Privacy Policy — Qiksy
Last updated: 15 July 2026
Who we are
Qiksy is a browser extension for manual QA engineers. This policy explains exactly what data the extension handles, why, where it is stored, and when (if ever) it leaves your device. Contact: [email protected].
What Qiksy handles, and why
All processing happens locally in your browser. Qiksy is not the destination of any of this data — there is no Qiksy server.
| Data | Why | Where it is stored | Leaves your device? |
|---|---|---|---|
Authentication cookies (including HttpOnly session cookies), localStorage, sessionStorage |
Only when you use Roles or Multi-login: to save a site login so you can switch between test users, or run several logins side-by-side. Shown to you first with an explicit consent prompt. | Your browser's chrome.storage.local (and, for multi-login, in-memory / chrome.storage.session), on this machine only. |
No. |
| Website content & network activity — page structure, form fields, console messages, and captured request URLs/statuses/error bodies of the page you are testing | To produce QA findings, audits, the session recorder, and reports. | chrome.storage.local on this machine. |
No, unless you enable the agent bridge (below). |
| Screenshots of pages you test | The session recorder / bug reports. Password and card fields are always masked before capture; you can add your own redaction selectors. | chrome.storage.local on this machine. |
No. |
| Test data you enter (personas, saved datasets — may include names, emails, etc. you type) | To let you re-fill forms with saved test data. | chrome.storage.local on this machine. |
No. |
The two optional cases where data can leave your browser
Both are off by default and require an explicit consent prompt:
- Local agent bridge (MCP) — if you switch it on and confirm the consent prompt, Qiksy makes a WebSocket connection to a program you run on
127.0.0.1(your own machine, e.g. a coding agent) and lets it read: your QA findings, detected form structure, the URLs and titles of your open browser tabs (so the agent can pick which one to inspect), request URLs, basic browser/environment details (user-agent, viewport), and captured server response bodies. Query strings are stripped from URLs before sending, so tokens don't leak. It can also ask Qiksy to run its audit, build the exploratory tour, generate its session report (which may include page screenshots), open Qiksy's own panel, or spotlight an element. That program may forward what it reads to its own AI service — that is outside Qiksy and governed by that tool's policy. The bridge is loopback-only and drives only Qiksy's own interface — it cannot fill, click, submit, or navigate the app you are testing. - Broken-link scan — when you run it, Qiksy sends
HEAD/GETrequests to the links already on the page you are testing, to detect 404s. It transmits no personal data.
Removed integrations
Earlier builds offered an optional Claude API (BYOK) feature and a Jira integration. Both were removed. Qiksy no longer contacts api.anthropic.com, Atlassian, or any other third-party service.
What we never do
- No telemetry, usage analytics, or tracking of any kind.
- No selling, renting, or sharing of your data with anyone.
- No remote code — all logic ships inside the extension package.
- No use of your data for any purpose other than the single purpose above (helping you test the site you are on).
Your control
All data is yours and local. Remove any of it at any time: delete a role/persona in the panel, clear the session, use "Clear all", or clear the extension's storage from chrome://extensions. Uninstalling the extension deletes everything it stored.
Changes
If this policy changes materially, the updated date above will change and the notes will describe what changed. Continued use after an update constitutes acceptance.