Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.mellowtel.com/llms.txt

Use this file to discover all available pages before exploring further.

What it is

Every Mellowtel request runs inside a sandboxed, credentialless window that is created on demand and destroyed immediately after. The window has no access to the user’s session, identity, or any data your product stores on the device.

Why it matters

You are asking your users to share their bandwidth. They will only say yes, and you will only stay compliant with browser store policies, if you can answer “what does Mellowtel actually see?” with a straight, specific list. This page is that list.

What Mellowtel does not have access to

When a request runs, the sandboxed window cannot read:
  • Cookies (first-party or third-party)
  • localStorage, sessionStorage, or IndexedDB
  • The user’s authentication state on any site
  • Any data your extension or app stores
  • The user’s browsing history or open tabs
  • Personally identifying information of any kind
Think of every request as running in a fresh incognito window that is unrelated to the user’s normal browser instance.

What Mellowtel does see

  • A randomly generated node identifier, assigned once per install. It is not linked to any personal information and cannot be used to identify the user.
  • The URL the trusted partner asked to fetch (which is public web content by definition).
  • The HTTP response from that public URL.

Verify it yourself

The sandboxing logic is open source. If you or your security team want to audit the isolation model before shipping, read the source on GitHub.
TODO: Replace the org link above with a deep-link to the specific file that creates the credentialless window, so reviewers can jump straight to the relevant code.
  • Opt-in / Opt-out: how user consent is captured before any of the above happens.
  • Rate Limiting: how the request volume is kept invisible to the user.