Last updated: 2026-05-01
AngrySysOps vCenter Commander (“the extension”) is a Chrome extension that helps VMware vSphere administrators connect to and search inventory across their own vCenter Server instances. This privacy policy explains what data the extension handles, where it goes, and what it never does.
Summary
- The extension does not collect, transmit, or share any personal data with AngrySysOps or any third party.
- The extension has no analytics, no telemetry, no tracking, and no advertising identifiers.
- All data entered by the user (vCenter profiles, usernames, passwords) stays on the user’s device, except for login requests sent directly to the vCenter Server the user configured.
What the extension stores
| Data | Where | Cleared when |
|---|---|---|
| vCenter profiles (name, FQDN, site, username, default flag) | chrome.storage.local | User deletes the profile or uninstalls the extension |
| Connection preferences (shared vs per-vCenter credential mode, optional shared username) | chrome.storage.local | User changes them or uninstalls the extension |
| Active vSphere session tokens | chrome.storage.session | Chrome closes, or the user logs out |
| Demo mode flag | chrome.storage.session | Chrome closes, or the user appends ?demo=0 to any extension page |
| Enterprise-managed profiles | chrome.storage.managed (read-only) | The organization’s admin removes them |
Passwords are never stored. When a user connects to a vCenter, the password is held only in memory (React component state) for the duration of the login request and is discarded immediately afterward.
What the extension transmits
The extension makes network requests only to the exact vCenter FQDNs the user has configured, over HTTPS. Specifically:
POST /api/session— login using the username and password the user entered.DELETE /api/session— logout.GET /api/vcenter/vm,GET /api/vcenter/host,GET /api/vcenter/datastore— inventory.
No data is sent to AngrySysOps, analytics providers, advertisers, or any other third party.
Permissions
The extension declares three permissions, all for the purposes above:
storage— used as described in What the extension stores.sidePanel— used to render the main UI inside the Chrome side panel.https://*/*(optional) — requested at runtime, per-vCenter, only when the user connects to a profile. The extension never uses this permission for any origin the user has not explicitly configured and never requests<all_urls>.
Data retention and deletion
All data is stored locally on the user’s device in Chrome’s extension storage. There is no remote database, no backup, and no cloud sync operated by AngrySysOps. Users can remove all extension data by:
- Deleting individual profiles from the Settings page, or
- Clearing the extension’s site data from
chrome://settings/content/all, or - Uninstalling the extension from
chrome://extensions.
Enterprise deployments
Organizations deploying the extension via Chrome enterprise policy may push read-only vCenter profiles into chrome.storage.managed. These profiles are rendered read-only in the UI and cannot be edited or deleted by the end user. No data is sent back to the organization’s policy server by the extension itself.
Children’s privacy
The extension is intended for professional system administrators and is not directed at children under 13.
Changes to this policy
Material changes will be described in CHANGELOG.md and the “Last updated” date at the top of this document will be revised.
Contact
Questions or privacy concerns can be sent to admin@angrysysops.com or filed as a GitHub issue at github.com/AngrySysOps/vChrome/issues.
