SN Utils runs entirely in your browser. Your ServiceNow data never leaves your machine.
Your ServiceNow records, credentials, and business data never leave your environment.
The extension operates under your logged-in user's rights. No elevated access.
A visual representation of what data goes where
* Optional sync includes snippets, commands, and settings
Understanding our security architecture in detail
SN Utils extension runs locally in your browser
Your data stays in ServiceNow under your credentials
ScriptSync writes files locally for VS Code (optional)
Validates license keys (frequency depends on licensing method)
How license checks work depends on your licensing method
For Pro plan users via snutils.com — our current offering
Planned for the Enterprise plan
A detailed breakdown of what stays local vs. what we receive
| Data Type | Where It Lives | Backend Access |
|---|---|---|
| Your scripts & code | Your instance only | Never transmitted |
| ServiceNow records | Your instance only | Never transmitted |
| Credentials & tokens | Your instance only | Never transmitted |
| User preferences | Your instance cache | Never transmitted |
| Usage statistics | Local + shared by default (Pro) | On by default — opt-out |
Enterprise (planned): The ServiceNow Store App will communicate with our backend from your instance — your browser extension will only talk to your ServiceNow instance.
SN Utils includes optional AI features (Sidekick AI and the AI Command Builder). They are Pro-only, the AI code is removed entirely from the free Community build, and a request is only ever made when you explicitly click Send or Generate.
snutils.com over HTTPSA team owner or admin can disable the AI features for their whole team from the team Settings page — an organization-wide default plus per-user overrides. Enforcement is server-side, so blocked requests are rejected at the API. How to turn AI off →
For the full integration design and exact sample data payloads:
AI Integration & Data Handling →SN Utils is designed to continue working even if our backend is unreachable:
Cloud sync is enabled by default for Pro (and trial) users to provide seamless cross-device access. Each feature can be individually disabled in the extension settings.
SN Utils requests only the permissions necessary to function. Here's why we need each:
Needed and only used for switching Nodes
Used to store SN Utils settings and cache data like table list to reduce REST calls
Interact with ServiceNow browser tabs
Enables live preview and real-time CSS from sn-scriptsync
Access your ServiceNow instance via REST API
Local websocket for interaction between Helper Tab and VS Code sn-scriptsync
Note: SN Utils on-prem for Chrome does not implement a CSP at this point, but it shares the same codebase.
Have questions about our security practices? Need a security questionnaire completed for your procurement team? We're happy to help.
For details on data handling, see the Privacy & Data Processing Agreement.