Privacy Policy — Reporter (Azure)

Last updated: 2026-06-01

In short: Reporter (Azure) is a browser extension that captures page elements and submits them as work items (Bug / User Story / Issue) to your own Azure DevOps project. All configuration is stored locally on your device. The extension communicates only with the Azure DevOps endpoint you configure. No analytics, no tracking, no third-party services.

What data does the extension store?

The extension stores the following in your browser's local extension storage (chrome.storage.local), accessible only to this extension:

Your Azure DevOps organization name, project name, and Personal Access Token (PAT)
Your assignee email and area path (optional)
Your base URL pattern for auto-scan (optional)
Your language preference (en, cs, de, es, fr, pl, or pt-BR)
Your auto-scan on/off toggle state
Cached scan results for ~5 minutes (work item titles, IDs, states, tags, comments count)
Your authenticated user info from Azure DevOps (display name, email, ID — cached 24 h)
The most recent picked element data (until the report is submitted or cancelled)

This data never leaves your device except as described below.

What data does the extension send, and where?

The extension communicates only with Azure DevOps at the host dev.azure.com. Specifically:

Creating work items: when you submit a bug/story/issue, the extension sends the title, description, type, severity, tags, and the screenshot (if you enabled it) to https://dev.azure.com/<your-org>/<your-project>/_apis/wit/workitems/…
Reading work items: when scanning for existing reports, the extension queries /_apis/wit/wiql and fetches work item details
Reading comments and attachments: when you open the detail view, the extension fetches /_apis/wit/workItems/{id}/comments and /_apis/wit/workitems/{id}?$expand=relations
Adding comments and screenshots: when you submit, the extension POSTs to the relevant work item endpoints
Identifying you: the extension fetches /_apis/connectionData once to identify your Azure DevOps account (used for the "Only my reports" filter)

All requests use HTTPS and your Personal Access Token (PAT) for authentication.

The extension also loads fonts (Inter, JetBrains Mono) from Google Fonts (fonts.googleapis.com, fonts.gstatic.com) — purely visual, no personal data is sent.

What data does the extension not collect?

No analytics
No usage tracking
No crash reporting
No third-party services other than Azure DevOps and Google Fonts
No data is sent to the extension developer
No data is sold or shared

Page content access

The extension's content script runs on all pages you visit (configured via <all_urls> in the manifest). It uses this access to:

Show a picker overlay when you click "Add report" in the popup
Highlight existing reports on pages matching your configured URL pattern (only if you enable "Show reports on the web")
Render the in-page detail modal when you click a marker

The extension does not read page content otherwise, does not send page content anywhere except (a) the screenshot you explicitly attach to a report, and (b) the CSS selector + short HTML signature of the element you pick (text content between tags is replaced with * for internationalization safety).

Screenshots

When you submit a report with the screenshot toggle enabled, the extension captures the currently visible portion of the active tab using Chrome's tabs.captureVisibleTab API and uploads it as an attachment to your Azure DevOps work item. The screenshot is processed entirely locally and is only uploaded to your configured Azure DevOps project.

Local-only storage

Your PAT is stored in chrome.storage.local in plain text. This storage is sandboxed per extension — other extensions cannot access it. However, anyone with access to your operating system user account (including malware or someone using your unlocked computer) could read this storage.

We recommend:

Using a PAT with minimum necessary scope (Work Items: Read, Write & Manage)
Setting a short expiration (30–90 days)
Rotating the PAT periodically
Locking your computer when away

Data retention

The extension retains your data as long as you have the extension installed and configured. If you:

Uninstall the extension → all stored data is deleted
Clear the extension's storage manually → all stored data is deleted
Open Settings and clear/change values → the previous values are overwritten

The extension does not retain any data outside your browser.

Third-party recipients

Azure DevOps (dev.azure.com) — your work item data, as configured by you
Google Fonts (fonts.googleapis.com, fonts.gstatic.com) — purely typographic, no personal data

That's it.

Changes to this policy

If we change how the extension handles data, we will update this policy and bump the version of the extension. The "Last updated" date at the top reflects the most recent change.

Contact

For questions about this privacy policy or the extension, contact: drahomirhajek@gmail.com