Surelytics.

OneTrust Inspector

Privacy Policy

The extension does not send telemetry, analytics, page data, or consent data to any external server. Settings and diagnostics stay local in your browser.

Effective date: June 20, 2026

This policy explains how the OneTrust Inspector Chrome extension handles data. The extension is a developer/QA tool for debugging OneTrust CMP behavior directly in the browser.

Short version: everything happens locally. No external transmission, no tracking, no third-party processors.

What the extension does

It helps users inspect and debug OneTrust CMP behavior on websites: detect OneTrust state, read OneTrust URL parameters, call supported OneTrust JavaScript APIs, inspect consent-related browser signals, reset OneTrust test state, and enable explicitly allowlisted advanced testing modes (developer build only).

Data the extension may access

  • The current tab URL and hostname.
  • OneTrust-related page globals such as window.OneTrust, window.Optanon, and window.OnetrustActiveGroups.
  • Consent-related JavaScript APIs where present, such as dataLayer, gtag, __tcfapi, and GPP storage keys.
  • Cookies related to OneTrust, Optanon, IAB TCF, IAB GPP, and similar consent values.
  • Consent-related values in localStorage and sessionStorage.
  • Extension settings such as geo presets, allowlisted hostnames, and advanced test-mode preferences.

How data is used

Only to provide local debugging functionality: showing OneTrust state in the popup, generating and applying OneTrust debug URL switches, running user-triggered OneTrust API actions, displaying Consent Mode / TCF / GPP diagnostics, and clearing OneTrust-related cookies or storage when the user explicitly requests a reset.

Data sharing and transmission

The extension does not transmit collected or observed data to external servers. It uses no external analytics, telemetry, advertising, tracking pixels, or third-party processors. Data shown by the extension stays in the local browser session unless the user copies it manually.

Local storage

Preferences are stored locally with chrome.storage.local (allowlisted hostnames, geo presets, advanced settings) and remain on your device until cleared by you, the browser, or the extension's reset controls.

Cookies and website storage

The extension can read and delete OneTrust-related cookies and storage values for debugging, only after an explicit user action (e.g. clicking a reset button). It does not create advertising or tracking cookies.

Advanced testing features

Advanced script-override features are disabled by default, require explicit hostname allowlisting and user confirmation, and ship only in the developer build. Use them only on websites you own or have permission to test.

Remote code

The extension runs only code packaged with it. The Chrome Web Store build does not execute arbitrary remote code or redirect OneTrust scripts to user-supplied remote URLs.

Contact

Questions about this extension or policy: pavel@surelytics.io.

OneTrust Inspector is an independent developer/QA tool and is not affiliated with, endorsed by, or sponsored by OneTrust LLC. “OneTrust” is a trademark of its respective owner.