FrontCap Privacy Policy

FrontCap is a local-first Chrome™ extension for capturing front-end UI elements and exporting them as Markdown. This policy explains exactly what stays on your device and the narrow cases where data touches the network. We keep it honest: FrontCap is not "completely offline", because sign-in and subscription checks require a network connection.

Everything you capture is processed and stored locally. The extension does not upload any of it:

• DOM snapshots and excerpts
• Computed CSS, pseudo-elements, and visual features
• Source-location hints
• Element screenshots (opt-in per capture, off by default)
• Your annotations and notes

Captures live in the browser's local extension storage and, for screenshots, in your Downloads folder. You can delete them at any time from the side panel or your file system.

FrontCap is a paid extension, so a few narrow account and billing flows require the network:

• Google sign-in: You sign in with a Google account. FrontCap uses the openid, email, and profile scopes: we receive your Google account identifier (sub), email address, and, when available, your Google first name and last name for account identity, entitlement checks, support, and subscription-related contact. Your Google profile picture may be used only to display the account UI. Your email is never the identity key.
• Subscription & license checks: The extension contacts frontcap.net to verify your trial or subscription status and to receive a signed license. No captured page content is ever sent.
• Landing session and entitlement refresh: On frontcap.net, a short-lived, HttpOnly, Secure, SameSite=Lax __session cookie contains only your signed Google account identifier plus issue and expiry timestamps, so pricing and success pages can recognize the checkout account. After checkout or subscription-management changes, the website may send the installed extension a fixed entitlement refresh request; that message is not authorization and contains no captured content.

Payments are processed by Paddle, our Merchant of Record. FrontCap never sees or stores your card number or other payment details. Paddle's handling of payment data is governed by Paddle's own privacy policy.

Because you may capture real, logged-in pages, FrontCap sanitizes captures before they are stored: it strips likely secrets — tokens, emails, phone numbers, and passwords — from element attributes, and redacts matching PII patterns found in visible text. We do not deliberately collect this data.

• activeTab / scripting — to inject the capture overlay into the current tab only after you turn it on.
• identity / oauth2 — for Google sign-in and account display. OAuth consent is shown by Google when you sign in.
• downloads — to save element screenshots to your Downloads folder. We read only the download item we just created to get its path; we never read your download history.
• storage — to keep your captures, settings, cached license, and account display state locally.
• sidePanel / contextMenus — for the main UI and entry points.
• Optional access to localhost — requested only when you capture a local dev server.

The manifest also allows only https://frontcap.net to send the extension an entitlement-refresh message. We do not request broad host permissions, read your clipboard, or browse your tabs in the background. The overlay is injected only after you explicitly start capture on the active tab.

• No advertising, no third-party trackers, no analytics on your captured content.
• We do not sell your data or share captured content.
• We do not automatically harvest pages or traverse your browsing history.

Captures stay on your device until you delete them. On the server we retain the account record tied to your Google identifier (including email, first name, and last name when available), one-time sign-in/checkout ticket records, and billing, subscription, and event records needed for entitlement, support, Paddle reconciliation, account contact, and applicable legal obligations. To request deletion of your account data, contact us at support.

Questions about this policy? Email support@frontcap.net.