# Privacy and permissions in Admin Tools

## What this article explains

When you install a browser extension, you want to know what happens to your data. That is a healthy instinct. Admin Tools by Cloud Captains is a collection of more than 130 separate utilities across 11 categories, which you open from the extension's popup window. It is built for developers, IT administrators and power users, but the privacy principles are the same for everyone and easy to explain.

This article covers three things. First: which tools run entirely inside your own browser, with nothing leaving your device. Second: which specific tools do call an external service, and why. Third: what each Chrome permission means in plain language, and why the extension needs it. You can find the official information page at https://cloud-captains.com/admin-tools/.

## The principle: as much as possible runs locally

Most tools in Admin Tools need no internet at all. Every text, math and crypto tool runs 100% locally in your browser. That means the data you enter never leaves your device.

A few examples of tools that work entirely offline:

- Text: change case, count statistics, slugify, compare diffs, hashing, base64, Markdown to HTML.
- Security and Forensics: AES encryption, password generator and strength meter, JWT viewer, certificate viewer, hashes, PGP, steganography.
- Dev and System: code formatter, YAML, JSON and CSV, regex tester, chmod, crontab, cURL to fetch, git cheatsheet.
- Numbers and math, Time and date, and most Image and QR tools such as the QR generator, wifi QR and color picker.

The AI features run on your own device too. The AI Assistant uses Chrome's built-in Gemini Nano, a language model that lives inside the browser itself. Your prompts are therefore never sent to a server. That applies to the AI chat, the summarizer, the translator, the writer and rewriter, the proofreader, the regex and cron explainers, the SQL generator, the commit messages and all the other AI helpers. The six right-click actions (summarize, translate, proofread, rewrite, page to Markdown and media URLs) also process everything locally.

:::tip title="Why this matters"
Processing locally means that sensitive input, such as a password you test or a certificate you inspect, never travels across the internet. You can even use these tools with no internet connection at all.
:::

## Which tools do call an external service

A handful of tools simply cannot do their job without external information. You have to fetch an exchange rate from somewhere, and a DNS lookup by definition asks a nameserver a question. These tools only call an external service the moment you actually use them, and only the service that specific task requires.

Here are the tools and the service they reach out to:

| Tool | External service | Used for |
|------|------------------|----------|
| Currency and exchange rates | frankfurter.app | Current exchange rates |
| DNS lookup | dns.google | Querying DNS records |
| MAC lookup | macvendors.com | Manufacturer behind a MAC address |
| Have I Been Pwned | pwnedpasswords.com | Password leak check |
| Public IP | ipify.org | Showing your public IP address |
| Speedtest | bit.nl, i3d, ovh, vultr, cloudflare | Measuring speed via mirrors |
| Port, WHOIS and GeoIP | port.cloud-captains.com | Port check, WHOIS and GeoIP proxy |
| Wayback | web.archive.org | Older versions of pages |

:::info title="Cleverly designed: the leak check never sends your password"
The Have I Been Pwned tool checks whether a password appears in a known breach via pwnedpasswords.com. It does this using a technique called k-anonymity: only the first characters of a hashed form of your password are sent, never the password itself. The service therefore cannot tell which password you checked.
:::

:::warn title="What you share with an external service"
When you use one of the tools above, the minimum information needed goes to that single service. For a DNS lookup, that is the domain name you query, for example. If you do not use the tool, nothing is sent.
:::

## The permissions in plain language

During installation the extension asks for a number of permissions. Below we explain each one and why Admin Tools needs it. The guiding rule is always: as little as possible, and only where a feature genuinely requires it.

- activeTab: this lets the extension read the current tab, but only after you have clicked it. There is no background snooping.
- scripting: this reads information from the page, read-only, to show it in the popup. Nothing on the page is changed.
- storage: this stores your local preferences on your own device. These settings are not synced to an account or the cloud.
- clipboardRead: this is needed for the Clipboard history, so you can find items you copied earlier.
- clipboardWrite: this makes the copy buttons in the tools work, so a result lands on your clipboard with one click.
- cookies: this is for the Cookie editor, which lets you view and edit a site's cookies.
- contextMenus: this puts the six right-click AI actions in your right-click menu, such as summarize and translate.

:::tip title="A permission does not automatically mean network traffic"
A permission gives the extension the ability to do something, but it does not mean data leaves your device. Reading from a tab or the clipboard happens locally and stays local, unless you use a tool that deliberately calls an external service.
:::

## No telemetry

A lot of software quietly sends usage statistics back to its maker. Admin Tools does not. There is no telemetry: no usage data, click behaviour or analytics is collected or transmitted. The extension does not track which tools you open or how often.

## Checking for yourself

If you want to see with your own eyes that a tool stays local, you can verify it easily in your browser.

:::howto title="Check whether a tool sends data"
1. Open the Admin Tools extension and pick the tool you want to check.
2. In Chrome, open the Developer Tools with F12 or via the menu.
3. Go to the Network tab and leave it open.
4. Use the tool the way you normally would.
5. Watch the Network tab for traffic. For a fully local tool the list stays empty, while a tool that needs an external service shows a call to exactly that service.
:::

:::info title="Want to know more"
You can find the full description of the extension and all categories on the official page: https://cloud-captains.com/admin-tools/.
:::

:::faq
### Do all tools run locally in my browser?
Most do. Every text, math and crypto tool runs entirely locally, and the AI features run on your own device through Chrome's Gemini Nano. Only tools that inherently need external information, such as exchange rates or a DNS lookup, call an external service.

### Are my AI prompts sent to a server?
No. The AI Assistant uses Gemini Nano, which lives inside Chrome itself. Your prompts are processed locally and are not sent to any server.

### Does the extension upload my password during the leak check?
No. The Have I Been Pwned tool uses k-anonymity: only the first characters of a hashed form of your password go to pwnedpasswords.com, never the password itself.

### Does Admin Tools collect usage statistics?
No. There is no telemetry. No analytics, click behaviour or usage data is collected or transmitted.

### Why does the extension need the cookies permission?
It is only for the Cookie editor, which lets you view and edit a website's cookies. Without that permission, that specific tool could not work.

### Are my preferences synced to the cloud?
No. The storage permission keeps your preferences only on your local device. They are not synced to an account or the cloud.
:::