SCube Zoho Inspector Pro is a Chrome extension that enhances Zoho CRM with developer and administrator tools: a field API name overlay, COQL query runner, record inspector, module schema browser, permission analyzer, Deluge code editor, data import/export, schema diff, and more.
This policy explains what data the extension accesses, where it goes, and what we never do with it. The core privacy model is simple: all data flows directly between your browser and your Zoho CRM org โ SCube operates no intermediate server, collects no telemetry, and stores nothing outside your own device.
The extension consists of three components โ a popup UI, a background service worker, and a content script injected on Zoho CRM pages โ that work together to provide the following features:
All data the extension reads or writes belongs to your Zoho CRM org and is accessed exclusively via Zoho's official REST API v3 using your own OAuth 2.0 token. No data is intercepted, copied, or stored outside your device.
| Data Type | API Endpoint | Used For |
|---|---|---|
| Module list | /settings/modules | Populating module selectors throughout the UI |
| Field schema | /settings/fields?module=X | Schema Browser, Field Overlay, COQL assistance |
| Picklist values | /settings/fields (picklist type) | Picklist Values viewer |
| Record data (all fields) | /{module}/{recordId} | Record Inspector โ full field view |
| Search results | /{module}/search?word=X | Search Records feature |
| COQL results | /coql (POST) | COQL Query Runner |
| Roles | /settings/roles | Permission Analyzer โ Role Hierarchy |
| Profiles & permissions | /settings/profiles | Permission Analyzer โ Profile Matrix & Heat Map |
| Users | /users | Permission Analyzer โ User list, Inactive Users |
| Territories | /settings/territories | Permission Analyzer โ Territory Tree |
| Workflows | /settings/automation/workflow/rules | Permission Analyzer โ Workflows tab |
| Approval processes | /settings/automation/approval | Permission Analyzer โ Approvals tab |
| Assignment rules | /settings/automation/assignment | Permission Analyzer โ Assignment Rules tab |
| Related lists | /settings/related_lists?module=X | Related Lists browser |
| Blueprint state | /{module}/{recordId}/actions/blueprint | Blueprint Viewer |
| Notes & activities | /Notes, /Activities | Record sub-panels |
| Attachments list | /{module}/{recordId}/Attachments | Attachments sub-panel |
| Org info | /org | Connection tab โ org name, ID, country |
| Layouts | /settings/layouts?module=X | Layout information for modules |
| Custom views | /settings/custom_views | View selectors |
| Macros, Tags, Variables | /settings/macros, /settings/tags, /settings/variables | Admin reference panels |
| Pipelines, Email templates | /settings/pipeline, /settings/emailtemplates | Admin reference panels |
| Web forms | /settings/webforms | Admin reference panel |
| Bulk job status | /bulk/read/{jobId} | Polling for Bulk Export completion |
| Operation | API Endpoint | Triggered By |
|---|---|---|
| Update record fields | PUT /{module}/{recordId} | Record Inspector โ Save Changes button |
| Create new record | POST /{module} | Data Import โ Insert action |
| Upsert record | POST /{module}/upsert | Data Import โ Upsert action |
| Delete record | DELETE /{module}/{recordId} | Record Inspector โ Delete button (requires confirmation) |
| Upload attachment | POST /{module}/{recordId}/Attachments | Attachment Upload โ file picker |
| Run COQL query | POST /coql | COQL Runner โ Run Query button |
| Start bulk export job | POST /bulk/read | Bulk CSV Export โ Start Export button |
| Add note | POST /Notes | Record Inspector โ Add Note |
| Custom API calls | Any endpoint you type | Raw API Builder โ Send button |
Two features use AI: the COQL AI Query Generator and the Deluge AI IDE. Both are entirely optional and are disabled unless you configure an AI provider API key in Settings. You bring your own API key from one of three providers.
| Provider | What is sent | Model default | Governed by |
|---|---|---|---|
| Anthropic (Claude) | Your natural-language prompt + optional field schema context | claude-haiku-4-5-20251001 | Anthropic Privacy Policy |
| OpenAI (GPT) | Your natural-language prompt + optional field schema context | gpt-4o-mini | OpenAI Privacy Policy |
| Google (Gemini) | Your natural-language prompt + optional field schema context | gemini-2.0-flash | Google Privacy Policy |
chrome.storage.local on your device. They are never transmitted to SCube or any server other than the respective AI provider's authentication endpoint.The extension supports all five Zoho CRM data centres. Select the correct data centre for your org in Settings โ the extension will direct all API calls to the correct regional endpoint. No data crosses between regions.
