# knock — Privacy Policy _Last updated: 2026-05-14_ knock is an open-source Chrome DevTools extension that helps frontend developers intercept, inspect, and override `fetch` / `XHR` requests made by the page they have open in their browser. This document describes what data knock touches, where it goes, and what it never does. ## TL;DR knock processes everything **locally on your own device**. It does not transmit, sell, share, or store your data on any remote server. It has no analytics, no telemetry, no tracking, no advertising. There is no account system and nothing to sign in to. ## What knock processes When you actively use knock on a tab, it observes the HTTP traffic of that tab so it can show it to you and (optionally) apply the override rules you configure. Specifically: - **Request and response metadata** — URL, HTTP method, status, headers, timing. - **Request and response bodies** — only for the requests you inspect or the rules you author. - **Rules you create** — URL patterns, header/body predicates, the override bodies/headers/status codes you type into the editor. - **The on/off toggle state** — whether interception is currently enabled. knock does **not** read cookies, browsing history, bookmarks, form-fill data, passwords, or any data outside the active tab's network traffic. ## Where the data lives Everything stays on your local machine: - **In-memory** — captured requests are held in the DevTools panel's memory for the lifetime of that panel. Closing the panel discards them. - **`chrome.storage.local`** — only two things are persisted: (1) the rule sets you save, and (2) the global on/off toggle state. Both live in your browser profile on your device and are not synced to any server by knock. knock has no backend. There is no server to send data to. ## What knock does NOT do - ❌ Send your data to knock's authors, any analytics service, or any third party. - ❌ Use the data for advertising, profiling, or any purpose unrelated to the extension's stated function. - ❌ Sell or transfer your data to anyone. - ❌ Load or execute remote code. The extension ships with only the JavaScript that was reviewed and approved by the Chrome Web Store at install time. ## Permissions, in plain English - **`storage`** — to persist your rule sets and the on/off toggle between browser sessions. - **Host permission for ``** — because the page you want to debug could be on any URL. knock only actively intercepts on tabs where you have opened its DevTools panel or interacted with its toolbar popup. It never auto-collects data in the background from sites you are not actively debugging. ## Open source The full source code is available at https://github.com/racgoo/knock — every claim in this policy can be verified against the code. ## Contact Questions or concerns: open an issue at https://github.com/racgoo/knock/issues.