Chrome & VS Code Extensions
Privacy Policy
Summary
Claude Token Tracker reads quota information that the claude.ai web app already exchanges with Anthropic's servers, and stores a copy of that information locally on your device so it can show you a usage dashboard. The extension does not have a backend, does not transmit data to any third party, and does not collect analytics or telemetry.
What the extension reads
While you have a claude.ai tab open, the extension observes:
- Server-Sent Events from
claude.ai/api/.../completion— specifically themessage_limitevent Anthropic emits after each reply. This event contains your current quota utilization (a percentage from 0–100), the timestamp at which each window resets, and an internal status string. No conversation content, no message text, and no personal information is part of this event. - JSON responses from
claude.ai/api/organizations/...— scanned for any embedded quota payload with the same fields as above. - Length of the current conversation — the extension counts the number of characters rendered in the chat to estimate token usage. The text itself is never read, stored, or transmitted — only the integer length.
- Page navigation events — used solely to reset the per-conversation counter when you switch chats. No URL or query parameter is recorded.
What the extension stores
All storage uses chrome.storage.local, which lives only inside your browser profile and never leaves your device.
| Key | Content | Retention |
|---|---|---|
latest |
Most recent quota snapshot (timestamps + utilization per window) | Overwritten on each new event |
history |
Rolling array of past quota snapshots | Capped at 2,000 entries; oldest auto-pruned |
was_over_90 |
Per-window flag: was 90% notification already shown? | Cleared when utilization drops below 85% |
plan_type |
Your selected plan (Pro / Max 5x / Max 20x) | Until you change it |
hidden_windows, show_bottom_bar, show_chat_counter |
UI preferences | Until you change them |
ctt_pre_reset_* |
Transient values used by the reset-detection flow | Removed within ~30 seconds of each window reset |
No conversation content, no chat titles, no usernames, no email addresses, and no API keys are stored. Ever.
What the extension transmits
Nothing leaves your device. The extension makes no network requests to any external server other than claude.ai itself (using cookies that already exist in your browser, exactly as the claude.ai web app does). There is no analytics endpoint, no error reporting service, and no remote configuration.
The footer of the popup contains a static link to ko-fi.com. No request is made until you click it.
Optional local-only bridge to the VS Code companion (v1.1.0+)
If the optional Claude.ai Token Tracker VS Code extension is installed and running, the Chrome extension POSTs the same quota snapshot it already shows in the popup and sidebar to a small HTTP server that the VS Code extension runs on your own machine:
- The destination is
http://127.0.0.1(loopback only) on a port in the7823–7832range. 127.0.0.1is your own computer. It is not reachable from the network. No router, no ISP, no third party can intercept this traffic.- The POST is fire-and-forget. If no VS Code window is listening, the connection is refused and the Chrome extension silently continues. There is no retry queue, no off-machine fallback, no buffering.
- The data sent is exactly the existing quota snapshot, utilization percentages, reset timestamps, and status strings, already visible in the popup. No new data is captured for the bridge.
- Hidden quota windows (those you toggled off in the sidebar settings) are filtered out before sending.
If you do not install the VS Code companion, the bridge does nothing and the Chrome extension behaves exactly as it did in v1.0.x.
Permissions, justified
storage— required to persist the quota history and your settings locally on your device.notifications— required to show desktop alerts when your session or weekly cap crosses 90% or resets.alarms— required to schedule reset-detection in a way that survives Chrome service-worker termination.host_permissions: https://claude.ai/*— required to attach the content script that reads the quota events. The extension never accesses any other external domain.host_permissions: http://127.0.0.1/*(added in v1.1.0) — required to POST quota snapshots to the optional VS Code companion running on your own machine. Loopback only, never leaves your device.
Data sharing
There are no third parties. There is no data sharing.
Companion VS Code extension
The same privacy guarantees apply to the VS Code companion extension:
- It binds an HTTP server to
127.0.0.1only (loopback). The server is not reachable from the network. - It accepts POSTs from the Chrome extension and validates every payload server-side before rendering anything.
- It does not store quota data persistently. The latest snapshot lives only in memory while VS Code runs.
- It makes zero outbound network requests. No analytics, no telemetry, no remote configuration.
- It does not read your code, your files, your workspace, or any VS Code state beyond the extension's own configuration.
The VS Code extension is open source under MIT license.
Your control
- Clear all stored data by uninstalling the extension, or via
chrome://extensions→ extension details → Clear storage. - Disable notifications at OS level or in Chrome's site settings.
- Disable the sidebar widget, bottom bar, and chat counter individually via the cog icon inside the extension sidebar.
Changes to this policy
If this policy changes in a way that materially affects how data is handled, the extension's version will be bumped and a changelog entry will note the change. Current versions: Chrome extension 1.0.x (publishing 1.1.0 adds the optional VS Code bridge described above), VS Code extension 1.0.11.
Contact
Questions about this policy? frederiek@clickforest.com