Trackoon Privacy Policy

What Trackoon Does

Trackoon helps users create developer-ready bug reports. The browser extension records a user-initiated capture of the selected tab and sends the resulting technical context to the Trackoon instance selected by the user or their organization.

A capture can include a tab recording, DOM replay events, console logs, network events, browser and device metadata, page URL, timing information, screenshots or thumbnails, and optional title and description entered by the user.

Single Purpose

Trackoon’s single purpose is to help users report, reproduce, and resolve bugs in web applications by capturing the technical context needed by development teams.

Trackoon does not use captured data for advertising, cross-context tracking, profiling, credit scoring, or unrelated analytics.

Information We Collect

Account and workspace data: when a user connects the extension to a Trackoon account, the extension may store the user ID, email address, display name, tenant, workspace list, active workspace, and a signed session token locally in Chrome storage.

Capture-token data: when a user connects using a capture token instead of an account session, the extension stores the token, workspace context, token preview, and token validation metadata locally in Chrome storage.

Capture data: when the user starts a capture, Trackoon may collect the page URL, host, timestamp, duration, viewport size, device pixel ratio, user agent, capture mode, browser errors, console output, network request and response metadata, selected request or response previews, DOM replay events, screenshots, thumbnails, and video recordings.

Website content: because a capture records the selected page, website text, images, links, audio, video, form content, user interactions, or communications visible or produced during the capture may be included.

Usage context: Trackoon stores a small local list of recent successful captures so the user can reopen the latest reports from the extension popup.

Sensitive Data Handling

Trackoon is not designed to intentionally collect health information, financial information, passwords, or government identifiers. However, if a user records a page that displays such data, that content may become part of the capture.

The extension redacts sensitive network headers such as authorization, cookie, set-cookie, x-api-key, x-auth-token, and proxy-authorization before storing network capture data.

By default, Trackoon uses privacy-focused capture settings. Users can change privacy settings, including whether page text or media should be more visible in captures, when their workflow requires it.

How We Use Information

We use captured data to create bug reports, replay issues, display technical context, upload capture artifacts, and make the report available to the workspace or share link chosen by the user.

We use account, workspace, and token data to authenticate the extension, upload captures to the correct Trackoon workspace, and show relevant capture destinations.

We use operational metadata to provide the service, protect the service from abuse, debug service issues, and maintain security.

Where Data Is Sent

Hosted Trackoon users send capture data to Trackoon’s hosted API, ingest, and storage services.

Self-hosted Trackoon users can configure the extension to use their own API, ingest, and web app URLs. In that case, capture data is sent to the configured self-hosted Trackoon instance. The operator of that instance controls its storage, retention, security, and access policies.

The extension does not upload capture data until the user starts a capture and completes or submits the report.

Sharing and Third Parties

We do not sell user data.

We do not transfer user data to third parties except as needed to provide the Trackoon service, comply with law, protect Trackoon or users, or support a user-directed integration or self-hosted deployment.

Workspace members, administrators, or recipients of a share link may access a capture depending on the workspace settings and visibility selected by the user or organization.

Chrome Web Store Limited Use

Trackoon’s use and transfer of information received from Google APIs and Chrome extension APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements.

User data is used only for the extension’s single purpose: creating, uploading, replaying, and managing developer-ready bug reports.

User data is not used for advertising, unrelated analytics, determining creditworthiness, lending purposes, or sale to third parties.

Remote Code

The Trackoon browser extension runs JavaScript that is packaged with the extension at build time.

The extension does not load external JavaScript files, import remote modules, load external WebAssembly, or execute server-provided JavaScript using eval or similar mechanisms.

Network requests are used for API communication, token validation, session refresh, and capture artifact uploads to the configured Trackoon instance.

Retention and Deletion

Capture retention depends on the Trackoon workspace, plan, and deployment configuration. Workspace owners and administrators may configure retention or delete captures according to their deployment settings.

Users can delete or revoke access to captures where the product UI and their permissions allow it. Organizations using self-hosted Trackoon control deletion and retention within their own infrastructure.

Local extension settings can be cleared by signing out, resetting the extension settings, or removing the extension from Chrome.

Security

Trackoon transmits data using HTTPS for hosted services and expects self-hosted deployments to use HTTPS for production use.

Capture artifacts are uploaded only to upload URLs returned by the configured Trackoon ingest service, and the extension validates that those URLs belong to the configured ingest origin before uploading.

Chrome extension storage is used for local settings and credentials. Users should only connect the extension to Trackoon instances they trust.

Your Choices

You choose when to start and stop a capture.

You can configure the Trackoon instance URL, use an account session or capture token, disable microphone capture by default, and choose whether to enable Deep Capture.

Deep Capture uses Chrome’s debugger capability for fuller technical context. It is off by default and is only attached to the active capture tab when enabled by the user.

Contact

For privacy questions, deletion requests, or security concerns, contact us at support@trackoon.dev.

If your Trackoon instance is self-hosted by your organization, contact your organization’s Trackoon administrator for deployment-specific data access, retention, or deletion requests.