Privacy Policy for XHRScribe

Last Updated: January 2025

Overview

XHRScribe ("we", "our", or "the extension") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our Chrome extension.

Information We Collect

Data Collected Locally

• Network Request Data: HTTP/HTTPS requests, responses, headers, and payload data from websites you visit while recording
• User Settings: AI provider preferences, API keys, test framework selections, and extension configurations
• Session Data: Recorded network sessions with timestamps and metadata

Data Processing

• Local Processing: All data is processed locally on your device by default
• AI Service Integration: When using cloud AI providers, anonymized and encrypted data may be sent to:
  • OpenAI (if selected)
  • Anthropic Claude (if selected)
  • Google Gemini (if selected)
• Local Model Option: You can use local AI models for complete offline processing

How We Use Your Information

Primary Uses

• Generate automated test suites from captured network requests
• Provide AI-powered code generation services
• Store user preferences and settings
• Maintain recording session history

Data Processing Principles

• Minimal Collection: We only collect data necessary for core functionality
• User Control: You control what data is recorded and processed
• Encryption: All sensitive data is encrypted with AES-256
• Local First: Processing happens locally when possible

Data Security

Encryption & Storage

• Local Encryption: All data stored locally is encrypted with AES-256
• API Key Security: API keys are encrypted and stored securely in Chrome's storage
• Device-Specific Keys: Encryption keys are unique to your device
• No Plain Text Storage: Sensitive data is never stored in plain text

Data Transmission

• HTTPS Only: All external communications use HTTPS/TLS encryption
• Data Masking: PII and sensitive data is automatically masked before transmission
• Optional Transmission: You can choose local-only processing to avoid any external data transmission

Third-Party Services

AI Providers (Optional)

When you choose to use cloud AI services:

• OpenAI: Subject to OpenAI's privacy policy and terms of service
• Anthropic: Subject to Anthropic's privacy policy and terms of service
• Google: Subject to Google's privacy policy and terms of service

Data Sent to AI Providers

• Anonymized Request Data: Method, URL structure, and request/response patterns
• No Personal Information: PII, credentials, and sensitive data are masked
• User Control: You can disable cloud AI and use local models instead

User Control & Rights

Your Choices

• Recording Control: Start/stop recording at any time
• Data Deletion: Delete any recording session or all data
• Provider Selection: Choose between cloud AI or local processing
• Export Options: Export your data in standard formats

Privacy Settings

• Local Mode: Process everything offline without external API calls
• Cloud Mode: Use cloud AI with data masking and encryption
• Hybrid Mode: Smart routing based on data sensitivity
• Custom Masking: Define your own sensitive data patterns

Data Sharing

We Do NOT Share

• Personal Information: We never sell or share personal data
• Recording Data: Your captured network data remains private
• Usage Analytics: We do not track how you use the extension

Limited Sharing

• AI Processing Only: Anonymized data may be sent to selected AI providers for code generation
• User Controlled: All sharing is explicitly controlled by user choices

Contact Information

For privacy-related questions or data requests, please contact us through:

• GitHub Issues: Repository Issues
• Email: [Your contact email]
• Documentation: Available within the extension

Compliance

XHRScribe is designed to comply with:

• GDPR: European privacy requirements
• CCPA: California privacy standards
• Chrome Web Store: Google's developer policies