Short version: APG Auditor stores everything locally on your device.
No personal data is collected, transmitted, or sold. The only optional network
request is a call to the Anthropic API using your own API key, which you
control entirely.
1. What data APG Auditor accesses
To perform an accessibility audit, the extension reads the DOM of the active
browser tab you are currently viewing. This includes HTML structure, ARIA
attributes, and computed styles. This data is processed entirely within your
browser and is never transmitted to any server operated by this extension.
2. What data is stored
The following data is saved to chrome.storage.local on your device only:
Claude API key — if you choose to enter one in Settings. It is stored only in your browser's local extension storage and is never transmitted except directly to the Anthropic API (see section 4).
Audit findings — accessibility findings you log manually during a session.
Preferences — settings such as the auto-scan toggle.
None of this data leaves your device except as described in section 4.
Removing the extension permanently deletes all stored data.
3. What data is NOT collected
No analytics or usage telemetry of any kind
No crash reports or error logging to external services
No browsing history
No personally identifiable information
No data is ever sold or shared with third parties
4. Optional Anthropic API usage
APG Auditor includes an optional AI disambiguation feature that helps identify
ARIA design patterns when the deterministic scorer produces a low-confidence
or ambiguous result. This feature is only active if you supply a Claude API key
in Settings.
When this feature runs, the extension sends the following to the Anthropic API:
A list of candidate ARIA pattern names and their scorer signal results
No page content, no URLs, no personally identifiable information
This request is made directly from your browser to
api.anthropic.com
using your own API key. Anthropic's handling of API request data is governed by
Anthropic's Privacy Policy.
You can disable this feature at any time by removing your API key from Settings.
5. Permissions explained
Access to all websites — required so the extension can scan any page you choose to audit. The extension only reads the active tab you explicitly scan; it does not run in the background on other tabs.
Storage — used to save your settings and findings locally on your device.
Active tab — used to identify and communicate with the tab you are currently auditing.
Scripting — used to inject the accessibility scanner and axe-core into the active tab when you initiate a scan.
Side panel — used to display the auditor interface in Chrome's side panel.
6. Children's privacy
APG Auditor is a developer and accessibility professional tool. It is not directed
at children and does not knowingly collect any information from anyone under 13.
7. Changes to this policy
If this policy changes materially, the effective date above will be updated and
a note will be added to the
release notes.
Continued use of the extension after a change constitutes acceptance of the
updated policy.
8. Contact
Questions or concerns about this policy can be raised by opening an issue on the
GitHub repository.