Privacy Policy — Shopify Dev Helper
Last updated: April 6, 2026
Overview
Shopify Dev Helper is a Chrome extension designed for Shopify theme developers. It provides a side panel to inspect and interact with the Shopify AJAX API, the Storefront GraphQL API, and theme utilities on the active browser tab.
This policy explains what data the extension accesses, how it is used, and what is never collected or transmitted.
Data We Do NOT Collect
Shopify Dev Helper does not:
- Collect, store, or transmit any personal data to external servers
- Track your browsing history or activity
- Send any information to the developer or third parties
- Use analytics, advertising SDKs, or crash reporting services
- Access data from tabs other than the one you are actively using
Permissions and What They Are Used For
| Permission | Purpose |
|---|---|
activeTab | Read the URL of the current tab to detect whether it is a Shopify store |
scripting | Inject fetch requests into the active tab to bypass CORS restrictions when calling Shopify AJAX endpoints |
sidePanel | Display the extension UI as a Chrome side panel |
storage | Save form state in session storage and persist settings (Storefront Access Token, API version, auto-close preference) in local storage |
tabs | Listen for tab changes to re-detect the active store and open documentation links in a new tab |
*://*.myshopify.com/* and *://*/* | Required to inject scripts into Shopify storefront pages |
Session Storage
The extension uses chrome.storage.session to temporarily store:
- Form field values you have entered (e.g. variant IDs, query strings)
- The last API response received
- The active store domain and tab ID (session cache — used to keep the panel functional when you navigate away from a Shopify tab)
This data:
- Is stored locally on your device only
- Is never sent anywhere
- Is automatically cleared when you close the browser or end the browser session
Local Storage
The extension uses chrome.storage.local to persist:
- Your Storefront Access Token (a public API token you provide)
- Your Storefront API version preference (e.g.
2026-04) - Your auto-close setting
This data:
- Is stored locally on your device only
- Is never sent anywhere
- Persists across browser restarts and extension updates
- Can be cleared at any time from Chrome's extension storage settings
Script Injection
To call Shopify AJAX endpoints, the extension injects a small fetch script into the active tab. This is necessary because the extension panel itself is subject to CORS restrictions that prevent direct requests to store domains. The injected script only performs the specific API request you initiate and returns the response to the extension panel.
Storefront API Requests
Storefront API (GraphQL) requests are made directly from the extension's service worker — no tab injection is required. These requests are sent to https://<store>/api/<version>/graphql.json using the public access token you configure. No request data is logged or stored beyond the response shown in the extension panel.
Third-Party Services
Shopify Dev Helper does not integrate with any third-party services, APIs, or SDKs beyond the Shopify AJAX and Storefront API endpoints that you explicitly call through the extension UI.
Changes to This Policy
If this policy is updated, the "Last updated" date at the top of this document will be revised. Continued use of the extension after changes constitutes acceptance of the updated policy.
Contact
Questions or concerns? Please reach out: