the extension

License Validation

When you activate a PRO license:

  • Your license key is sent to our license validation endpoint
  • Server URL: https://us-central1-fournotfouraaps.cloudfunctions.net/api
  • Data sent: License key, extension version, platform
  • Data received: Validation status, plan type, enabled features
  • Connection: Encrypted via HTTPS

Third-Party Services

License Server

  • Provider: Google Cloud Functions (Firebase)
  • Purpose: License validation only
  • Data Shared: License key and basic extension metadata
  • Privacy Policy: https://firebase.google.com/support/privacy

Payment Processing (Future)

  • Provider: Stripe, Razorpay, or similar
  • Purpose: Payment processing only
  • Data Shared: Payment information handled by the payment provider
  • Note: We never see or store your full payment details

Your Rights

You have the right to:

  • Access the data stored locally by the extension
  • Delete all data at any time
  • Uninstall the extension
  • Contact us with privacy concerns

Data Deletion

To delete all data:

  • Click the "Clear" button in the API Sniffer Pro DevTools panel, or
  • Uninstall the extension, or
  • Clear Chrome's extension data for API Sniffer Pro

Compliance

This extension is designed to comply with:

  • Chrome Web Store Developer Program Policies
  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)

Changes to Privacy Policy

  • We may update this Privacy Policy occasionally. Changes will be posted on this page with an updated 'Last Updated' date.

GDPR & Data Protection Compliance

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing of your personal data

Children's Privacy

API Sniffer Pro is not intended for children under 13. We do not knowingly collect information from children.

Consent

By using API Sniffer Pro, you consent to this Privacy Policy.

Contact Us

If you have questions about this Privacy Policy or data handling, please contact us.

Note: Add your support email in the contact section above