Kirro Chrome Extension privacy policy
Last updated: February 26, 2026
What this extension does
The Kirro Chrome Extension is an A/B test editor. It lets you visually edit website elements (text, images, styles, layout) as part of creating test versions from the Kirro dashboard.
When the extension activates
Only when you launch it from the Kirro dashboard by clicking “Open in extension” on a test’s editor page. It doesn’t run, collect data, or change pages at any other time.
Data collection
We don’t collect, store, or send any personal data, browsing history, or page content.
- No browsing data. The extension doesn’t track which sites you visit or what you do on them.
- No personal info. It doesn’t access your name, email, accounts, or passwords.
- No page content. It doesn’t read, copy, or send the content of any page.
- No cookies or tracking. No tracking pixels, no browser fingerprinting.
- No third-party analytics. No Google Analytics, Mixpanel, Sentry, or anything like that.
What data is sent
When you use the editor, two things are sent only to Kirro’s servers (app.kirro.io):
- Your test changes (CSS selectors and visual edits you make) so they can be applied during A/B tests.
- Replacement images if you swap an image while editing.
Everything goes over HTTPS, authenticated with a short-lived token from your Kirro session.
Data storage
- Editor session token is stored temporarily in Chrome’s session storage while the editor is open. It expires after 24 hours and is cleared when you close Chrome.
- No persistent storage. The extension doesn’t use local storage, cookies, or any other lasting storage.
Permissions explained
| Permission | Why it’s needed |
|---|---|
activeTab | To interact with the page you’re editing (highlight elements, preview changes) |
sidePanel | To show the editing controls in Chrome’s side panel |
scripting | To inject the element selection script into the page being edited |
storage | To temporarily store the editor session token while editing |
<all_urls> | To edit any customer website (A/B tests can run on any domain) |
The <all_urls> permission is needed because Kirro customers can run tests on any website they own. The content script is idle on all pages and only activates when you start the editor from the dashboard.
Third-party services
The extension talks only to Kirro’s servers (app.kirro.io). It doesn’t communicate with any other service.
Children’s privacy
This extension isn’t directed at children under 13 and doesn’t knowingly collect information from children.
Changes to this policy
We may update this policy from time to time. Changes will be posted here with an updated date.
Contact
Questions? Reach us at support@kirro.io or visit app.kirro.io.