Privacy is a concern and many users are wondering what are the permissions required by Google Keep™ PowerUp in order to be installed.
Long story short, this web extension lives and stores data in the user web browser. Nothing is communicated to the outside world and as a matter of fact if you install the same web extension in multiple browsers you have to configure it from scratch every time and they are not kept in sync. By the way, it would be a very cool feature but it would compromise the simplicity of current minimal permissions model.
Current permissions - v.0.8.x
To dive deeper into technical details, the actual permissions required by this web extensions are:
You may wonder what are the last two URLs, they are proxy pages used by Google Keep™ to fetch data. Google Keep™ PowerUp needs to listens such communications to detect changes to the page that are asynchronous, for instance when the user scrolls down and the page is loading more notes.
I don't plan to develop more complex features that may require wider permissions, it is a quite important feature per se that permissions requirements are as less as possibile.