SecLens is a Chrome extension that performs real-time HTTP security header audits on pages you visit. This policy explains exactly what data the extension accesses and what it does with it.
None. SecLens does not collect, store, transmit, or sell any personal data, browsing history, or usage information of any kind.
webRequest API.chrome.storage.local — local browser storage that never syncs to any server.<all_urls> host permission — Required to intercept response headers on every page you visit. SecLens is a universal security auditing tool; restricting it to specific domains would defeat its purpose. Header data is processed locally and immediately discarded after analysis.webRequest — Required to read HTTP response headers before the browser renders the page.storage — Used to pass findings from the background service worker to the popup and DevTools panel, and to detect static nonces across page loads. All data is local.tabs — Used to identify which tab's findings to display in the popup.SecLens makes no network requests of its own. There are no analytics, no crash reporters, no telemetry endpoints, and no CDN-loaded resources.
Findings stored in chrome.storage.local are keyed by tab ID and are overwritten on every page navigation. They persist only until the browser session ends or the extension is removed.
SecLens does not collect data from anyone, including children under 13.
If this policy changes materially, the updated version will be published at this URL and the extension version will be incremented.
Questions? Open an issue on the GitHub repository or contact the developer directly via GitHub.
SecLens is open-source software. You can verify all of the above by reading the source code.