Privacy Policy - Cookie Lens
Last Updated: May 2026
Cookie Lens is a privacy-first Chrome DevTools extension.
This page is split into a plain-language summary (below) and a technical breakdown — see Privacy in detail if you want to verify how the extension handles data.
Data Collection
- Cookie Lens does not collect, store, or transmit any user data.
- All cookie inspection and analysis happens locally on your device.
- No data is sent to external servers or third parties.
- No tracking, no analytics, no telemetry.
Cookies & Local Storage
- The extension uses browser storage only to save user preferences (theme, filters, UI state) locally on your device.
Changes to This Policy
We may update this policy occasionally. Continued use of the extension constitutes acceptance of any changes.
For questions, contact: [email protected]
Privacy in detail
The summary above is the policy in plain language. The sections below explain the technical specifics for users who want to verify how Cookie Lens handles data.
Where data lives
Cookie Lens uses three browser-managed storage tiers and nothing else.
- Persistent (
chrome.storage.local) — non-sensitive preferences that should survive a browser restart: theme, custom parsing rules, the list of cookies you marked as Protected, table layout. Never includes cookie values. - Session (
chrome.storage.session) — RAM-only, cleared on browser restart: change history for the History tab, mock-override values for the Mocking feature, request metadata for the optional Set-by-request tracker. Never persisted to disk. - Panel UI (
localStorage) — DevTools-panel-scoped preferences: column widths, pinned cookies, panel theme. Cleared when DevTools site data is cleared.
Cookie values themselves are read from the inspected tab's cookie jar at inspection time, decoded for display, and never written into any of the above stores.
Optional: Set-by-request tracking
This feature is off by default. When you enable it (via Settings, with explicit permission grant), Cookie Lens correlates each cookie with the network response that set or updated it.
- Captures only metadata: HTTP method, request URL, response status code, timestamp.
- Does not capture request or response headers (other than the
Set-Cookieline the API surfaces), bodies, or query parameters. - Stored in
chrome.storage.session— RAM-only, cleared on browser restart. - Disable any time by toggling the same setting off.
Permissions
| Permission | When granted | What it allows |
|---|---|---|
cookies | On install | Read and write cookies for the inspected tab |
tabs | On install | Identify which tab you are inspecting |
webRequest | When you enable Set-by-request tracking | Observe Set-Cookie headers in responses for the optional tracker |
You can revoke webRequest any time at chrome://extensions.
Exports are your responsibility
The Export tab produces JSON files (cookies, Playwright storageState, event logs). These files contain real cookie values — including auth tokens, session IDs, and anything else your app puts in cookies.
- Treat them like credentials: don't commit to public repos, don't paste into shared documents.
- Cookie Lens doesn't track exports — once a file is on your filesystem, it's fully under your control.
Data retention
| Data | Lifetime | How to clear |
|---|---|---|
| Cookie values (in panel) | While DevTools is open | Close DevTools |
| Mocks and change history | Until browser restart | Restart the browser, or Settings → Clear |
| Preferences | Until you change or uninstall | Settings → Clear Extension Data, or uninstall |
| Exported files | Up to you | Manual deletion |
What Cookie Lens does not do
- Does not contact any remote server.
- Does not include analytics, telemetry, or crash reporting.
- Does not load any third-party scripts or fonts.
- Does not access browser data outside the inspected tab's cookies (no history, bookmarks, passwords, other extensions' data).
- Does not require an account, login, or any personal information.