Privacy Policy — WebFlag

WebFlag is a Chrome extension that helps QA testers capture web bugs — screenshots, page environment details, and element information — and save them locally or send them to ClickUp.

What data WebFlag handles

When you capture a bug, WebFlag processes the following on your device only:

Processed locally

Screenshots of the currently visible browser tab.
Selected text from the page (when you use text capture).
Element information — the CSS selector, tag, attributes, and visible text of an element you pick.
Page environment — browser name/version, operating system, viewport and screen size, device pixel ratio, user agent string, and the page's URL and title.
Notes you type.

Where your data goes

Local storage: Captures are stored in your browser's local extension storage (chrome.storage.local). They never leave your device unless you choose to send them.
ClickUp (only when you choose): If you click "Send to ClickUp," the capture is sent directly from your browser to the ClickUp API (https://api.clickup.com) using your own ClickUp Personal API token, which you provide in settings. The data goes only to your own ClickUp workspace. WebFlag is not involved as an intermediary and never receives a copy. ClickUp's handling of that data is governed by ClickUp's Privacy Policy.

Data we do NOT collect

We do not collect, transmit to ourselves, sell, or share any user data. WebFlag contains no analytics, no tracking, and no third-party code. We do not use your data for advertising, creditworthiness, lending, or any purpose unrelated to capturing and reporting bugs.

Your control over your data

Captures stay on your device until you delete them or send them to ClickUp.
A capture sent to ClickUp is removed from local storage after a successful send.
Uninstalling the extension removes all locally stored data.
Your ClickUp API token is stored locally and is used only to authenticate your requests to ClickUp.

Permissions

WebFlag requests broad host access (<all_urls>) solely so its capture tools and screenshot feature can work on any page you test. It accesses https://api.clickup.com only to send the captures you explicitly choose to send.

Changes to this policy

We may update this policy. Material changes will be reflected by the "Last updated" date above.

Contact

For questions about this privacy policy, contact: Contact@ayushpaul.dev