VibeHeader — Privacy Policy

Effective date: August 31, 2025 · Website: www.vibeheader.com · Contact: hello@vibeheader.com

1) Scope

This Privacy Policy applies to the VibeHeader Chrome extension (“Extension”). It does not cover our marketing website; if needed, we will publish a separate website privacy notice.

2) Summary

We do not collect, transmit, or sell personal data.
No ads. No analytics. No third-party trackers.
Header configurations are stored locally in your browser and remain under your control.

3) Information we process

We do not operate any backend for the Extension and do not receive data from your device. The only information the Extension handles is:

Header configurations you create or import (e.g., key–value pairs such as Accept-Language, User-Agent, custom X- headers).
Minimal UI preferences (e.g., last settings state), stored locally.

If you include personal or sensitive information inside your own header values, that content remains on your device and is not transmitted by us. We recommend not placing secrets (e.g., tokens) in shareable configurations.

4) Share links (how they work)

The configuration is encoded in the URL fragment (the part after #) and is parsed locally by the Extension.
The fragment is not sent to our servers when the page loads.
If you share a link with someone or via a third-party service (e.g., chat, email), those recipients/services will see the link. Links you publish publicly may be indexed or forwarded by others.

5) Storage & retention

Configurations and preferences are saved in chrome.storage.local on your device.
Data persists until you delete it (via the Extension’s reset option, removing the Extension, or clearing Chrome’s extension data).

6) Permissions we use (why)

declarativeNetRequest / declarativeNetRequestWithHostAccess — add/modify/remove HTTP request headers according to your active configuration.
storage — save your configurations and UI preferences locally.

activeTab (if present) — support one-click apply on the current tab.
Host permissions — requested at install so you can apply headers without repeated prompts. We do not read page content; we only modify network headers.

A small content script runs only on pages at https://www.vibeheader.com/s* to parse share-link fragments and trigger the local preview/apply flow. We do not inject scripts into third-party sites.

7) No third-party sharing or selling

We do not share, sell, or rent data to third parties. We do not use data for advertising or for purposes unrelated to the Extension’s core functionality.

8) Security

VibeHeader follows a local-first design and a minimal-permissions approach. All code runs from the packaged extension; we do not load or execute remote code (no external scripts, no dynamic imports, no remote Wasm). Still, no software is perfect—please contact us if you discover a security issue.

9) Your choices & control

Edit or remove your configurations at any time inside the Extension.
Reset or uninstall the Extension to delete local data.
Revoke site access at any time using Chrome’s extension “Site access” controls.

10) Children’s privacy

The Extension is intended for professional/technical users and is not directed to children under 13. We do not knowingly collect information from children.

11) Changes to this Policy

If we introduce new features that require cloud services (e.g., optional sync or team features), we will update this Policy, request any additional permissions, and obtain your opt-in before enabling them. We may update this Policy from time to time; the “Effective date” indicates the latest version.

12) Contact

Questions or requests? Email hello@vibeheader.com.