1) What we collect
Device/browser characteristics used to create a stable identifier (“fingerprint”)
OS/platform, language(s), vendor, device memory, hardware concurrency
Timezone
WebGL vendor/renderer and related WebGL capability hashes
Canvas, audio, and offline-audio hashed signals
Media preferences (dark mode, reduced motion), color gamut, forced colors
Input capabilities (max touch points, pointer/hover support)
Storage quota hash
Intl options (calendar, numbering system, hour cycle)
Note: Some system APIs (CPU/memory/storage) are attempted but only collected if permitted and available in the browser; otherwise they remain empty.
Screenshots and masks that you explicitly capture
When you capture or process an area, the extension sends the screenshot and mask to our servers to generate results.
Account and usage data
If you sign in or update credentials in the options page: email address; password is transmitted securely to our API and not stored in the extension.
A userId issued by our API for registration/usage tracking.
Subscription/usage data (e.g., usages left, plan status).
Local preferences and history stored on your device
Selected country/region preference (localStorage)
Local usage history with item metadata (localStorage)
UI preferences (default tab, popup size) and caches (chrome.storage.local)
Cached usage info (usages left, timestamps)
We do not read your browsing history or page content by default. The extension only injects scripts into the active tab when you use the feature (no broad host permissions). Content-side signals are limited to the stability characteristics listed above and do not include page content.

2) How we use data
Provide the core features — Create a stable device/browser identifier to register your installation, enforce usage limits, and reduce abuse; process screenshots/masks to detect products and return results.
Operate your account and subscription — Register your device, issue and maintain a userId, check usage, and manage Stripe Checkout sessions for paid plans.
Improve reliability and support — Debugging and service quality (status, error logs, and minimal operational telemetry).
Comply with legal obligations and enforce terms.
3) Where data is stored
On your device (local only) — Local usage history, selected country, UI preferences, cached usage info, and userId/fingerprint in chrome.storage.local.
On our servers (cloud-hosted) — Registration fingerprint records, userId, usage/subscription status, and images/masks required to provide results.
4) Data sharing
We do not sell your personal information.
Service providers (processors) — Payment processing: Stripe (for subscriptions and checkout); cloud hosting/storage and operational tooling to keep the service running; product search providers used by our backend to generate results (no direct sharing from the extension; requests go via our API at https://api.pix2cart.com).
Legal/Compliance — We may disclose information if required by law or to protect our rights, users, or the service.
5) Permissions and scope
Chrome permissions used: storage, scripting, tabs, notifications, activeTab. No broad site access (no host_permissions). Scripts are injected only to the currently active page when you engage the feature.

6) Retention
Local (device): You control local history/preferences. You can clear them in the extension’s UI (Options/Popup) or by removing the extension.
Server: We retain registration, usage, and processing artifacts (including screenshots/masks) as necessary to deliver the service, troubleshoot, enforce limits, and meet legal requirements. You can request deletion (see Your Rights).
7) Security
Transport security: All communications with our API use HTTPS.
Access controls: Limited staff access to production systems on a need-to-know basis.
Minimization: Fingerprint relies on stability-oriented characteristics and hashed signals; passwords are not stored in the extension.
8) Your choices and controls
In-extension controls — Clear local history and preferences in the Options page; remove the extension to delete extension data stored by Chrome.
Account and server-side data — Contact us to request access, correction, export, or deletion of your account data and server-stored content (including screenshots/masks).
Opt-out — You can stop using the extension or disable its permissions at any time via the browser.
9) International transfers
Our services may be hosted in the United States or other regions. By using the extension, you understand your data may be transferred and processed outside your country, where laws may differ.

10) Children’s privacy
The extension is not intended for children under 13 (or under the age required by local law). We do not knowingly collect data from children.