Privacy Policy — Qiksy

Last updated: 15 July 2026

In one line: Qiksy is a manual-QA assistant that runs entirely on your own machine. It has no servers, no telemetry, and no analytics. It never sells or shares your data. Everything it captures stays in your browser's local storage unless you explicitly turn on the optional local agent bridge.

Who we are

Qiksy is a browser extension for manual QA engineers. This policy explains exactly what data the extension handles, why, where it is stored, and when (if ever) it leaves your device. Contact: [email protected].

What Qiksy handles, and why

All processing happens locally in your browser. Qiksy is not the destination of any of this data — there is no Qiksy server.

DataWhyWhere it is storedLeaves your device?
Authentication cookies (including HttpOnly session cookies), localStorage, sessionStorage Only when you use Roles or Multi-login: to save a site login so you can switch between test users, or run several logins side-by-side. Shown to you first with an explicit consent prompt. Your browser's chrome.storage.local (and, for multi-login, in-memory / chrome.storage.session), on this machine only. No.
Website content & network activity — page structure, form fields, console messages, and captured request URLs/statuses/error bodies of the page you are testing To produce QA findings, audits, the session recorder, and reports. chrome.storage.local on this machine. No, unless you enable the agent bridge (below).
Screenshots of pages you test The session recorder / bug reports. Password and card fields are always masked before capture; you can add your own redaction selectors. chrome.storage.local on this machine. No.
Test data you enter (personas, saved datasets — may include names, emails, etc. you type) To let you re-fill forms with saved test data. chrome.storage.local on this machine. No.

The two optional cases where data can leave your browser

Both are off by default and require an explicit consent prompt:

  1. Local agent bridge (MCP) — if you switch it on and confirm the consent prompt, Qiksy makes a WebSocket connection to a program you run on 127.0.0.1 (your own machine, e.g. a coding agent) and lets it read: your QA findings, detected form structure, the URLs and titles of your open browser tabs (so the agent can pick which one to inspect), request URLs, basic browser/environment details (user-agent, viewport), and captured server response bodies. Query strings are stripped from URLs before sending, so tokens don't leak. It can also ask Qiksy to run its audit, build the exploratory tour, generate its session report (which may include page screenshots), open Qiksy's own panel, or spotlight an element. That program may forward what it reads to its own AI service — that is outside Qiksy and governed by that tool's policy. The bridge is loopback-only and drives only Qiksy's own interface — it cannot fill, click, submit, or navigate the app you are testing.
  2. Broken-link scan — when you run it, Qiksy sends HEAD/GET requests to the links already on the page you are testing, to detect 404s. It transmits no personal data.

Removed integrations

Earlier builds offered an optional Claude API (BYOK) feature and a Jira integration. Both were removed. Qiksy no longer contacts api.anthropic.com, Atlassian, or any other third-party service.

What we never do

Your control

All data is yours and local. Remove any of it at any time: delete a role/persona in the panel, clear the session, use "Clear all", or clear the extension's storage from chrome://extensions. Uninstalling the extension deletes everything it stored.

Changes

If this policy changes materially, the updated date above will change and the notes will describe what changed. Continued use after an update constitutes acceptance.