Data Privacy
Crosscheck's Chrome extension collects developer context alongside your checks to make bug reports actionable. This page explains exactly what data is collected, what is not collected, and how that data is handled.
What the Extension Collects
| Data Type | Description | When Collected |
|---|---|---|
| Console Logs | Messages logged to the browser console (log, warn, error, info) | Continuously while extension is active on the page |
| Network Requests | URLs, HTTP methods, status codes, timing, and response sizes of network requests | Continuously while extension is active on the page |
| DOM Snapshots | Serialized DOM mutations recorded by session recording technology for instant replay | On enabled websites only, for the replay buffer (last 1 to 5 minutes, configurable) |
| Screenshots | Pixel capture of the visible area or the full page | On user action (click capture button) |
| Screen Recordings | Video of the current tab or full screen using the browser's built-in recording capabilities | On user action (start/stop recording) |
| User Action Timeline | Clicks, keypresses, and navigation events with timestamps | Continuously while extension is active on the page |
| Page Metadata | Page URL, page title, timestamp, OS, browser and version, viewport size, pixel ratio, language, network speed, and approximate country | At the time the check is created |
What the Extension Does Not Collect
Crosscheck is designed to avoid capturing sensitive user data:
- Passwords: The extension does not intercept or capture password field values.
- Form data content: The content of form inputs (text fields, dropdowns, etc.) is not captured or transmitted.
- Cookies: Browser cookies are never read, logged, or included in checks.
- Local storage or session storage: The extension does not access or export the page's storage APIs.
- Authentication tokens from the page: Tokens used by the application under test are not extracted from headers or storage.
Data Stays Local Until Shared
All collected data remains in your browser's local memory until you explicitly create a check and upload it. Browsing with the extension active does not automatically send any data to Crosscheck's servers.
The data flow is:
- Extension collects DevTools data in local browser memory.
- You click the capture button to create a screenshot, recording, or replay.
- Only then is the data saved to your Crosscheck workspace.
- If you close the tab or navigate away without capturing, the data is discarded.
Instant Replay Buffer
The instant replay feature uses session recording technology to continuously record DOM mutations in memory. The buffer length is configurable in the extension settings — 1, 2, 3, 4, or 5 minutes — and is automatically recycled as new activity comes in. If you do not capture a replay, the buffered data is discarded automatically.
Data Sent to Third-Party Integrations
When you push a check to Jira or ClickUp from the Create Task dialog, only the fields you fill in on that form are sent to the external service. The full DevTools data, screenshots, recordings, and replay DOM snapshots stay in Crosscheck — the external task receives a link back to the check so the assignee can open it in Crosscheck to see the rest.
For both Jira and ClickUp, the data that leaves Crosscheck is:
- The task title (defaults to the check name, you can edit it).
- The task description, which is pre-filled with a link back to the check in Crosscheck.
- The destination you pick in the form — Jira site + project + issue type, or ClickUp workspace + space + folder + list.
- The assignee you select from the external service.
- For ClickUp only: optional priority, start date, and end date if you set them.