Privacy policy

JSNT is a Chrome extension that runs entirely inside your browser. It has no backend, no analytics, and no third-party services. The only servers it ever talks to are the ServiceNow instances you're already authenticated to — using the same session you'd use in a regular browser tab.

We do not collect, transmit, or sell any personal data.

JSNT stores a small amount of state in your browser only. None of it is ever sent off your device.

• Settings
  Your palette preferences, enabled features, and popup tab order. Stored in chrome.storage.sync so they follow your Chrome profile across devices.
• Recent records
  A short list of records you've recently opened, used to power the palette's recent-items section. Stored in chrome.storage.local.
• Open update set
  Cached per-instance so the side panel can show it instantly. Stored in chrome.storage.local.
• Per-page session state
  Inspector stack and palette draft state, stored in the page's sessionStorage and cleared when you close the tab.

To work, JSNT has to read a few things from each ServiceNow page it runs on:

• The CSRF token (g_ck) so authenticated requests to the ServiceNow REST API succeed.
• The current user's identity (g_user / NOW.user) to scope user-preference reads correctly.
• The current record context (g_form), so the palette can act on the form you're looking at.
• The glide_user_route cookie, used as a gate to confirm the page is a real ServiceNow instance before injecting anything.

All of these are values ServiceNow itself exposes to any script running on its pages. JSNT reads them, uses them locally to make API calls back to that same instance, and never forwards them anywhere else.

JSNT only makes network requests to one place: the ServiceNow instance you're currently on. Specifically, it calls the standard ServiceNow REST and UI endpoints — /api/now/table/*, /api/now/ui/*, and /sys.scripts.modern.do — using your existing browser session.

There are no calls to JSNT-owned servers (we don't have any), no analytics SDKs, and no remote code is fetched and executed at runtime. The extension ships with all of its code bundled.

Every permission JSNT requests has a single, narrow purpose tied to running the palette on ServiceNow:

• storage — persist your settings and recent records in your browser only.
• cookies — read the glide_user_route gate cookie to confirm a tab is a real ServiceNow instance before injecting.
• scripting and activeTab — inject the palette and overlays into ServiceNow pages.
• tabs and webNavigation — identify the active ServiceNow tab and re-attach overlays after client-side route changes (Next Experience pushState navigation).
• sidePanel — open the JSNT side panel for tools that want more room than the popup gives.
• contextMenus— add right-click entries for ServiceNow-specific actions like “open record by sys_id”.

Host permissions are scoped to https://*.service-now.com/* — JSNT cannot see any other site you visit, and never requests <all_urls>.

Because nothing leaves your browser, you control all of it:

• Clear all stored data: open chrome://extensions, find JSNT, click Details → Site access, and use Clear data. Or simply uninstall the extension.
• Disable specific features: every feature can be turned off individually from JSNT's settings tab in the popup.
• Stop syncing settings: if you don't want settings to ride along with your Chrome profile, sign out of Chrome sync.

If JSNT ever starts collecting new categories of data, this page will be updated and the version note above will change. The current revision is dated April 26, 2026.

Privacy questions can be sent to support@jsnt.dev.