QALens — Privacy Policy

Last updated: 16 June 2026

QALens is a Chrome extension built for QA Engineers and Business Analysts to discover the API calls a web application makes and generate test-automation locators (Playwright/Selenium). This page explains exactly what data QALens accesses, what it does with it, and what it never does.

Everything stays on your device

QALens has no backend server. It never sends any data it captures — network requests, page content, or generated locators — anywhere over the network. Everything is stored locally in your browser using the chrome.storage.local API and is only ever read by QALens itself, on your own machine.

What QALens captures

While you're browsing with the side panel open, QALens observes the network requests made by the current tab and records, per request:

• HTTP method, full URL, response status code, and response time
• Request and response headers
• Request and response bodies (for JSON payloads)

Sensitive data is redacted before it's ever stored

QALens automatically redacts likely-sensitive values before anything is written to storage — the header or field name is kept (so you can still see, for example, that an endpoint uses an Authorization header, which is useful for API mapping) but the value is replaced with [redacted]. This applies to:

• Headers: Authorization, Cookie, Set-Cookie, Proxy-Authorization, X-Api-Key, X-Auth-Token, Api-Key, X-Csrf-Token
• JSON body fields named (case-insensitive): password, token, secret, apiKey, accessToken, refreshToken, authorization, ssn, cardNumber, cvv

How long data is kept

• Each tab's captured calls are capped at 300 entries — once exceeded, the oldest entries are dropped automatically.
• A tab's data is cleared automatically when you navigate to a new page or close the tab.
• You can clear all captured data for the current tab at any time with the "Clear" button in the panel.
• Pausing capture (the "Pause" button) stops QALens from observing requests at all — nothing is captured or relayed internally while paused.

Why QALens needs the permissions it requests

• Host access to all sites — QALens's entire purpose is to map APIs on whatever site you're testing, which can't be known in advance.
• webRequest — used only to observe request metadata (never to block or modify traffic); it catches requests that fire before the page finishes loading and network errors that other methods can't see.
• tabs / activeTab — used only to know which tab the open side panel should display data for.
• storage — local persistence of captured data, described above.
• sidePanel — the UI surface itself.
• webNavigation — used to clear a tab's data when you navigate to a new page.

Data sharing

QALens does not sell, rent, or share any captured data with any third party, for any purpose. There is no analytics, telemetry, or crash-reporting SDK in the extension.

Contact

Questions about this policy or QALens's data handling: singh.nishant0625@gmail.com