XpertApps Engineer — Chrome Extension Privacy Policy

This privacy policy describes how XpertApps Engineer ("the Extension"), developed by XpertApps (xpertappdev.com), collects, uses, stores, and protects your information.

Effective Date: April 8, 2026

1. What Data We Collect

Data You Provide

The Extension collects the following information that you enter in its settings:

  • ServiceNow instance URL — used to connect the Extension to your ServiceNow instance
  • ServiceNow username & password — used to authenticate API calls to your instance
  • Access key — used to authenticate with the XpertApps backend service
  • Backend URL setting — used to connect to the correct backend server

Data Generated During Use

  • Chat messages — your questions and the AI assistant's responses, stored locally for conversation history
  • Change log entries — records of changes made to your ServiceNow instance through the Extension

Where Data Is Stored

All of the above data is stored locally in your browser only, using chrome.storage.local. No credentials or chat history are persisted on our servers.

2. How Data Is Transmitted

All communication between the Extension and the backend server uses WebSocket Secure (WSS) with TLS encryption. The data path is:

  • Browser → Backend: WSS/TLS encrypted (your credentials travel inside the encrypted tunnel)
  • Backend → ServiceNow: HTTPS/TLS encrypted (REST API calls to your instance)
  • Backend → AI Model: HTTPS/TLS encrypted (prompts sent to the Claude API via AWS Bedrock or Anthropic OAuth)

3. What We Do NOT Do

  • We do not store your ServiceNow credentials on our servers — they exist in memory only during the duration of a request and are discarded immediately after.
  • We do not sell, share, or transfer your data to third parties for advertising or marketing purposes.
  • We do not track your browsing activity outside of ServiceNow pages.
  • We do not inject code into non-ServiceNow websites — the Extension's content script only runs on *.service-now.com and *.servicenow.com domains.
  • We do not use remote code — all Extension code is bundled locally per Chrome Manifest V3 requirements.

4. Browser Permissions

The Extension requests only the minimum permissions required:

  • storage — Save your settings (backend URL, access key, ServiceNow credentials, chat history, change log) locally in Chrome.

The chat panel is injected only on pages matching *.service-now.com and *.servicenow.com, declared as content_scripts.matches in the manifest. We do not request activeTab, tabs, browsing history, bookmarks, downloads, or any other browser data.

5. Third-Party Services

The Extension's backend connects to the following third-party services to function:

  • Anthropic (Claude API) — AI model for generating responses. Your chat prompts and ServiceNow instance context (table schemas, script content) are sent. No credentials are sent to the AI model.
  • AWS Bedrock (optional) — Alternative AI model hosting. Same data as above — prompts and ServiceNow context only.
  • Your ServiceNow Instance — Authenticated REST API calls using your credentials to read and modify records per your requests.

6. Data Retention

  • Browser data: Stored in chrome.storage.local until you uninstall the Extension or clear it manually. You can clear all stored data at any time via Chrome's extension management page.
  • Server-side: Chat session files are stored on the backend server for conversation continuity during your session. No credentials are persisted. Session files may be cleared periodically.
  • Usage metrics: We track aggregate usage metrics per access key (request count, token usage) for billing and capacity planning. No conversation content is stored in usage records.

7. Your Rights

You can:

  • Delete your data at any time by uninstalling the Extension (removes all browser-stored data) or by clearing extension storage via Chrome DevTools.
  • Request account deletion by contacting support@xpertappdev.com — we will delete your access key and any associated usage records.
  • Inspect stored data via Chrome DevTools → Application → Storage → Extension storage.

8. Security

  • All data in transit is encrypted via TLS (WSS for WebSocket, HTTPS for REST).
  • Credentials stored in chrome.storage.local are isolated to the Extension and live inside your Chrome profile. Chrome applies profile-level protections (including OS-level encryption where supported), but this is not extension-specific end-to-end encryption — anyone with access to your unlocked Chrome profile can read the data. Do not install the Extension on a shared profile.
  • The backend server runs on a private AWS EC2 instance with restricted SSH access.
  • ServiceNow credentials are never logged, never written to disk, and exist in memory only for the duration of a request.

9. Children's Privacy

The Extension is not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the Extension after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or your data, please contact us at:

QuoDroid Software Development Private Limited
Email: support@xpertappdev.com
Website: xpertappdev.com