隐私政策

我们会在您直接向我们提供信息时进行收集，包括： • 创建账户 • 输入尺寸、物品或空间以运行 fit check • 上传图片或文件进行分析 • 联系我们获取客户支持 • 订阅产品更新通知 • 与我们的 AI 助手沟通适配决策 这些信息可能包括您的邮箱地址、您输入的尺寸和物品、您生成的 fit check 和 visual proof、您的聊天消息，以及您选择上传的任何文件。 **我们希望您了解：** 您的 fit check 和聊天消息会保存在您的账户中，便于您之后查阅，也方便我们排查 bug 和滥用行为。您可以随时在「设置 → 账户 → 危险区」中将其全部抹除。

我们使用收集到的信息来： • 运行您的 fit check 并生成 visual proof • 保存您的物品、空间和项目历史，便于您再次访问 • 排查 bug 并防止服务被滥用 • 查看汇总后的使用模式，以改进求解器准确度和产品默认值 • 向您发送技术通知、收据和支持回复 • 回应您的提问和支持请求 • 履行法律义务并保护我们的权利 我们不会将您的个人信息出售、出租，或与第三方共享用于其营销目的。

您的信息在传输和静态存储时均采用行业标准加密。我们采取技术和组织上的保护措施，防止未经授权的访问、更改、披露或销毁。 您的 fit check、已保存的物品和空间，以及聊天消息，会一直保存在您的账户中，直到您将其抹除。当您删除账户时，您的身份记录（账户、邮箱、IP 地址、设备指纹、会话链接）会被立即抹除。对于我们出于产品质量、防滥用或法律义务而保留的匿名化记录——这些记录与您之间不存在任何关联——我们将其视为 GDPR 下的匿名数据。 我们仅在提供服务所必需或法律要求的期限内保留您的信息。

我们使用 Cookie 和类似追踪技术来： • 记住您的偏好和设置 • 分析网站流量和使用模式 • 改善我们的网站功能 • 提供个性化内容和推荐 您可以通过浏览器设置控制 Cookie 选项。但禁用某些 Cookie 可能会限制我们服务的某些功能。

我们的服务集成了第三方提供商，用于： • AI 驱动的空间分析 • 3D 渲染和可视化 • 处理 fit-check 套餐购买的付款 • 分析和性能监控 这些提供商受隐私协议约束，且仅访问提供其特定服务所必需的信息。

您有权： • 访问、更新或删除您的个人信息 • 导出您保存的物品、空间和 fit-check 历史 • 退订产品更新邮件 • 请求数据可携带性 • 向监管机构提出投诉 行使删除权最快捷的方式是通过「设置 → 账户 → 危险区」。其他请求请发送邮件至 roscatoday@gmail.com。 当您删除账户时，我们会从所有记录中永久删除您的身份信息（账户、邮箱、IP 地址、浏览器指纹、会话链接）。聊天消息的文本内容可能以匿名化形式保留——与您没有任何关联——用于产品质量和防滥用目的。由于这些记录不再能与您相关联，根据 GDPR 它们被视为匿名数据。如果您不希望以任何形式保留，请勿在聊天消息中包含个人信息（姓名、地址、电话号码）。

我们的服务不面向 13 岁以下儿童。我们不会故意收集 13 岁以下儿童的个人信息。如果我们发现已收集了 13 岁以下儿童的信息，将立即删除。

我们可能会不时更新本隐私政策。我们将通过在本页发布新政策并更新「最后更新」日期来通知用户重大变更。变更发布后继续使用我们的服务即表示接受更新后的政策。

如果您对本隐私政策或我们的隐私实践有疑问，请通过以下方式联系我们： 邮箱：roscatoday@gmail.com 主题：隐私政策咨询 我们将在 30 天内回复与隐私相关的咨询。

