Privacy

Privacy Policy

Last updated: July 6, 2026. · Versión en español

In one sentence. Your browsing and everything you inspect with Scalpel — the DOM, network requests, cookies, the heap — stays only on your device. Inspection happens on the phone itself; nothing is uploaded to Scalpel servers. No account, no analytics, no ads, no third-party tracking.

What stays on your device

Everything your use of Scalpel produces lives on the phone or tablet in your hand:

There is no Scalpel server storing your history, your tabs, your HARs or your snapshots. There is no account and no sign-up: you download the app, open it and use it.

Inspection happens on your device

Scalpel's core feature is showing you the anatomy of the pages you open: the DOM tree, every network request with its response body, cookies (including httpOnly ones), storage and memory. It matters exactly where that happens:

Your browsing traffic

When you browse with Scalpel, traffic travels directly from your device to the sites you visit, just like in any browser. Scalpel does not route your traffic through its own servers, does not intercept it remotely and keeps no record of it outside the device. Each connection's encryption (HTTPS) depends on each site, and Scalpel shows it to you as it is.

Purchases and subscription

Scalpel comes with a 30-day trial and, after that, an annual subscription. Billing is handled exclusively by the Apple App Store or Google Play: Scalpel never sees your card, IBAN, bank details or any financial data.

To confirm that your trial or subscription is still active, the app contacts our own service at iap.sggyamg.com. That communication carries:

The server only answers whether your trial or subscription is active. It does not receive or store your browsing, your HARs, your snapshots or any inspected data.

What we do not do

Spelled out, so there is nothing to read between the lines:

Permissions

Scalpel only needs Internet access — it is a browser. It does not request camera, microphone, location, contacts or access to your photos.

Summary for Data Safety / App Privacy

For Google Play's Data Safety and Apple's App Privacy "Nutrition Label" forms, this is the explicit summary:

Subscription validation travels over HTTPS with TLS 1.2 or higher. Your browsing traffic goes straight to each site, with whatever encryption that site offers.

Your rights (GDPR)

You have the right to know what personal data is processed about you. Since Scalpel operates no server storing your browsing or your inspection data, the answer is essentially: none leaves your device, except the technical identifier used to validate the purchase and anchor the trial.

To access or delete your data: since it is stored locally, clearing the app's data or uninstalling it is enough — that removes the history, site data, inspection artifacts and the cached subscription information. For anything related to your purchase or subscription (including requesting deletion of the trial identifier associated with your purchase), write to us. Remember to cancel the subscription from Apple or Google before uninstalling if you do not want it to renew.

For privacy questions or to exercise your rights of access, rectification, objection, erasure or portability: apps.sggyamg [at] gmail [dot] com. You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD).

About this website

This site (scalpel.sggyamg.com) uses no cookies and no analytics. It stores nothing in your browser and sends nothing to any server.

Changes to this policy

If we change this policy, we will update the "Last updated" date above and publish the new version at this URL. Any substantial change (a new third-party integration, a new piece of data collected) will be announced in the corresponding app release notes before it takes effect.

Contact

Questions, complaints, or "this doesn't work the way it says here":

apps.sggyamg [at] gmail [dot] com

This policy is published by Sandra (sggyamg), developer of Scalpel, based in Madrid, Spain.

Language

The Spanish version is the original, binding version of this Privacy Policy. Versions in other languages are translations offered solely for your convenience; in case of discrepancy or conflict of interpretation, the Spanish version prevails.