Groma Privacy Policy
Last updated: 17 July 2026
1. Who this policy covers
This policy describes what the Groma browser extension ("Groma", "we") does with data on the device where it is installed. Groma is a local tool: it operates entirely inside your browser and communicates with no Groma server, because none exists.
2. What Groma collects
Nothing. Groma does not collect, transmit, or receive any personal data, usage data, analytics, crash reports, or telemetry. It makes no network requests to any Groma or third-party service. The only network traffic in a Groma tab is the tested app's own.
3. What Groma stores on your device
- Recordings and specs
- The steps you record (element locators, page URLs, your instructions and expected results) exist in memory while you work and are exported — at your request — as a Test-Specs document to your downloads folder. Specs are compressed directly into the document's run and edit links; they are not uploaded anywhere.
- Screenshots and flow video
- During a run, Groma captures screenshots and a video of the app under test using the browser's tab-capture API — whether the app is running inside Groma's device frame or, for apps that can't be framed, in a real browser tab with Groma's step panel floated over it. These are embedded into the HTML report saved to your downloads folder and exist nowhere else.
- Extension storage
- Groma keeps small operational values in the browser's extension storage: transient run/record state handed between its own pages (cleared when the browser closes), your one-time acknowledgement of the framing bypasses, and minor preferences. This storage is local to your browser profile.
4. What captured content can include
Screenshots, videos, specs, and reports show whatever was on screen in the app under test — which may include personal or confidential information. Those files are created locally and shared only by you; treat them with the same care as the data they display.
5. Why Groma asks for broad permissions
Groma requests powerful browser permissions because it must record and run tests on whatever app you point it at. None of them are used to gather data:
- Access to all sites — recording and running must work on any app you test. Groma's content scripts stay dormant on every page until you start a recording or open a run link.
- Modify network rules (declarativeNetRequest) — strips a site's anti-framing headers so it can load inside Groma's device frame. Applied as session rules scoped to each runner tab, never browser-wide.
- Cookies — rewrites the framed app's own session cookie (SameSite=None) so logging in works inside the frame, in that tab's context only. Cookie values are not stored, logged, or transmitted.
- Browsing data — unregisters the framed app's service worker for that origin so it can't break login inside the frame. No history or other browsing data is read.
- Web navigation — observes navigations inside Groma's own frame so the framing fixes can be re-applied after a login redirect. Only acted on in tabs Groma framed.
- Storage, active tab, scripting, context menus — the extension's own state, the "Record with Groma" right-click entry, and launching the recorder or floating step panel on the current tab. Reports and Test-Specs documents are saved through the browser's normal file-download mechanism, not a dedicated permission.
6. Third parties
Groma sends data to no third party, embeds no third-party analytics or ad code, and does not sell, rent, or share any data — there is no data to sell. The apps you test inside Groma's frame are governed by their own privacy policies.
7. Data retention and deletion
Uninstalling the extension removes everything Groma keeps in extension storage. Files you exported (specs, reports) remain wherever you saved them and are yours to delete.
8. Children
Groma is a professional testing tool and is not directed at children.
9. Changes to this policy
If Groma's behavior ever changes in a way that affects privacy, this policy will be updated and the "Last updated" date revised before the change ships.
10. Contact
Questions about this policy: selahsolution@gmail.com.