Annote captures the technical evidence behind a bug — console, network, and what the user did. That's exactly the kind of data that can contain secrets, so we built the product to protect it at the source.
The extension stays inactive on the pages you visit. It captures only during a session you start, and stops the moment you end it. There is no always-on background recording.
As data is captured, Annote replaces sensitive patterns — auth tokens, emails, card-like numbers, phone numbers, API keys, Authorization and Cookie headers — with placeholders, and strips sensitive headers, on your machine, before transmission. Password, hidden, and payment fields are never captured.
We call this fail-closed — if in doubt, it's redacted.Annote records which field was interacted with — never the characters entered into your page's fields.
Annote requests only what it needs to show the capture tray and capture during a session. It does not request access to your browsing history or cookies, and does not use a webRequest interception permission.
The product contains no advertising or product-analytics SDKs.
We'd rather tell you than have you discover them.
Anything on screen at capture time is in the image — redaction protects the captured data, not the picture.
Network data is protected by automatic redaction instead.
For full detail on data handling, see our Privacy Policy. For enterprise security questions, reach out any time.
For enterprise security questions, contact help@annote.ai.