Privacy Policy - FitCheck

01 - Overview

What Is FitCheck?

FitCheck is a Chrome browser extension that lets you virtually try on clothing items from online retailers using AI image generation. This policy explains what data we collect, how we use it, and your rights as a user.

FitCheck is built and operated as an independent project. We are not affiliated with Google, Target, Amazon, H&M, Zara, Edikted, Princess Polly, or any other retailer.

02 - Permissions

What Permissions the Extension Uses and Why

<all_urls>

All Website Access

The extension requires access to websites because shoppers browse clothing across thousands of retailer domains. It activates around shopping signals such as a product image, price, and cart action.

identity

Google Sign-In

Used to sign you in with Chrome's built-in identity API. We never receive or store your Google password.

storage

Local Data

Stores your session, uploaded photo, credit balance cache, analytics ID, and site preferences locally in your browser.

tabs / activeTab

Tab Access

Used to open try-on results and pass messages between the popup and the active page when you interact with FitCheck.

clipboardWrite

Copy to Clipboard

Used only when you click copy on a generated result. FitCheck never reads from your clipboard.

scripting

Optional Script Injection

Used to inject content scripts into sites you explicitly enable from the extension popup.

Non-shopping pages: On search engines, social media, email, news, and other non-shopping pages, FitCheck is designed to load silently and exit without injecting UI or transmitting page content.

03 - Data Collection

Data We Collect and Store

Account Information

When you sign in with Google, we store your Google account UID, email address, display name, try-on credit balance, and subscription status in Firebase Firestore. This data manages your account, credit limits, and subscription.

Your Avatar Photo

When you upload a photo of yourself for try-on, it is stored locally in your browser and uploaded to our backend server under your account.

Your photo is used only to generate try-on images. It is not used for facial recognition, identity verification, advertising, or AI model training.

Product Images and Try-On Results

When you initiate a try-on, the product image is sent to our backend and forwarded to Google's Gemini API for image generation. Product images and generated try-on images are not stored on our servers after the request completes.

Usage Analytics

We collect anonymous usage analytics through Google Analytics 4 using a random client identifier that is not linked to your Google account or email. Analytics events do not record which specific products you viewed or websites you visited.

04 - Data Sharing

Who We Share Data With

We share data with third parties only as necessary to operate the service. We do not sell your data.

Google Firebase

Stores account information, credits, subscription status, and your avatar photo.

Google Privacy Policy

Google Gemini API

Receives your avatar photo and the product image to generate your try-on result.

Gemini API Terms

Stripe

Processes subscriptions through Stripe-hosted checkout. We never receive or store card data.

Stripe Privacy Policy

Google Analytics 4

Receives anonymous usage events that do not include personally identifiable information.

Google Privacy Policy

05 - Retention

How Long We Keep Your Data

Data Type	Retention Period
Account information	Retained until you request deletion
Avatar photo	Retained until you upload a new photo or request deletion
Credit balance and subscription status	Updated in real time and deleted on account deletion
Try-on results	Not stored on our servers
Local browser data	Until you uninstall the extension or clear extension data
Analytics data	Per Google Analytics default retention settings

06 - Your Rights

Your Rights and Choices

Delete Your Data

Email [email protected] to request deletion of your account and associated data from our servers.

Revoke Google Sign-In

Revoke FitCheck's access at myaccount.google.com/permissions.

Remove Your Avatar

Upload a new photo to replace the stored one, or email us to delete it from our servers.

Disable Analytics

Analytics can be disabled from the extension settings when available in the popup.

Revoke Site Permissions

For enabled sites, open the FitCheck popup and remove access for that site.

Uninstall

Uninstalling the extension removes local data. Contact us to remove server-side account data.

07 - Photo and Biometric Data

How We Handle Photos

FitCheck processes photos of you to generate virtual try-on images. We want to be explicit about what we do and do not do with your photo.

Your photo is used solely to generate try-on images.

Your photo is not used for facial recognition or biometric identification.

Your photo is not used to verify your identity.

Your photo is not used to train AI models.

Your photo is not shared with any party other than Google's Gemini API for generating try-on images.

Biometric privacy laws: Users in states with biometric privacy laws can request deletion of their photo at any time by emailing [email protected].

08 - Children

Children's Privacy

FitCheck is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, contact us at [email protected] and we will delete it promptly.

09 - Security

How We Protect Your Data

All communication between the extension and our server uses HTTPS encryption.

Firebase Authentication tokens are short-lived and automatically refreshed.

Our server verifies your Firebase ID token on every API request.

Payment processing is handled entirely by Stripe.

Server endpoints are rate-limited to prevent abuse and protect accounts.

10 - Changes

Changes to This Policy

We may update this policy as FitCheck evolves. When we do, we will update the "Last updated" date at the top of this document. Significant changes may be noted in Chrome Web Store release notes or communicated directly where required by law.