Session Swap — Privacy
No data leaves your device unless you explicitly opt in.
Session Swap is a local-first browser extension. The profiles you save — cookies, localStorage, and sessionStorage snapshots — are stored on your machine and never transmitted to us, our servers, or any third party by default.
There is no Session Swap account, no backend, no analytics pixel, no error reporter — until you turn them on.
What is stored locally
| Item | Where | Why |
|---|---|---|
| Profiles (cookies, storage, IDB-detected flag) | chrome.storage.local | Restoring them is the whole point of the extension |
| License state (key, instance ID, last validated) | chrome.storage.local | So Pro features work offline |
| Consent flags (analytics + crash) | chrome.storage.local | So we don't re-prompt every popup open |
| First-run-shown flag | chrome.storage.local | So the welcome screen only appears once |
Local data lives inside Chrome’s per-extension sandbox. Uninstalling the extension wipes it. Re-installing on the same browser profile pulls it back because Chrome restores the extension’s storage when the extension ID matches.
There is no chrome.storage.syncmirror in the current build, so your profiles do not roam between devices through Google’s infrastructure. File-based export/import (Pro feature) is the explicit, user-driven way to move profiles across devices.
Optional services
Both are off by default. Each is independent — you can opt into one without the other. Re-toggle either at any time in the options page.
Anonymous usage events (PostHog EU)
When opted in: a small set of allowlisted event names is sent each time you use a feature.
- Event names are coarse:
profile_saved,profile_applied,profile_deleted,session_cleared,license_activated,license_deactivated,export_completed,import_completed,consent_changed. - Never sent: profile names, cookie values, site URLs, license keys, email addresses. IP addresses are not joined to user identities.
- Hosted on PostHog’s EU instance.
Crash reports (Sentry)
When opted in: uncaught exceptions are sent so we can fix bugs.
- URLs in stack traces and breadcrumbs are reduced to their origin —
https://github.com/orgs/foo/teams?tab=123becomeshttps://github.com. - Any string matching a credential shape (24+ identifier-safe characters, e.g. JWTs, OAuth tokens, API keys) is replaced with
<redacted>before transmission. - What gets through: error name and message (post-scrub), file:line, the Chrome version, the extension version.
Permissions
Session Swap declares the following Chrome permissions, each with a narrow purpose:
| Permission | Why |
|---|---|
cookies | Read and write site cookies — the core feature |
storage | Persist profiles in chrome.storage.local |
tabs | Determine which site the active tab is on |
activeTab | Inject the storage-snapshot script into the current tab on demand |
scripting | The MV3 API used to perform that injection |
optional_host_permissions: <all_urls> | Not granted at install time. Requested per site, the first time you save or apply a profile on that site. |
<all_urls> is optionalby design. We chose this over a static host permission so that installing the extension does not show the “This extension can read and change all your data on all websites” warning. The trade-off is one Chrome prompt per site, the first time you use Session Swap there.
Things Session Swap will not do
- Send your profiles anywhere
- Sync profiles between devices automatically
- Read cookies for sites you haven’t granted access to
- Embed analytics or error reporters that fire before you opt in
- Communicate with our servers (there are no Session Swap servers)
- Sell, share, or aggregate any data, opted-in or not
If any of these stop being true in a future version, this document will be updated and the change will be flagged in the release notes.
Questions? Email support@aszoria.com.