This document outlines the security and privacy measures in place within Requestly’s infrastructure. It details how data is managed across different components, including the desktop app, browser extension, and backend systems, while also covering encryption standards and analytics practices.
Desktop App
The Requestly desktop app provides a network interceptor for managing network requests locally. Intercepted requests, saved recordings, and modifications are stored and handled locally on the user’s device to ensure privacy and control. However, rules configurations and application settings are stored in the cloud to enable syncing across devices. To learn more about how the desktop app handles your data, click here.
Browser Extension
The browser extension intercepts and modifies network requests locally using service workers. Intercepted requests and responses remain on the user’s device, and the only data saved on the cloud is the rule's configurations. Users can exclude specific websites to prevent interception. to learn more about how browser extension handles your data, click here.
To disable syncing in both the desktop app and browser extension, go to Settings > Global Settings > Enable Syncing and turn off the switch.
Backend Infrastructure
Firebase Backend
User authentication and data management are powered by Firebase Authentication, ensuring secure and reliable access control. Rules configurations are stored in Firebase Realtime Database, and other user data resides in Firestore, with both encrypted by Firebase for security and performance.
Data Handling and Encryption
Data at Rest
Data at rest is securely stored in Firebase, which encrypts all data using robust encryption protocols. For more details on Firebase’s security measures, click here.
Data in Transit
Data in transit is encrypted using HTTPS to ensure secure communication between the client, Firebase, and other services. This encryption protects data from interception or tampering during transmission.
Analytics
Requestly tracks anonymous events to improve the product and user experience. No Personally Identifiable Information (PII) is included in these analytics events. Users who wish to opt out can do so by navigating to Settings > Global Settings > Help Improve Requestly and turning the switch off on both the desktop app and browser extension.