These explanations are adapted from the checked-in permission-justification and Chrome Web Store review materials.
Every requested permission maps to an explicit reader action; sensitive monitoring permissions stay out of scope.
Used only to save user preferences such as theme, display density, default expand depth, copy-button visibility, smart-value hints, large-JSON thresholds, and search / outline limits.
JSON content is never stored in Chrome storage.
Used only to add explicit right-click actions for selected text: View selection as JSON, Validate selection as JSON, and Format selection as JSON.
Selected text is held in service-worker memory only long enough to pass it to the local Scratchpad, then cleared.
These permissions are used together only after the user opens the popup and clicks Render current page.
Chrome grants temporary access to the active tab for that explicit action, and the packaged local renderer is injected only into that current tab. Non-JSON pages are left unchanged.
Birdor JSON Lens does not request `webRequest`, `cookies`, `history`, `debugger`, `declarativeNetRequest`, `tabs`, or persistent host permissions such as `<all_urls>`.
The product does not monitor fetch or XMLHttpRequest, capture request history, read cookies, or save browsing activity.
The active-tab renderer is tied to an explicit Render current page action. Non-JSON pages are not treated as background data sources, and the product is not positioned as a network observer.
The permission model should be readable during Chrome Web Store review: storage for preferences, contextMenus for selected text actions, activeTab and scripting for the current-page renderer after a user click.
