Get in touch
two black lines

500 Designs - Feedback — Privacy Policy

Effective date: May 23, 2026

This Privacy Policy applies to the Google Chrome browser extension 500 Designs - Feedback (the "Extension"), published by 500 Designs. The Extension lets a user submit visual feedback (pins, annotations and screenshots) about a website and deliver that feedback to a self-hosted WordPress server that the same user configures during onboarding.

1. Who controls the data

The Extension is a client-side tool. It does not send data to 500 Designs, to Google, to any analytics provider, or to any third party. All feedback the user submits is delivered exclusively to the WordPress server URL that the user typed into the onboarding form. The administrator of that server is the controller of any data stored there. 500 Designs is not the controller of feedback content; we only publish the Extension.

2. What the Extension processes

The Extension processes the following data, only locally inside the user's browser and only with the user's active participation:

  • Onboarding data: the server URL, the project API key, and the reporter name and email entered by the user. Stored in chrome.storage.sync.
  • Project metadata returned by the user's server: the list of domains the project allows, project status and deadline. Stored in chrome.storage.local as a short-lived cache so the sidebar can decide where to mount.
  • Feedback content (only when the user explicitly clicks "Send"): the URL of the active tab, a screenshot of the visible viewport or of the full page, the CSS selector of the element the user clicked on, the user's annotations and free-text comment, the breakpoint (desktop / tablet / mobile), and — when the in-page console probe has been enabled by the user — recent browser console logs and failed network requests captured on that same page.
  • Local drafts: if the user starts composing a feedback report and closes the sidebar, the draft is stored locally (IndexedDB) so it can be recovered. Drafts never leave the user's browser until the user clicks "Send".

3. What we do NOT collect

  • No analytics, telemetry, advertising identifiers, fingerprinting or behavioral tracking.
  • No browsing history beyond the single URL of the page the user is reporting feedback on.
  • No data from tabs the user is not actively reporting feedback on.
  • No health, financial, payments, location (GPS / IP geolocation) or personal-communication data.
  • No data is sold or transferred to third parties.
  • No data is used or transferred for purposes unrelated to the Extension's single purpose.
  • No data is used or transferred to determine creditworthiness or for lending purposes.

4. Permissions used by the Extension

  • storage — persists onboarding values and caches project metadata locally.
  • activeTab / tabs / scripting — injects the feedback sidebar into the tab the user has open and captures a screenshot of that tab when the user requests one.
  • offscreen — creates a temporary offscreen document to stitch tiled screenshots into a single full-page image.
  • alarms — schedules a 15-minute periodic refresh of the project metadata (allowed domains, status) so the sidebar stays accurate.
  • Optional host permission (<all_urls>) — requested at onboarding so the Extension can talk to the server the user configured and capture pages on the sites where the user wants to leave feedback. Granted by the user, revocable at any time from chrome://extensions.

5. Where the data goes

Outbound network traffic from the Extension is restricted to the WordPress server URL the user typed during onboarding. The Extension authenticates with that server using a project API key the user obtained from their own WordPress administration panel, sent as the HTTP header X-VFB-Project-Key. Communication uses HTTPS exclusively (the onboarding form rejects non-HTTPS URLs).

6. Retention

  • In the browser: local data (config, cached project, drafts) persists until the user clicks "Disconnect" in the popup or uninstalls the Extension. Either action wipes the corresponding storage entries.
  • On the receiving server: retention is governed by the WordPress server that receives the feedback, which is controlled by the user / their administrator. 500 Designs does not have access to that data.

7. User rights

  • The user may disconnect or uninstall the Extension at any time to delete all locally stored data.
  • To delete or export feedback stored on the receiving WordPress server, the user should contact the administrator of that server.
  • Users in jurisdictions that grant additional rights over personal data (such as the GDPR or the CCPA) can exercise those rights against the server administrator who controls the receiving WordPress site.

8. Children

The Extension is a developer / QA tool intended for professional use and is not directed at children under 13.

9. Changes to this policy

If we change this policy we will update the "Effective date" above and, when changes are material, publish a note in the Chrome Web Store listing.

10. Contact

Questions about this policy can be sent to [email protected].

500 Designs Logo Black
menu close dark
Get in touch