Privacy Policy
Published by developer.living · Last updated: 2026-07-17
FSD Guard is a browser extension that checks Feature-Sliced Design import rules in GitHub and GitLab Pull/Merge Requests and repositories. This policy explains what the extension accesses and what it does not do.
Summary
FSD Guard does not collect, store on our servers, sell, or transmit your data to any third party. All analysis happens locally in your browser. The extension has no backend, no analytics, and no tracking.
What the extension accesses
- Pull / Merge Request diffs. On a GitHub Pull Request or GitLab Merge Request page, the extension requests that PR/MR's unified diff from the same host using your existing session (GitHub
/{owner}/{repo}/pull/{n}.diff, GitLab/{project}/-/merge_requests/{n}.diff), and analyzes the import statements it contains. - Repository archives. When you explicitly start a full-repository scan, the extension downloads the repository
.tar.gzarchive from the host, decompresses it in your browser, and analyzes the source files. - The rendered diff DOM. As a fallback, the extension may read the diff already displayed on the page to locate violating lines.
All of this data is fetched directly from the host you are viewing — GitHub (github.com, *.githubusercontent.com, codeload.github.com), GitLab (gitlab.com), or a self-hosted GitLab host you have explicitly added in settings — the same hosts you are already signed in to. It is processed only in memory, on your device, and is never sent anywhere else.
What is stored
The extension stores only your preferences using the browser's extension storage (chrome.storage):
- selected language, enabled rules, FSD root, path aliases, custom layer definitions, and any self-hosted GitLab hosts you add;
- the on-page panel's position and height.
This data stays in your browser (and, for synced settings, in your own Google/Chrome account sync). It is not readable by us.
What is NOT done
- No personal data is collected.
- No data is sent to the extension's author or any third party.
- No analytics, telemetry, advertising, or fingerprinting.
- No remote code is loaded or executed.
Permissions
storage— to save your settings and panel layout locally.- Host access to
github.com,*.githubusercontent.com,codeload.github.com,gitlab.com— to run on GitHub/GitLab pages and to download the PR/MR diff and repository archive via your session, so imports can be analyzed. scriptingand optional access to a self-hosted GitLab host — only a host you explicitly add in settings is requested (at that moment), so the extension can run on your own GitLab. No broad access is taken by default.
These permissions are used solely to provide the extension's functionality.
Contact
Questions about this policy: developer.living — dimabelenov@gmail.com