The ItemFits Chrome extension lets you check whether a product on a retailer's page (such as Amazon, IKEA, or Wayfair) will fit through doors, up stairs, into vehicles, or in a room. To provide this feature, the extension collects and transmits the following data to our backend at itemfits.com: • Account and authentication data. If you choose to sign in, we collect your email address. When you sign in with email and password, your password is sent over HTTPS to our authentication provider (Supabase) and is never stored inside the extension. When you sign in with Google, we use Chrome's identity API (chrome.identity.launchWebAuthFlow) to open Google's OAuth consent window and receive your email address and a session token via our authentication provider. Your Supabase session token is stored locally in the extension's chrome.storage.local so you stay signed in across popup opens. • Product page content. When you click "Scan this page" in the extension popup, we run a one-shot content script in the active tab to extract publicly visible product attributes — title, dimensions, price, images, hyperlinks, and structured data (JSON-LD) — and send them to itemfits.com/api/extension/parse-product so our AI can identify the item and its dimensions. The extension never scans pages in the background or without your explicit click. • Chat messages. Messages you type into the extension's chat interface are sent to itemfits.com/api/extension/chat, where they are processed by our AI provider (Anthropic, the maker of Claude) and stored so you can reference past conversations from the extension's History view. • Scan and chat history. We store a per-user history of the products you've scanned and the chat threads you've started so you can revisit them. You can delete individual entries from the History view or request full deletion by emailing roscatoday@gmail.com. • Diagnostic data and device identifier. When a request to itemfits.com fails (for example, a network error or a 500 from our parser), the extension transmits a small, technical error report to itemfits.com/api/extension/telemetry containing: a randomly generated error ID, an error code, the HTTP status code, the request path, and the retailer hostname where the error occurred. The extension also generates a random per-install identifier (UUID) the first time you use it and stores it in the browser's extension storage; it is sent alongside chat requests so our abuse-protection systems can rate-limit the extension separately from the website. Neither the diagnostic reports nor the identifier contain your email address, page contents, or any text you have typed. You can disable diagnostic reports at any time from the extension's Options page (right-click the extension icon → "Options" → Privacy → "Don't send error telemetry to ItemFits"). The identifier is regenerated if you uninstall and reinstall the extension. Subprocessors used by the extension. We share the data above with a limited number of service providers strictly to deliver the extension's single purpose: • Supabase — database and authentication. Stores your account, sessions, scan history, and chat transcripts. • Anthropic (maker of Claude) — AI model provider. Processes chat messages and scanned product data to generate fit assessments. Per Anthropic's commercial terms, data sent via its API is not used to train Anthropic's models. • Stripe — payment processing for premium tier purchases made on itemfits.com. The extension itself does not handle payment information; if you purchase a paid plan, you do so on the web app and Stripe processes the transaction on our behalf. The extension never sees card numbers or banking details. These providers are contractually bound to use the data only to deliver services to ItemFits. What the extension does NOT collect. The extension does not track your browsing history outside of pages you explicitly scan. It does not monitor your clicks, keystrokes, mouse movements, or scroll position. It does not read form fields. It does not access your location, camera, microphone, or files. It does not inject scripts into pages you haven't asked it to scan. It does not sell, rent, or share your data with advertisers or data brokers, and it does not use your data for purposes unrelated to checking whether an item fits in a space.

This section describes how ItemFits processes data specifically through its Shopify App integration. It applies only to merchants who install the ItemFits app from the Shopify App Store on their Shopify stores, and to the shoppers who interact with the ItemFits fit-check widget on those stores. What the app accesses. When a Shopify merchant installs ItemFits, the app requests two OAuth scopes: • write_products — to create and maintain the itemfits.* metafield definitions (itemfits.width, itemfits.depth, itemfits.height, itemfits.unit) on the merchant's product catalog. • read_themes — to verify that the ItemFits theme app extension block is installed correctly on the merchant's product template. Merchant data we store. For each installed shop we store: the shop's myshopify.com domain, OAuth access tokens (encrypted at rest), product metafield values written via the scope above, theme block configuration settings (placement + display preferences), and the merchant's selected plan + billing state via Shopify's billing API. We do not request or receive any Shopify customer or order data. Shopper data we process. When a shopper uses the fit-check widget on a merchant's product page, ItemFits processes the dimensions the shopper enters (e.g., door width, room size, vehicle trunk dimensions) and stores an audit row recording the product, the verdict, the dimensions entered, and a timestamp. We do NOT capture any direct shopper PII from the widget itself — no names, no email addresses, no physical addresses, no phone numbers, no IP address stored alongside the row. The widget operates anonymously from the shopper's perspective. Third-party processors used by the Shopify App. • Anthropic PBC (Claude API) — When a merchant's product has no itemfits.* dimensions set, or when the shopper types a free-form question into the widget's chat, ItemFits sends the relevant text (product description and/or the shopper's typed message) to Anthropic's Claude API for AI-based dimension extraction and conversational fit guidance. Data is processed in the United States. Under Anthropic's commercial / enterprise data-processing terms, inputs and outputs sent via the API are NOT used to train Anthropic's models. • Resend — Transactional email delivery used for fulfillment of GDPR data-subject requests (when a merchant or shopper requests a copy of their data or a deletion confirmation, the response is sent via Resend's API). • Supabase — Primary database and authentication provider for the ItemFits platform. Shop data, metafield configuration, fit-check audit rows, and merchant subscription state are stored in Supabase. Supabase is also listed in the general sections of this policy. These providers are contractually bound to use the data only to deliver services to ItemFits and are not authorized to use merchant or shopper data for any other purpose. Retention. Shop data is purged within 48 hours of app uninstall, triggered by Shopify's shop/redact webhook (which Shopify fires automatically 48 hours after a merchant uninstalls the app). Individual shopper records, to the extent they can be identified and scoped to a specific shopper by Shopify, are purged on receipt of Shopify's customers/redact webhook. Your rights. EU/UK shoppers and merchants may request access to or deletion of records tied to their session or their shop. Requests: email roscatoday@gmail.com (Shopify App support routes through the same address) with the subject line "Shopify App — data request" and include either the relevant shop domain or a description of the session. We respond within 30 days per GDPR timelines, typically within 5 business days. GDPR webhooks. ItemFits implements all three Shopify-mandatory GDPR webhooks: customers/data_request (data access requests), customers/redact (delete a specific customer), and shop/redact (delete all data for an uninstalled shop). These endpoints are HMAC-verified against the Shopify webhook signature on every call.