Privacy Policy

Oracle CPQ REST API Tester stores user-configured Oracle CPQ testing data locally in Chrome extension storage. The extension is designed for user-directed CPQ API testing and does not include analytics, advertising, tracking, or third-party telemetry.

Data Stored Locally

• Environment name.

• CPQ site URL.

• REST version.

• Username or auth profile display data.

• Passwords, tokens, or auth profile secrets when the user chooses to save them.

• Synced metadata catalog.

• Saved requests.

• Request history, bounded request/response snapshots, and response baselines.

• Saved collections, flows, captured flows, test suites, assertions, variables, and run history.

• Captured Oracle CPQ REST request metadata and request bodies when the user explicitly starts Capture Flow.

• AI consent state and sanitized AI-generated request or flow artifacts saved by the user.

• UI state.

Data Transmission

The extension sends requests only when the user explicitly syncs metadata, views schema/spec resources, runs a request, runs a flow or suite, performs a connection check, or uses another user-triggered CPQ testing action. Credentials are sent only to the configured CPQ hostname using the selected authentication method.

The extension validates that request hostnames match the active environment hostname before sending credentials.

Network Capture

Capture Flow uses Chrome webRequest listeners only after the user starts capture. It records CPQ REST request details from the active tab so the user can convert browser activity into editable flows or regression suites. Capture can be stopped and cleared from the extension UI.

The extension does not request Chrome debugger permission and does not use Chrome DevTools Protocol response-body capture.

AI Assistance

The AI assistant sanitizes sensitive headers, cookies, credentials, CPQ URLs, and other sensitive-looking values before AI use.

When Chrome's local Prompt API is available, AI assistance can run locally in the browser. If an external AI provider is configured in the future, sanitized context is sent only after explicit user consent.

Third Parties

The extension does not sell, share, or transfer user data to third parties. It does not include analytics, advertising, tracking code, or telemetry.

Data Removal

Users can delete environments, saved requests, flows, captured flows, test suites, run history, variables, and saved credentials from the extension UI where available. Users can also remove all extension data by uninstalling the extension or clearing extension storage in Chrome.

Contact

For support, use the project owner or distribution channel through which this extension was provided.