What CSSpeek accesses — and what it doesn't.
Privacy matters. Here is every Chrome permission CSSpeek requests and the reason behind it — in plain English, with no dark patterns.
activeTab
Lets CSSpeek read the CSS of the tab you're currently viewing — but only after you click the extension icon on that tab. No background access, no access to tabs you haven't activated.
scripting
Required to inject the small script that reads computed styles and draws the box-model overlay. Runs only on tabs you activate, never in the background.
storage
Stores your local preferences (panel position, keyboard shortcut, display units). Kept on your device. Never synced, never transmitted, never shared.
What CSSpeek does NOT do
- Read your browsing history
- Capture form input, passwords, or cookies
- Transmit page content to any server
- Run in the background when you're not using it
- Inject trackers or analytics into pages you visit
- Share data with third parties (there is no data to share)
Our security posture
CSSpeek follows the principle of least privilege. We've intentionally designed the extension to need the smallest possible permission set — activeTab plus scripting, scoped to user-initiated clicks only. If you can think of a way to make it smaller, email us: that's a feature request we want to hear.
Permissions: frequently asked questions
- Is CSSpeek built under Manifest V3?
- Yes. CSSpeek is a Manifest V3 extension, which means it uses service workers (no long-running background pages), has a tightly scoped permission model, and is subject to Chrome's stricter review process.
- Does CSSpeek ever run when I'm not actively using it?
- No. CSSpeek only executes when you click its icon on a specific tab (activeTab). It doesn't monitor your browsing, doesn't wake up on timers, and doesn't run background jobs.
- Does CSSpeek send anything to external servers?
- No. The extension does not make network requests to any CSSpeek-owned servers. It reads your page's CSS locally and displays it locally.
- Will CSSpeek ever ask for host permissions on specific domains?
- No. CSSpeek uses activeTab, which means it operates under a user-gesture model — Chrome grants access only when you click the extension icon. No persistent host permissions needed.
- Can I verify CSSpeek's behavior myself?
- You can inspect any Chrome extension's manifest and source from chrome://extensions by enabling developer mode. CSSpeek's source is available for inspection.
- What happens to my data when I uninstall?
- All local storage is deleted along with the extension. There's nothing to 'delete from our servers' because nothing was ever on them.