Privacy Policy — Salesforce Manager Chrome Extension

Overview

Salesforce Manager is a Chrome extension that helps Salesforce administrators browse and compare Permission Set object permissions directly from their browser. This policy explains what data the extension accesses, how it is used, and what is stored — in plain language.

      Short version: All data stays in your browser. Nothing is sent to any
      server other than your own Salesforce org. No analytics. No tracking. No accounts.
    

Data Accessed

The extension accesses the following data solely to operate its features:

Salesforce session cookie (sid): Read from your active browser session to authenticate REST API calls to your Salesforce org. The cookie value is never logged, stored persistently, or transmitted anywhere other than back to your own Salesforce org.
Active tab URL: Read once when you click the extension icon, to identify your Salesforce org domain. No browsing history is accessed.
Salesforce metadata (read-only): Permission Set names and object permission records are fetched from your org via the Salesforce REST API. This data is displayed in the extension UI and is never stored or transmitted elsewhere.

Data Storage

The org URL and session information are stored in chrome.storage.session — this is in-memory storage that is automatically cleared when you close the browser or the extension tab. It is never written to disk or synced.
No data is stored in localStorage, cookies set by the extension, or any external database.
No data persists after the browser session ends.

Data Sharing

The extension does not share, sell, transmit, or disclose any data to any third party. All API calls are made directly from your browser to your Salesforce org. No intermediate server is involved.

Permissions Justification

cookies: Required to read the active Salesforce session token (sid) so the extension can make authenticated API calls to your org without requiring a separate login.
storage: Used to temporarily hold the org URL in chrome.storage.session within the current browser session only.
tabs: Required to read the URL of the active tab to identify which Salesforce org you are working in.
Host permissions (*.salesforce.com, *.force.com, etc.): Required to make REST API calls to your Salesforce org from the extension background service worker.

External Resources

The extension loads the Salesforce Lightning Design System (SLDS) CSS from the jsDelivr CDN (cdn.jsdelivr.net) for styling. This is a public, open-source stylesheet. No personal data is included in this request.

Children's Privacy

This extension is intended for Salesforce administrators and does not knowingly collect any information from children under 13.

Changes to This Policy

If this policy is updated, the revised version will be published at this URL with an updated effective date. Continued use of the extension after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this privacy policy, please contact via the Chrome Web Store support page.

Effective date: April 3, 2026