Privacy Policy — Tuxx, Fetch!
Last updated: May 5, 2026
Tuxx, Fetch! ("the extension") is a developer tool that opens the source file of a React component on a local development server in the user's editor. This document describes, in full, what data the extension touches.
TL;DR
- The extension does not collect, store, transmit, sell, or share any personal or usage data.
- The extension does not include any analytics, telemetry, tracking, fingerprinting, or advertising code.
- The extension only runs on
http://localhost/*andhttp://127.0.0.1/*. It is incapable of running on any other origin. - All network requests the extension makes go to the same local dev server the user is already viewing — never to a remote host, never to the author, never to any third party.
What the extension stores
The extension uses chrome.storage.sync (synchronised by Chrome under the user's own Google account) to persist user-configured settings:
| Stored value | Purpose |
|---|---|
| Hostname → repository-path mappings | Lets the extension know which absolute filesystem path corresponds to a given dev-server hostname (e.g. localhost:3000 → /Users/you/code/your-repo) |
| Default modifier key (⌥ / ⌘ / ⌃ / ⇧) | Which key the user must hold to activate click-to-source |
Editor URL scheme (cursor://, vscode://, vscode-insiders://) | Which editor to launch on click |
| Per-mapping overrides (modifier, enabled flag) | Per-project customization |
| "Show design inspector on hover" toggle | Whether the design inspector panel appears on hover |
These values stay inside Chrome's sync storage. They are not transmitted to the author of the extension or to any third party.
What the extension reads from the page
While running on a localhost page, the extension reads:
- DOM elements under the user's cursor (via standard DOM APIs).
- React fiber metadata attached to those elements (
__reactFiber$xxx,_debugSource,_debugStack) — this exists only in development builds. - Computed styles (
getComputedStyle,getBoundingClientRect) for the design-inspector panel.
This data is used only inside the user's own browser tab to figure out which file/line/column to open. It is never serialised, exfiltrated, or persisted.
Network requests the extension makes
When the user clicks a component, the extension may issue HTTP requests to the same local dev server the page is loaded from:
- The JavaScript bundle URL (to read its
sourceMappingURLdirective). - The bundle's source map (
<bundle>.mapor the URL referenced bysourceMappingURL). - Next.js's dev-only stack-frame endpoint (
/__nextjs_original-stack-frames), when running against Next.js.
All three are same-origin requests against localhost / 127.0.0.1. The extension does not — and architecturally cannot — make requests to any remote host.
Editor launch
When a click resolves to a file path, the extension navigates a hidden <iframe> to a URL like cursor://file/<absolute-path>:<line>:<column>. The operating system hands this URL to the user's installed editor. No data is sent over the public internet.
Permissions explained
| Manifest permission | Why it's requested |
|---|---|
storage | To persist the user's hostname → repo mappings and editor preference (see "What the extension stores") |
host_permissions for http://localhost/* and http://127.0.0.1/* | To inject the click-to-source content script into local dev servers and fetch their bundles + source maps |
The extension does not request any of: tabs, cookies, history, webRequest, identity, <all_urls>, or any remote host permission.
Remote code
The extension does not load or execute remotely-hosted code. All JavaScript is bundled with the extension package.
Children
The extension is a developer tool intended for software engineers. It is not directed at children under 13 and does not knowingly collect data from anyone — child or adult.
Contact
Issues, questions, or audit requests: Chrome Web Store support page.
Changes to this policy
If a future version of the extension changes any of the above (e.g. adds an optional sign-in for cloud-synced mappings), this file will be updated and the corresponding release notes on the Chrome Web Store listing will call out the change.