Last updated: June 11, 2026
FluxMule is a browser-native MuleSoft development workbench. It runs entirely in your browser. We do not operate a backend that receives your code, and we do not collect analytics or telemetry.
FluxMule uses three storage areas. The distinction matters: chrome.storage.local and localStorage stay on this device, while chrome.storage.sync is replicated across your own Chrome profiles by Google sign-in sync (never to us).
| Data | Storage area | Leaves this device? |
|---|---|---|
| Secrets — GitHub token, GitHub OAuth client secret, Anypoint client secret, Anypoint password, Azure DevOps PAT | chrome.storage.local |
No — never synced, never sent to us |
Non-secret config — default commit message, GitHub OAuth client ID, Anypoint client ID, Anypoint plane (us/eu/gov), Anypoint org ID, Anypoint username (apUser), private Exchange asset coordinates you browse (exchangeModules: name + groupId + assetId + version), active git provider |
chrome.storage.sync |
Yes — to your own Google account only. Replicated across your Chrome profiles by Google sync. Never sent to us. |
| Local device cache — diagrams, REST Client request history, REST Client environment variables, recent repos, saved palette shapes, theme, panel sizes, preferences | localStorage |
No — stays in this browser profile, not synced |
Secrets never leave this browser device. All Git / Anypoint / Azure calls are made directly from your browser to those providers using the credential you supplied; FluxMule has no server in the middle.
Note on Google sync: the non-secret config row above is replicated by Chrome's built-in Sync to your other signed-in Chrome profiles. This includes your Anypoint username and the coordinates (not the contents) of any private Exchange assets you browse. If you do not want this replicated, sign out of Chrome Sync or disable extension sync in Chrome settings. No secret is ever placed in this area.
The REST Client lets you define environment variables (e.g. baseUrl, token) that are substituted into requests via {{name}}. These are stored unencrypted in this browser's localStorage and never leave the device. Do not store production secrets there — prefer short-lived tokens, and clear them when done. The in-product editor shows this caveat.
FluxMule only contacts:
No other network requests are made. There is no usage tracking, no analytics, and no advertising.
The DataWeave Playground and flow Debugger run a clean-room subset interpreter in your browser and are labeled "preview". They are not the official MuleSoft DataWeave runtime — outputs are previews. They do not upload your data. The only real outbound calls during debugging are http:request operations in your own flow, which go directly to the host you configured.
Remove all stored data at any time via Settings → Data → Clear, or by removing the extension. Uninstalling deletes all local data. Synced config can also be cleared from any signed-in Chrome profile.
FluxMule is an independent tool. It is not affiliated with, endorsed by, or sponsored by Salesforce/MuleSoft, GitHub, or Microsoft. MuleSoft, Anypoint and DataWeave are trademarks of Salesforce; GitHub is a trademark of GitHub, Inc.; Azure is a trademark of Microsoft.