Policy.

Who we are

DevUtils Sidebar is an open-source Chrome extension developed and maintained by Khanh Dang ([email protected]). It is distributed exclusively through the Chrome Web Store.

What data the extension handles

Data you enter into a tool

JSON you format, JWTs you decode, regexes you test, secrets you generate, QR codes you produce — this data:

• is processed entirely in your browser;
• is never sent over the network;
• is held in memory while a tool is open and discarded when you switch tools or close the side panel, unless the tool offers persistence (Notes and Vault, see below).

Data you choose to persist (local only)

Surface	Storage	Encryption
Preferences theme, favorites, recent tools	chrome.storage.local	None — non-sensitive
Notes markdown scratchpad	chrome.storage.local	None
Vault items env files, SSH keys, API tokens, server logins	chrome.storage.local	AES-GCM-256 with a key derived from your passphrase via PBKDF2-SHA-256, 600 000 iterations

chrome.storage.local is a per-browser-profile, on-device storage area managed by Chrome itself. It is not synced to your Google account and is not transmitted to us.

The Vault — details

• The encryption key is derived from your passphrase on demand and held only in volatile memory. It is wiped from memory when you lock the vault, when the side panel closes, and automatically after 15 minutes of inactivity.
• We never see your passphrase, your derived key, or your decrypted vault contents.
• There is no recovery mechanism. If you forget your passphrase, the vault cannot be unlocked — by anyone, including us.
• The Vault offers a manual Export that produces an encrypted JSON file you can save anywhere on your machine. The exported file is the same ciphertext format as on-disk storage and remains encrypted.

What data we collect

None.

• We do not use analytics (no Google Analytics, no Plausible, no Sentry, no telemetry of any kind).
• We do not transmit anything you type, paste, generate, or store.
• We do not make outbound network requests at any time. The extension has no host_permissions in its manifest.
• We do not require, request, or accept an account.
• We do not sell, share, or transfer data to any third party — because there is no data on our side to sell, share, or transfer.

Permissions we request, and why

The extension declares only the permissions it strictly needs.

Permission	Why it is requested
storage	To save your preferences, notes, and the encrypted Vault envelope in chrome.storage.local on your device. No network access is granted by this permission.
sidePanel	To render the tool UI inside Chrome's Side Panel surface.

The extension does not request host_permissions, tabs, cookies, webRequest, nativeMessaging, clipboardRead, or any other permission that would allow it to read or modify other websites or your system.

The Vault uses the Clipboard API's write capability (no permission required) when you press a "copy" button — and clears the clipboard ~30 seconds later on a best-effort basis.

Cookies and third parties

The extension sets no cookies, embeds no third-party iframes, loads no external scripts, and contacts no external services.

Children's privacy

DevUtils Sidebar is a developer tool. It is not directed at children and is not designed to collect data from any user, regardless of age.

Distribution & channels

DevUtils Sidebar is distributed exclusively through the Chrome Web Store. If you obtained the extension from any other source — a sideloaded ZIP, a third-party site, a marketplace mirror — we cannot vouch for its integrity. The official build is signed by the Chrome Web Store and identified by the publisher account associated with the contact email below.

The /try/ demo on this website is a web-only mirror of the same app, intended for evaluation. It runs in your browser tab, persists data in localStorage on this device, and never contacts a server. It is not a substitute for the extension — it has no side-panel surface and no Chrome integration — and it is not separately distributed.

Use & license

The extension is free of charge. There are no paid tiers, no in-app purchases, and no advertising. Source is available and licensed under the MIT License; you may read, build, and modify it under those terms. Using the extension does not create an account, a subscription, or any other commercial relationship.

"As-is" applies: the software is provided without warranty of any kind. The Vault feature in particular has no recovery mechanism — losing your passphrase means losing access to anything you stored there. Treat it like any other local password manager.

Updates & versioning

Updates ship through the Chrome Web Store's standard auto-update mechanism. We do not push patches through any other channel and the extension never downloads code from the network at runtime. Each release is identified by a semantic version string visible in the Chrome chrome://extensions page and on the listing.

If this policy changes in a way that affects what data is handled or how, the change will be noted at the top of the document alongside the extension version that introduced it. Material changes — anything that would broaden data collection — would also be summarised in the listing's "What's new" section before going live.

Changes to this document

Minor wording, formatting, and clarification edits are made silently and reflected in the Last updated date at the top. Substantive changes — anything affecting privacy, data handling, distribution, or licensing — are versioned in git and will appear in the change list above.