Privacy Policy

1. Scope

This policy describes how the Endpoint Atlas browser extension (the "extension") for Chrome and Firefox handles information. It applies to the extension itself, not to any Swagger UI page you open with it. The websites where Swagger UI is hosted are operated by their own owners and are governed by their own policies.

2. Data we don't collect

The extension does not collect, transmit, sell, share, or store any personal data. Specifically, it does not:

• Track which pages you visit or how long you stay on them.
• Read or transmit cookies, authentication tokens, request bodies, or response bodies.
• Send any analytics, telemetry, error reports, or usage statistics.
• Communicate with any remote server operated by the extension's author.
• Use third-party SDKs, advertising networks, or fingerprinting.

There is no backend. There is no account. There is nothing to opt out of, because there is nothing being collected to begin with.

3. Why the extension requests <all_urls>

Swagger UI is self-hosted documentation — there is no central domain it lives at. Every API team hosts their own Swagger docs on their own URL: api.company.com/docs, internal.example.org/swagger, localhost:8080/api-docs, and so on. The extension cannot know in advance which sites are Swagger UI pages.

For this reason it requests the <all_urls> host permission. This permission allows the content script to run on each page you open so it can detect whether Swagger UI is present in the DOM and inject the sidebar only when it is. On every other page the script does nothing and exits.

The permission is used purely to discover where Swagger UI is rendered. It is not used to read, modify, or transmit anything from non-Swagger pages.

4. How the extension works, in plain terms

• When you open a tab, the content script loads and checks the page for Swagger UI's known DOM markers.
• If Swagger UI is not present, the script exits immediately and does nothing further on that page.
• If Swagger UI is present, the script reads the endpoint list that Swagger UI has already rendered and builds a sidebar from it inside the same tab.
• All processing happens in your browser, in the page's own context. Nothing is sent anywhere.

5. Data the extension touches

On a Swagger UI page, the extension reads only what Swagger UI itself has rendered into the page: endpoint paths, HTTP methods, tag groupings, and the visible state of the Authorize dialog. It uses this to populate the sidebar and to display whether you are currently authorized.

This information stays in the tab. It is not copied off the page, sent to a server, written to your filesystem, or shared with any other extension. When you close the tab, it is gone.

6. Storage

The extension does not use chrome.storage, localStorage, sessionStorage, IndexedDB, cookies, or any other persistent storage to retain information about you, your browsing, or the APIs you view. The only persistent artifact on your machine is the extension's own code, installed by your browser when you added it.

7. Third parties

The extension contains no third-party scripts, no advertising, no analytics SDKs, and no remote code loading. It does not share data with third parties because it does not have any data to share.

8. Children

The extension is a developer tool and is not directed at children. Because no data is collected, no data about children — or anyone else — is processed.

9. Changes to this policy

If the extension's behavior ever changes in a way that affects privacy — for example, if a future feature genuinely required network access — this policy will be updated and the "Last updated" date at the top of the page will be changed accordingly. Material changes will be reflected in the extension's release notes on the Chrome Web Store, Firefox Add-ons, and GitHub.

10. Contact

Endpoint Atlas is free and open source. You can read the full source code, file an issue, or send a pull request on GitHub. For privacy-specific questions, please open an issue on the project's repository.