Privacy
Privacy Policy
In one sentence. Your browsing and everything you inspect with Scalpel — the DOM, network requests, cookies, the heap — stays only on your device. Inspection happens on the phone itself; nothing is uploaded to Scalpel servers. No account, no analytics, no ads, no third-party tracking.
What stays on your device
Everything your use of Scalpel produces lives on the phone or tablet in your hand:
- Your browsing — tabs, history and settings of the built-in browser.
- Data from the sites you visit — cookies, localStorage, sessionStorage, IndexedDB and cache those sites create in the built-in browser, just like in any other browser.
- Inspection artifacts — network logs and HAR files you export, heap snapshots, pretty-printed code and any resource overrides you define.
- Your preferences — app settings. Local.
- Your subscription and trial state — cached locally as confirmation that your trial period or subscription is active (see below).
There is no Scalpel server storing your history, your tabs, your HARs or your snapshots. There is no account and no sign-up: you download the app, open it and use it.
Inspection happens on your device
Scalpel's core feature is showing you the anatomy of the pages you open: the DOM tree, every network request with its response body, cookies (including httpOnly ones), storage and memory. It matters exactly where that happens:
- Scalpel connects to the device's own browser engine through its local instrumentation protocol. Reading the DOM, the network, storage and the heap happens entirely on your phone.
- Scalpel does not upload, store in the cloud or share page content, response bodies, cookies or any other inspected data. If something gets saved (for example an exported HAR), it is saved only on your device.
- No third-party remote analysis service is used: inspection is local.
Your browsing traffic
When you browse with Scalpel, traffic travels directly from your device to the sites you visit, just like in any browser. Scalpel does not route your traffic through its own servers, does not intercept it remotely and keeps no record of it outside the device. Each connection's encryption (HTTPS) depends on each site, and Scalpel shows it to you as it is.
Purchases and subscription
Scalpel comes with a 30-day trial and, after that, an annual subscription. Billing is handled exclusively by the Apple App Store or Google Play: Scalpel never sees your card, IBAN, bank details or any financial data.
To confirm that your trial or subscription is still active, the app contacts our own service at iap.sggyamg.com. That communication carries:
- The purchase receipt or identifier issued by the store, so the server can verify with Apple or Google that it is genuine.
- A device identifier that anchors the trial period: it prevents the 30-day trial from restarting when the app is reinstalled. It is a technical identifier, not an advertising identifier, and it is not linked to your name, email or identity.
- If you take part in the referral program, your referral code and the redeemer's, solely to apply the corresponding discount.
The server only answers whether your trial or subscription is active. It does not receive or store your browsing, your HARs, your snapshots or any inspected data.
What we do not do
Spelled out, so there is nothing to read between the lines:
- No analytics SDKs — no Firebase, Google Analytics, Mixpanel, Amplitude, Sentry, Crashlytics or equivalents.
- No advertising identifier — we do not read or transmit the IDFA on iOS or the AAID on Android.
- No third-party tracking SDKs of any kind.
- No ads inside the app.
- No Scalpel server storing your data. The only backend we operate validates the trial and the subscription, as described above.
- No account. There is no sign-up because there is no backend that wants to know who you are.
Permissions
Scalpel only needs Internet access — it is a browser. It does not request camera, microphone, location, contacts or access to your photos.
Summary for Data Safety / App Privacy
For Google Play's Data Safety and Apple's App Privacy "Nutrition Label" forms, this is the explicit summary:
- History, tabs, site data and inspection artifacts (HARs, snapshots, overrides). Collected: yes, exclusively on the device. Shared: no. Transmitted to Scalpel servers: no.
- Content of inspected pages (DOM, response bodies, cookies). Processed: yes, on the device. Transmitted: NO. Stored on a server: NO.
- Device identifier. Used: yes, sent to iap.sggyamg.com to validate the purchase and anchor the 30-day trial. Advertising: NO. Linked to your identity: NO.
- Payment data — card, IBAN, any bank details. Collected: NO. Billing is done by Apple or Google; Scalpel never sees it.
- Advertising identifiers (IDFA, AAID). Collected / read: NO.
- Account identifiers (email, phone, username). Collected: NO. The app has no account system.
- Contacts, SMS, calls, location. Accessed: NO.
- Crash reports / analytics / telemetry. Sent to a third party: NO.
Subscription validation travels over HTTPS with TLS 1.2 or higher. Your browsing traffic goes straight to each site, with whatever encryption that site offers.
Your rights (GDPR)
You have the right to know what personal data is processed about you. Since Scalpel operates no server storing your browsing or your inspection data, the answer is essentially: none leaves your device, except the technical identifier used to validate the purchase and anchor the trial.
To access or delete your data: since it is stored locally, clearing the app's data or uninstalling it is enough — that removes the history, site data, inspection artifacts and the cached subscription information. For anything related to your purchase or subscription (including requesting deletion of the trial identifier associated with your purchase), write to us. Remember to cancel the subscription from Apple or Google before uninstalling if you do not want it to renew.
For privacy questions or to exercise your rights of access, rectification, objection, erasure or portability: apps.sggyamg [at] gmail [dot] com. You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD).
About this website
This site (scalpel.sggyamg.com) uses no cookies and no analytics. It stores nothing in your browser and sends nothing to any server.
Changes to this policy
If we change this policy, we will update the "Last updated" date above and publish the new version at this URL. Any substantial change (a new third-party integration, a new piece of data collected) will be announced in the corresponding app release notes before it takes effect.
Contact
Questions, complaints, or "this doesn't work the way it says here":
apps.sggyamg [at] gmail [dot] com
This policy is published by Sandra (sggyamg), developer of Scalpel, based in Madrid, Spain.
Language
The Spanish version is the original, binding version of this Privacy Policy. Versions in other languages are translations offered solely for your convenience; in case of discrepancy or conflict of interpretation, the Spanish version prevails.