Plain English, no legalese. We respect your data.
debugger permission is used only during Explore to capture live page screenshots via CDP โ it is detached immediately when exploration ends and no data leaves your device.cookies permission is used to restore your authenticated session for test runs โ cookies are never sent to pathfinder or any third party.pathfinder is a Chrome browser extension that acts as an AI-powered QA engineer. It is a standalone client-side tool. There is no pathfinder server, cloud service, or backend.
| Data | Where stored | Leaves your device? |
|---|---|---|
| API key (OpenAI / Anthropic / Google) | Chrome storage.local (encrypted by Chrome) |
Sent to your provider only |
| Crawled page text & embeddings | Browser IndexedDB | Local only |
| AI-learned user flows | Browser IndexedDB | Local only |
| Generated test cases | Browser IndexedDB | Local only |
| Test results & screenshots | Browser IndexedDB | Local only |
| Interaction graph (from Explore) | Browser IndexedDB | Local only |
| Extension preferences & theme | Chrome storage.local |
Local only |
| Personal information | โ | Never collected |
| Analytics / crash reports / telemetry | โ | Never collected |
When you use AI features (Explore, Flow Learning, Test Generation), pathfinder sends prompts directly from your browser to your configured provider:
pathfinder does not proxy, log, or inspect these requests. The call goes directly from your browser to the provider using your own API key.
If you use the Local (Free) embedding mode, no data is sent to any external service โ the model runs entirely in your browser via ONNX Runtime.
When you crawl a website, pathfinder's service worker makes HTTP GET requests to the pages you specify. These requests:
User-Agent header identifying pathfinder (pathfinder/1.0)The crawled text content is stored locally in IndexedDB. It is never uploaded anywhere.
| Permission | Why it's needed |
|---|---|
activeTab |
To read the current page's URL and title so the extension knows which page to explore or test |
tabs |
To navigate tabs during test execution, monitor page loads, and detect URL changes after actions |
scripting |
To execute scripts inside the active tab โ used to read the DOM, interact with elements, and verify authentication state during test runs |
debugger |
To attach Chrome DevTools Protocol (CDP) to a tab for live screencasting during Explore mode. This is used only while you run Explore โ no page content is stored or transmitted beyond your device. The debugger is detached as soon as exploration ends. |
cookies |
To capture your existing browser session cookies and re-inject them before test execution, so tests run as an authenticated user. Cookies are read locally and never transmitted to any third party. |
storage |
To save your API key, preferences, and theme settings locally in Chrome's encrypted storage |
sidePanel |
To display the pathfinder UI in Chrome's side panel |
alarms |
To keep the service worker alive during long-running crawl and exploration jobs |
host_permissions: <all_urls> |
To crawl any help or docs site you specify, and to run tests against any web app. You control which URL is crawled or tested โ pathfinder does not initiate any requests on its own. |
All locally stored data (crawled documents, vectors, flows, test cases, results) can be deleted at any time:
Open pathfinder โ โ Settings โ Clear All Data
Uninstalling the extension also removes all locally stored data.
If this policy changes, the "Last updated" date at the top will be updated. We will not make changes that reduce your privacy without clear notice in the extension's changelog.