Privacy Policy — Momen GraphQL Debugger

Last updated: 3 June 2026

This policy applies to the Chrome DevTools extension “Momen GraphQL Debugger” (the “Extension”), published by Momen. The Extension is a developer tool for inspecting GraphQL network traffic, GraphQL subscriptions, and console/runtime logs on Momen preview and mirror pages. It is intended for developers debugging their own applications.

Data the Extension accesses

The Extension reads the following data, only on the supported Momen preview/mirror hosts and on local development hosts (localhost, 127.0.0.1, [::1]):

• GraphQL network traffic — request operations, variables, headers, and response bodies for GraphQL calls made by the inspected page.
• GraphQL subscription frames — WebSocket and Server-Sent-Event messages for GraphQL subscriptions.
• Console and runtime logs — log messages emitted by the inspected preview frame, including runtime host configuration messages.
• A screenshot of the current tab — captured only at the moment you press the “Analyze” button, to give the AI analysis visual context.

How the data is used

• Local inspection (default): Captured traffic, frames, and logs are displayed in the DevTools panel on your machine. This data is held in memory for the lifetime of the panel and is not transmitted anywhere.
• AI analysis (only when you click “Analyze”): When you explicitly press the “Analyze” button, the captured payload (recent requests, subscriptions, logs, runtime config) together with a single screenshot of the active tab is sent to the Momen backend GraphQL endpoint (https://momen.app/api/graphql, or https://canary.momen.app/api/graphql on canary). The backend forwards this content to Google’s Gemini model to generate a debugging analysis, which is returned to the panel. No analysis request is made unless you press the button.

Sensitive value redaction

Before display, header and configuration fields whose names contain authorization, auth, token, cookie, password, secret, or session are redacted in the panel.

Data sharing and retention

• We do not sell your data.
• We do not use the data for advertising or any purpose unrelated to the Extension’s single purpose (debugging GraphQL traffic).
• Captured data is not stored by the Extension beyond the lifetime of the open DevTools panel.
• Data sent during “Analyze” is processed transiently by the Momen backend and Google Gemini to produce a response, and the Gemini portion is subject to Google’s Privacy Policy.

Permissions

• activeTab / tabs — identify the inspected tab and capture a screenshot for AI analysis.
• scripting — inject the page hook that observes GraphQL traffic.
• sidePanel — present the debugger UI.
• Host permissions — limited to mirror.momen.app, mirror-canary.momen.app, preview.momen.app, preview-canary.momen.app, and local development hosts.

Contact

For questions about this policy, contact: support@momen.app.