DotEnv Studio — Privacy Policy
DotEnv Studio is built so that your data physically cannot leave your browser.
What we collect
Nothing. There is no server, no account, no telemetry, and no analytics.
What the extension reads
- When you click Audit this page, DotEnv Studio injects a one-shot reader into the active tab and reads the currently visible page text and code blocks. This happens only on your explicit click — there is no background scanning, crawling, or navigation.
- It does not read other tabs, your browsing history, cookies, or login sessions.
Where data is stored
- Settings →
chrome.storage.local(on your device). - Projects & captured provider setups → IndexedDB (in your browser profile).
- Nothing is uploaded anywhere.
Secrets
- DotEnv Studio detects real-looking API keys and credentials and masks them.
- Real secret values are never persisted — the storage layer strips them on write.
- Real secret values are never included in generated
.env.examplefiles, prompts, or exports — every export passes through a redaction step.
Permissions
| Permission | Why |
|---|---|
activeTab | Read the page you’re on, only when you click. |
scripting | Inject the one-shot page reader on click. |
storage | Save your settings locally. |
No host permissions are requested, so the extension cannot run on pages in the background.
Network
DotEnv Studio makes zero network requests. It has no external APIs, CDNs, or remote scripts. The Content Security Policy restricts scripts to the extension itself.
Your control
Settings → Clear all data deletes every project and provider from IndexedDB. Uninstalling the extension removes all local data.