Statable Debugger Privacy Policy

Last updated: July 14, 2026

This privacy policy explains how the Statable Debugger browser extension ("the extension") handles information. Statable Debugger is a developer tool published by Key Arg B.V. We are committed to the same privacy-first approach as our analytics service: all processing described below happens locally in your browser, the extension makes no network requests of its own, and the information it reads never leaves your device.

1. Who We Are

Statable Debugger is developed and published by Key Arg B.V., a company registered in the Netherlands. Key Arg B.V. is the controller responsible for the extension, and this policy is governed by the laws of the Netherlands. You can contact us at [email protected]. Full company contact details are available in our main Privacy Policy.

2. Single Purpose

Statable Debugger has one purpose: it is a developer tool that checks whether the Statable analytics script is correctly installed on the page you are viewing, shows its configuration and warnings, and displays a live log of the analytics events that page sends. Documentation is available at https://statable.com/docs/debugger/.

3. Scope Of This Policy

This policy covers the Statable Debugger extension only. The Statable analytics service itself — the script that website owners install on their sites and the visitor data it processes — is covered by our main Privacy Policy. If you use both the extension and the service, please read both policies.

4. Information The Extension Reads

The extension's content script runs automatically on the http and https pages you visit. This is what allows it to detect the Statable script and observe analytics events as they happen. Everything it reads is processed locally on your device, and the results are shown only when you open the extension popup. Because the extension observes pages you browse and the analytics requests they send, our Chrome Web Store privacy disclosure declares "Web history" and "User activity"; this section describes exactly what that means in practice.

On each page, the extension reads:

  • Statable script tags only: it looks for script elements whose src matches Statable's script URLs and reads their attributes (src, data-id, data-hash, data-tracking-api, data-before-send and data-statable-* attributes) — no other part of the page is read;
  • environment signals relevant to analytics: the page hostname, browser automation flags (navigator.webdriver and the presence of window.Cypress), and your Global Privacy Control and Do Not Track settings;
  • one localStorage key of the page, 'analytics_ignore', which is read-only — the extension never writes to a site's storage;
  • tracker presence, as a simple yes/no check for whether window.__statableTrackerLoaded and window.statable exist on the page; and
  • outgoing analytics events: when a page loads, the content script wraps the page's window.fetch function. It inspects only plain-string JSON request bodies and treats a request as a Statable event only if its URL contains '/api/event' or its payload matches the Statable event shape (a numeric v, string n and numeric i field). The original request always proceeds unchanged, and requests sent via XMLHttpRequest or sendBeacon are not intercepted.

When you open the popup, the extension additionally reads the id and URL of the active tab; the URL is used only to check whether the page is an http or https page.

5. How Each Type Of Information Is Used

Each type of information serves exactly one feature, and nothing else:

  • Statable script tag attributes power the detection result and the configuration card, and are checked for misconfigurations to generate warnings;
  • environment signals and the 'analytics_ignore' key are used only to generate warnings that explain why tracking may be inactive on the page;
  • the tracker presence check feeds the installation status shown in the popup;
  • intercepted analytics events populate the live event log; and
  • the active tab's id and URL are used to show you the results for the tab you are looking at and to confirm the page is an http or https page.

We do not use any of this information for any other purpose.

6. Information We Do Not Collect

The extension does not read or collect:

  • cookies;
  • form contents or keystrokes;
  • page text, headings or any other page content beyond the Statable script tags described above;
  • any log or list of the pages you visit — the extension never builds or retains a browsing history, and only reads the current page's hostname in the moment, as described in section 4; and
  • login credentials, passwords or payment information.

7. Sharing And Disclosure

The extension transmits nothing. It makes no network requests of its own: there is no telemetry, no crash reporting, no usage analytics, no accounts and no cookies. The information described in this policy never leaves your browser. As a result:

  • we do not sell user data;
  • we do not transfer user data to third parties;
  • we do not use or transfer user data for advertising of any kind, including personalized or interest-based advertising;
  • we do not use or transfer user data to determine creditworthiness or for lending purposes; and
  • no human — at Key Arg B.V. or anywhere else — can access the data, because it is never transmitted anywhere.

The only outbound path is one you take yourself: clicking the "Open dashboard" link in the popup opens the corresponding site dashboard at https://statable.com/site/<siteId> in a normal browser tab. Your use of the Statable website is governed by our main Privacy Policy.

8. Limited Use

Statable Debugger's use of information received from browser APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. The information is used only to provide the single, user-facing purpose described in this policy; it is not transferred, sold or used for advertising, and no humans read it.

9. Data Retention

Nothing is persisted. The extension does not write any data to disk or to any form of persistent browser storage. All state is held in memory inside the extension's background service worker, separately for each tab, as one detection result plus a list of at most 100 events per tab (the oldest events are dropped first); the popup displays the most recent 50. This in-memory state is erased:

  • when you navigate the tab to a new page;
  • when you close the tab;
  • when the service worker goes idle (Chrome shuts it down after roughly 30 seconds of inactivity); and
  • when you restart the browser.

10. Data Security

The strongest security measure is architectural: the extension never transmits data over the network, so there is no data in transit to protect. The requirement to encrypt personal data in transit is satisfied trivially, as no transmission occurs at all. All processing takes place inside your browser on your own device, and the information is discarded as described in section 9.

11. Remote Code

The extension does not download or execute remote code. It is built on Manifest V3, and all of its code is bundled into the extension package reviewed by the Chrome Web Store.

12. Changes To This Policy

If we change what the extension reads, how that information is used, or any other data practice described here, we will update this policy, revise the "Last updated" date above, and proactively notify users of material changes through the extension's Chrome Web Store listing before the new practices take effect.

13. Contact Us

If you have questions about this policy or the extension's data practices, contact us at [email protected]. Full company contact details, including our postal address, are available in our main Privacy Policy.