Privacy Policy
Last updated: 14 July 2026
API Explorer is a Chrome extension that helps developers discover, capture, and explore the API endpoints a website calls, and optionally analyze them with an AI assistant. This policy explains exactly what data the extension handles and where it goes.
In short:
- The extension has no backend server — we never receive, store, or see your data.
- Everything captured is stored locally in your browser.
- Data leaves your device only when you act: to the AI provider you configured (AI Chat), or to the website's own API (replay).
What the extension stores locally
Stored via chrome.storage.local on your device only:
- Captured API data — URLs, methods, headers, request/response bodies, status codes and timing for requests made by sites you browse while capture is on.
- API keys — keys you enter for AI providers, encrypted on-device (AES-GCM via the Web Crypto API) before storage.
- Auth tokens — the freshest Authorization/CSRF/API-key style headers seen per site, stored encrypted, so requests can be replayed.
- Settings, chat history, and activity logs — your preferences, saved AI conversations, and a local log of AI/API calls.
You can delete any of this at any time from within the extension, or by removing the extension.
What is sent off your device (only when you act)
- To your chosen AI provider — when you send a message in AI Chat, your message plus relevant captured endpoint information and your API key are sent to that provider's API (e.g. Google Gemini, OpenAI, Anthropic, or a custom OpenAI-compatible endpoint) so it can respond. This is handled under that provider's privacy policy. If you never use AI Chat, nothing is sent to any AI provider.
- To the target website's API — when you replay or execute a request, it is sent to the site's own API using your existing browser session, exactly as the site would.
Nothing is sent to the developer of this extension. There is no analytics, tracking, or telemetry.
Data sharing and sale
- We do not sell your data.
- We do not transfer your data to third parties except the AI provider you explicitly configure and the target website's own API, as described above.
- We do not use your data for advertising, creditworthiness, or any purpose unrelated to the extension's single purpose.
Permissions
storage— save the above data locally.tabs— identify the active site and show the captured-endpoint count badge.scripting— inject the capture script and run replays inside the target tab so they use your real session.sidePanel— show the extension's main interface.- host access to visited sites — capture and replay API requests on the sites you choose to inspect.
Contact
Questions about this policy: mail@mddogan.com