Interceptor v4.8

Privacy Policy

Effective date: March 10, 2026
Product: Interceptor for Chrome DevTools
Developer: Imed Boumaraf

This policy explains what Interceptor processes, what it stores, what it exports only when you ask it to, and what it does not send to the developer. Interceptor is built for authorized HTTP and API inspection inside Chrome DevTools.

1. Plain-language summary

Interceptor runs inside Chrome DevTools. It can pause matching network traffic, let you review request details, optionally edit paused request data, export the current event log, and replay a selected request from the inspected page context. Settings are stored locally in the browser. Intercepted traffic is not intentionally uploaded to the developer.

2. What the extension processes

  • Request metadata such as method, URL, host, path, resource type, timestamps, and status.
  • Request headers and request bodies when Chrome exposes them to the extension.
  • Response headers, response bodies, cookies, and timing details when they are available through the DevTools Protocol.
  • Manual API Tester inputs and replay results that you explicitly trigger.
  • Passive review findings generated from the traffic currently visible in the panel.

3. What is stored locally

  • Preferences such as theme, scope rules, notification preference, cache behavior, and service-worker bypass preference.
  • The current event log for the active DevTools session, if you keep that session data available.
  • Exported log files only when you explicitly choose Export log (JSON).

4. What Interceptor does not do

  • It does not sell personal data.
  • It does not run analytics, ad tech, or usage telemetry.
  • It does not sync captured traffic to a developer-operated cloud service.
  • It does not intentionally transmit intercepted traffic to the developer.

5. Why the extension needs its permissions

debugger

Used to attach to the currently inspected tab through Chrome's debugging transport so Interceptor can observe, pause, continue, fail, and inspect network traffic in DevTools.

storage

Used to keep local preferences such as appearance, scope rules, reliability toggles, and notification settings.

downloads

Used only when you explicitly export the current event log as a JSON file.

<all_urls> host access

Required so the DevTools workflow can inspect traffic from the site you choose to assess. Interceptor also includes scope controls in the UI so you can narrow interception to the current tab and to specific domains when appropriate.

6. Forwarding, dropping, and replay

Interceptor only forwards, drops, or replays traffic when you explicitly use those controls. If you use the API Tester or continue a paused request, the request is sent to the target system you selected. If you enable the option to include the page session, the replay may use credentials that the inspected page is already allowed to send.

7. Sharing and disclosure

Interceptor is not designed to share captured traffic with the developer. The only intended network destinations are the sites and APIs you already visit or explicitly target while testing. Exported JSON logs stay on your device unless you choose to share them yourself.

8. Data retention

Stored settings remain local until you change them, clear extension storage, or uninstall the extension. Captured traffic is session-focused and remains available only while the relevant DevTools session and in-memory event log remain active, unless you choose to export it.

9. User data use statement

Interceptor uses the data it can access only to provide the user-facing DevTools features described in its interface and store listing: scoped interception, inspection, manual replay, local export, and passive API review. It is not designed to use that data for advertising, profiling, resale, or unrelated analytics.

10. Security and user responsibility

Interceptor is intended for white-hat, authorized testing. It starts with Intercept off by default and includes scope controls to help reduce accidental over-capture. You remain responsible for using it lawfully, proportionally, and only on systems you own or are explicitly authorized to assess.

Important: if you process sensitive production traffic, exported files and screenshots may also contain sensitive information. Handle them with the same care you would apply to packet captures, logs, or penetration-test evidence.

11. Contact

Developer: Imed Boumaraf
GitHub: github.com/Imedboumaraf
Public policy URL: imedboumaraf.com/Interceptor/privacy-policy.html

If the extension's behavior changes materially in a later release, this policy should be updated so it stays accurate and current.