Privacy Policy
Last updated: May 20, 2026 · Version 2.17.0
The XPath Locator Generator extension does not collect any user data. It makes zero network calls — no telemetry, no analytics, no error reporting. A few small UI preferences are stored locally on your device only.
Who this applies to
This policy covers the XPath Locator Generator Chrome extension ("the extension"), available on the Chrome Web Store. By installing and using the extension, you agree to the terms described below.
What data we collect
None. The extension does not collect, transmit, sell, or share any
personal information, browsing activity, or usage data. There are no fetch requests,
XMLHttpRequest calls, WebSocket connections, beacons, or any other form of network
communication initiated by this extension. You can verify this by inspecting the
source code: search for fetch(, XMLHttpRequest,
WebSocket, or sendBeacon across the source files — there
will be no matches.
What data is stored on your device
The extension stores three small UI-state values locally using Chrome's
chrome.storage.local API. This data is on-device only and is never
transmitted, synced to your Google account, or shared with anyone:
| Key | What it stores | Why |
|---|---|---|
lastResult |
The most recent xpath you captured (xpath string, match count, alternatives, frame URL if you clicked inside an iframe) | So reopening the side panel during the same session shows your last result instead of an empty view |
activeMode |
Which mode (single / list / dynamic) is currently active | So the panel highlights the correct mode if you reopen it mid-session |
altsExpanded |
Whether the "Other Locator Strategies" block is expanded (boolean) | Remembers your UI preference across sessions |
You can clear this data at any time from Chrome's settings: go to
chrome://extensions, find "XPath Locator Generator," click
"Details," then "Site settings" → "Clear data." Uninstalling the extension also
removes all stored data.
What we access (only when you ask)
When you click a mode button in the extension's side panel, the extension reads the DOM of the page in your active tab. Specifically, when you click an element, the extension reads:
- The element's tag name, attributes, and visible text
- The element's position in the DOM (ancestors, siblings)
- Other elements on the page (to verify the generated xpath uniquely identifies your target)
- For iframe content, the iframe's URL (so the generated xpath can include
driver.switchTo().frame(...)guidance)
All of this happens locally in your browser. The information is used only to
compute the xpath that gets displayed in the panel — it is not transmitted anywhere,
and it is discarded as soon as the xpath is computed (the only thing saved is the
final xpath string itself, in the lastResult storage key above).
The extension does not run on pages you visit unless you explicitly click a mode button. There are no static content scripts in the manifest, so the extension has zero presence on pages you are just browsing.
What we never do
- We do not collect your name, email, or any identity information
- We do not read or transmit your browsing history
- We do not access your cookies, passwords, or form data
- We do not track mouse movements, scroll behavior, or idle time
- We do not use analytics, telemetry, or crash reporting services
- We do not embed third-party SDKs, libraries, or trackers
- We do not show advertisements or have any monetization mechanism
- We do not sell or share data with anyone — there is no data to share
Permissions explained
Required to inspect webpage elements and generate locators. No personal data or browsing activity is collected or shared.
The extension requests four Chrome permissions:
<all_urls>(host) — lets the extension inject its content script into your active tab when you click a mode button. Not used to read pages automatically; the extension declares no static content scripts, so when you're just browsing it has zero presence on the page.scripting— the standard Manifest V3 API for the on-demand injection described above.storage— used only for the three local-only values listed above.sidePanel— renders the extension's UI in Chrome's side panel.
The extension does NOT request tabs, cookies,
history, bookmarks, webRequest,
downloads, notifications, or any other permission that
could read data outside of the explicit user-initiated capture flow.
Third parties
The extension uses no third-party services, SDKs, analytics providers, or external code. All functionality is implemented in vanilla JavaScript bundled with the extension. There are no remote scripts, no CDN dependencies, and no auto-updating components that pull code from outside the published extension package.
Children's privacy
The extension is a developer tool. It is not directed at children under 13. As described above, it does not collect data from any user, including children.
Changes to this policy
If the extension's data-handling practices ever change, this policy will be updated, the "Last updated" date at the top will be revised, and the version number in the extension's manifest will be incremented. Material changes will be noted in the extension's changelog.
Contact
Questions about this privacy policy or the extension's data practices? Reach out through the support email listed on the Chrome Web Store listing for the XPath Locator Generator.