| Permission | Why it's needed |
|---|---|
| storage | Store OAuth tokens, settings, COQL history, saved queries, API request history, pinned modules, recent records, and environment variables โ locally in your browser only |
| identity | Launch the Zoho OAuth 2.0 authentication flow via chrome.identity.launchWebAuthFlow โ opens Zoho's login screen in a secure browser window |
| activeTab | Read the URL of the current Zoho CRM page to auto-detect the module name and record ID when you click "Auto-Detect Record" |
| tabs | Query the active tab to inject the field overlay and detect the current Zoho CRM page context |
| notifications | Show a browser notification when a long-running Bulk CSV Export job completes |
| contextMenus | Add right-click menu items on Zoho CRM pages: "Copy Record ID" and "Copy API Name" |
| scripting | Inject the field overlay content script on Zoho CRM pages to show API name badges on field labels |
| Domain | Purpose |
|---|---|
| *.zoho.com, *.zoho.in, *.zoho.eu, *.zoho.com.au, *.zohocloud.ca | Content script injection on Zoho CRM pages (field overlay) |
| *.zohoapis.com, *.zohoapis.in, *.zohoapis.eu, *.zohoapis.com.au, *.zohoapis.ca | All Zoho CRM REST API v3 calls (modules, fields, records, COQL, bulk, etc.) |
| api.anthropic.com | AI query/code generation โ only called when Anthropic API key is configured |
| api.openai.com | AI query/code generation โ only called when OpenAI API key is configured |
| generativelanguage.googleapis.com | AI query/code generation โ only called when Gemini API key is configured |
All data is stored in chrome.storage.local on your device. Nothing is synced to Chrome Sync or any external server. The following keys are stored:
| Key | Contents | Purpose |
|---|---|---|
| zoho_token | OAuth access token, refresh token, expiry timestamp, data centre | Authenticating Zoho API calls |
| zoho_inspector_settings | Data centre selection, field overlay toggle, theme preference, AI provider/model/key settings | Extension configuration |
| szip_saved_orgs | Named org credentials (token + data centre per org) | Multi-org management |
| szip_coql_history | Last 50 COQL queries (text only, no results) | Query history panel |
| szip_saved_queries | Named COQL queries organised by folder | Saved Queries panel |
| szip_api_history | Last 50 raw API requests (method, endpoint, body, status) | API Builder history panel |
| szip_saved_apis | Named saved raw API requests | Saved Requests panel |
| szip_recent_records | Last 20 inspected records (module, record ID, display label, timestamp) | Recent Records panel |
| szip_pinned_modules | List of module names the user has pinned | Pinned modules in selectors |
| szip_env_vars | Named key-value environment variables (e.g. {{ORG_ID}}) | API Builder variable substitution |
| szip_api_log | Last 100 API call log entries (method, endpoint, status, duration) | Log tab in popup |
chrome.storage.local are sandboxed to this extension only. They cannot be read by websites, other extensions, or other Chrome profiles.chrome.storage.local, sandboxed to this extension and inaccessible to websites or other extensionschrome.identity.launchWebAuthFlowTo report a security vulnerability, email scubedevelopmentteam@gmail.com.
The extension requests the following OAuth 2.0 scopes from Zoho. These are the minimum scopes required to support all features. If you only use a subset of features, not all scopes will result in active API calls.
| Scope | Why it's requested |
|---|---|
| ZohoCRM.modules.ALL | Read and write records across all modules (Record Inspector, COQL, Search, Data Import, Bulk Export) |
| ZohoCRM.settings.ALL | Read module schema, fields, picklists, roles, profiles, workflows, assignment rules, territories, layouts, and more |
| ZohoCRM.users.READ | Fetch user list for Permission Analyzer โ Inactive Users and user assignment views |
| ZohoCRM.bulk.READ | Create and poll Bulk Read jobs for the Bulk CSV Export feature |
This extension is not directed at children under the age of 13 and does not knowingly collect any information from children. It is a professional developer and administrator toolkit intended for use by adults in a business or technical context.
When this Privacy Policy is updated โ for example when a new feature is added โ the revised version will be published at this URL with an updated "Last Updated" date. Continued use of the extension after changes are posted constitutes your acceptance of the updated policy. Material changes that affect how data is handled will be noted in the extension's Chrome Web Store changelog.
Questions about Zoho Inspector Pro's data practices? We respond within 2 business days.
โ๏ธ scubedevelopmentteam@gmail.com