Auto API doesn't collect your data.

Auto API is a Chrome side-panel extension that captures network requests in your browser, stores them in your browser's local IndexedDB, and lets you export or run them — without ever sending anything to a server we operate. This policy explains, concretely, what that means.

Local-only by design Last updated: 18 June 2026 Effective for v1.0+

tl;dr — the five things that matter

We don't operate a server. The extension has no backend. Auto API makes zero outbound network requests of its own.
No account, no signup, no email. We don't know who you are, and we don't ask.
Captured API data stays in your browser. Everything is stored in your browser's IndexedDB and never transmitted to anyone.
No telemetry, no analytics. The extension does not log, report, or measure your usage. Anywhere.
Clearing or uninstalling removes everything. Your data lives and dies on your machine.

GET /scope

What this policy covers.

This policy describes how the Auto API browser extension ("the extension", "we", or "Auto API") handles information when you install it from the Chrome Web Store and use it in your browser. It applies to all releases of the extension currently distributed through the Chrome Web Store, identified by the extension ID and the version chip in the side panel header.

The extension is a developer tool for capturing, exporting, and running API test code. It is operated by the developer named in /contact below, and is not affiliated with any third-party API your tests may interact with.

What this policy is not. This policy does not cover the websites or APIs you choose to capture against. Those services have their own privacy practices that govern their data. Auto API simply observes traffic between your browser and those services — at your direction, on your machine.

GET /information-we-collect

Information we collect: none.

Auto API does not collect, receive, transmit, store on remote servers, share with third parties, sell, or use for advertising any personal information about you. We don't operate a server. We don't have a database. We have no ability to access information about you because we never receive any.

Specifically, the extension does not:

Make outbound network requests to any server we operate (because we don't operate any).
Use Google Analytics, Mixpanel, Amplitude, Sentry, Segment, PostHog, Datadog, or any other analytics, logging, or telemetry SDK.
Include third-party tracking pixels, beacons, or fingerprinting scripts.
Ask for your name, email address, phone number, or any other personal identifier.
Read your cookies for any host other than as part of the captured request data you've explicitly chosen to record.
Access your browsing history. The activeTab permission is used only to know which tab to capture from while you're capturing.

You can verify these claims by inspecting the extension's manifest.json (no remote hosts allowlisted beyond the broad permission required to attach to tabs you capture against) and source code where applicable.

GET /data-inventory

What can appear in locally-stored capture data.

Even though we don't collect any of your information, the request and response data Auto API captures locally on your machine may contain sensitive information depending on what API calls your application makes. The table below maps Chrome Web Store's official user-data categories to what Auto API does with each one.

Category	Collected by Auto API?	May appear in local capture?	How it's handled
Personally identifiable information	No	Possibly	Only if your captured API request or response bodies contain it. Stored in IndexedDB on your machine; never transmitted.
Health information	No	Possibly	Only if your captured API traffic carries it. Same local-only handling.
Financial & payment information	No	Possibly	Same local-only handling. If you capture against a payments API, do not export the captured bundle to a public location.
Authentication information	No	Possibly	Auth tokens (bearer, API keys, CSRF) are captured to make recordings replayable. When you export, they're extracted into `.env.example` as commented-out placeholders so secrets don't enter version control.
Personal communications	No	Possibly	Only if your captured traffic contains messages or emails. Same local-only handling.
Location	No	Possibly	Only if location appears in your captured API payloads. Same local-only handling.
Web history	No	Possibly	The URLs of API endpoints you've captured are stored locally. The extension does not access Chrome's browsing history API.
User activity	No	No	No usage analytics. Clicks within the extension UI, exports performed, suites run — none of these are logged anywhere.
Website content	No	Possibly	Captured API request and response bodies are stored locally. These often contain structured data, may contain user content, but never leave your browser.

What "Possibly" means. Any of these categories could appear in your captured data if the API you're testing happens to carry them. Auto API has no visibility into what's in any individual request. What matters from a privacy standpoint is that none of it is transmitted anywhere by Auto API — it's stored locally on the device where you ran the capture, and you remove it by clicking Clear or uninstalling the extension.

GET /use-of-data

How locally-stored data is used.

Auto API uses the data it captures on your behalf — and only the data it captures on your behalf — for the user-facing features you invoked when you captured it. The extension's use of this data complies with Chrome Web Store's Limited Use requirements:

Used only for user-facing features. Captured data powers the list view, export generators, suite runner, and replay panel. Nothing else.

Not transferred to third parties. Except to comply with applicable law (we have no data to transfer in any case).

Not used for advertising. No ad targeting, ad measurement, remarketing, or any advertising purpose whatsoever.

Not used to determine creditworthiness. Or for any lending-related purposes.

Not sold. Ever, to anyone, under any definition of "sold".

Not read by humans. Auto API has no employees with access to your data; we have no servers to access it on.

GET /third-parties

Third parties: none.

The extension does not integrate with any third-party service for the purposes of data processing, analytics, advertising, error reporting, or any other purpose. It does not embed third-party SDKs, scripts, fonts loaded from a CDN, or remote configuration.

The only third party that can access locally-stored extension data is you — when you explicitly export a suite or copy generated code, you choose where that data goes (a local file, your repo, a colleague). Auto API has no involvement in transmissions you initiate using the data you've captured.

GET /your-rights

What you control.

Because we don't have any of your data, there's no remote process for accessing, correcting, or deleting it. Everything is on your machine, where you control it directly:

Clear individual captures

Click Clear in the top bar to empty the active capture list. The IndexedDB current and sessions tables are wiped immediately.

Delete saved suites

In the Health Check panel, hover any suite chip and click the trash icon. That suite is removed from the suites table immediately.

Uninstall the extension

Removing Auto API from chrome://extensions deletes the entire IndexedDB store and any chrome.storage entries. Nothing of yours persists.

You do not need to contact us to exercise any of these rights — they're operations you perform yourself in your own browser. We don't gate them, we can't refuse them, and we don't know when you perform them.

GET /children

Children's privacy.

Auto API is a developer tool intended for software developers and QA engineers. It is not directed at children under the age of 13 (or the equivalent minimum age in your jurisdiction). Because the extension does not collect any information about its users, it does not knowingly collect information from children. If you are a parent or guardian and you believe your child has used Auto API in a way that raises a concern, uninstalling the extension will remove all locally-stored data from the device.

POST /changes

Changes to this policy.

We may update this policy from time to time to reflect changes in the extension, the law, or our practices. The "Last updated" date at the top of this page always reflects the current version. Material changes will be called out in the extension's release notes on the Chrome Web Store listing. Continued use of the extension after a change means you accept the updated policy.

Because we have no way to contact you (we don't have your email), we cannot notify you individually. Checking the Chrome Web Store listing's "Last updated" date is the authoritative way to see if anything has changed.

POST /contact

Contact.

Questions about this policy, requests under applicable privacy laws (even though we have nothing to disclose), or concerns about the extension's privacy practices can be directed to:

Auto API
sajb8722@gmail.com

We aim to respond to privacy inquiries within five business days. Note that we may not be able to "produce your data" in response to a subject-access request because we don't hold any — but we'll happily confirm that in writing.