ENG

Effective date: May 5, 2026

Contact: Telegram @Dyadichev_Vladimir

Summary

The XL Scenario Transfer extension runs entirely in the user's browser. No data is sent to the author's servers or to any third party. Below is exactly what the extension reads and where it stores it.

What data is processed

XL authorization token (admin_access_token)

• Source: cookie of the active tab on *.xl.ru, *.xlcrm.ai, *.accelonline.io domains
• Purpose: to authorize REST requests to the XL API (fetch a scenario, create a node, etc.) on behalf of the already logged-in user
• Storage: locally in chrome.storage.local — isolated from other extensions and websites, not synchronized via the Google account
• Destination: only the same XL domain the user is authorized on. No third-party servers

School information (name, id)

• Source: response from the XL API endpoint /api/v1/school after the token is set
• Purpose: to display the currently connected school in the extension popup
• Storage: locally in chrome.storage.local
• Destination: nowhere

Scenario data during export and import

• Source: XL REST API (/api/v1/scenario/<id> and related)
• Purpose: to download a scenario as a JSON file (export) or create it in another school (import)
• Storage: in extension memory for the duration of the operation; exports are saved locally as a .json file that the user saves manually