Legal
Privacy Policy
Last updated: June 12, 2026 · Extension v1.0.1
StashView is a Chrome extension that helps developers inspect browser storage. This policy explains what data the extension accesses, how it is used, and what leaves your device (spoiler: nothing).
1. Data we collect
We collect no data whatsoever. StashView does not transmit, log, store remotely, or share any information from your browser or your activity. There are no analytics events, no error reporting endpoints, no telemetry pings.
2. Data accessed locally
To function, StashView reads the following from the currently active tab within your browser only:
-
localStorage & sessionStorage — read and written
only on explicit user action (viewing, editing, or deleting an entry).
Accessed by injecting a script into the page via the
scriptingpermission; the data never leaves the browser. -
Cookies — read via
chrome.cookies.getAll()scoped to the current tab's URL. Cookie values are displayed in the popup only. HttpOnly cookies are displayed but cannot be edited (enforced by the browser). - IndexedDB records — read on demand when you navigate to a database and object store in the popup. Data is displayed locally and discarded when the popup closes.
- Tab URL and favicon — used to display the inspected site's hostname and icon in the popup header. Not stored or transmitted.
3. Permissions explained
The Chrome Web Store requires every permission to be justified. Here is the exact reason each one is requested:
| Permission | Why it's needed |
|---|---|
storage |
Persists your UI preferences (dark / light theme and last-active storage tab) in the extension's local storage. No browsing data is ever written here. |
cookies |
Reads, writes, and deletes cookies for the inspected page via chrome.cookies. Required to show cookie flags (HttpOnly, Secure, SameSite). |
activeTab |
Grants temporary access to the currently active tab only when you click the extension icon — no background access. Used to identify the tab's URL for scoping storage and cookie reads. |
scripting |
Injects a minimal JavaScript function into the inspected page to read or write localStorage, sessionStorage, and IndexedDB — these APIs are only accessible from the page's own origin context. |
tabs |
Used to query the active tab's URL and favicon URL for display in the popup header. |
host_permissions: <all_urls> |
Developers inspect storage on any website, so the extension must be able to operate on arbitrary origins. Without this, cookie reads and script injection would be blocked on most sites. |
4. No third-party services
StashView includes no third-party SDKs, analytics libraries, crash reporters, CDN resources, or remote fonts. All JavaScript and CSS is bundled locally within the extension package. There are zero outbound network requests from the extension itself.
5. Open source
The complete source code is publicly available on GitHub. You are welcome to audit every line: github.com/stormdotcom
6. Children's privacy
StashView is a developer tool not directed at children. We do not knowingly collect any information from anyone under 13.
7. Changes to this policy
If the extension's data practices change in any meaningful way this policy will be updated and a new "last updated" date will be set. The current version is always published at this URL.
8. Contact
Questions about this policy? Reach out via the support page or open an issue on GitHub.