Privacy Policy

Last updated: 10 June 2026

TL;DR

SizeSync never asks for your body measurements. We store your account profile (email, name, Google profile photo URL), the clothing items you save to your wardrobe, and a small set of technical records (IDs, timestamps, a hashed deletion-audit row, which onboarding steps you completed, and 90-day coverage records of which supported retailer's site the extension ran on). When you save an item, we also keep a record of the size we recommended for it, so we can check how accurate our suggestions are. From all of that, we build anonymized, aggregated statistics about how sizes and fit relate across brands. Those statistics can't be traced back to you. Your data lives in Ireland and is yours to export or delete at any time.

Who we are (the controller)

Felix Ingemarsson, a sole trader based in the United Kingdom, is the data controller for SizeSync. That means we decide what data is collected, why, and how it's used. When this becomes an incorporated company, this page will be updated.

Contact for any privacy question, data request, or concern: felix@sizesync.fit

What we collect

When you sign in with Google, we receive:

Nothing else from Google. Not your contacts, calendar, files, or anything else Google shows on the consent screen.

When you save a clothing item to your wardrobe, we store what you tell us about it:

When you visit a supported retailer's product page and the extension is active, the page's contents stay in your browser. The extension reads the retailer's published size chart, compares it locally against your wardrobe, and shows you a recommendation. The only thing we fetch from our server during browsing is your wardrobe, and we don't see what products you're looking at unless you click "Save". The extension does send back one small coverage record: which supported retailer's hostname it ran on, what kind of page it was (e.g. a product page), and whether it managed to produce a recommendation. That record contains no URL, no product details, and nothing else from the page. We keep coverage records for up to 90 days and use them to measure where our retailer support works and where it's failing.

As you go through the first-run onboarding, we record which onboarding steps you viewed and completed so we can see where new users get stuck. Nothing else — just the step number, the event, and a timestamp.

When you save an item that we recommended a size for, we keep a record of that recommendation alongside the save: the size we suggested, how confident we were, and a short summary of which of your wardrobe items informed it. We do this so we can compare what we recommended against the size you actually chose and how you later rated its fit. That is the only way we can tell whether our recommendations are any good and make them better. We do not record recommendations for products you only browse and never save, so this still only covers items you choose to save.

Product images. When you open your wardrobe or see the sidebar's Best Match card, the extension loads each saved item's product image directly from the retailer's own image hosting (e.g. ASOS, H&M, Zara, Uniqlo's image CDN). The retailer's image host sees your IP, user-agent, the time of the request, and the chrome-extension:// referrer — the same information they receive when you load any of their product pages in a browser tab. They do not see your account, your fit rating, your wardrobe contents, or any other information stored in our database. We surface this explicitly because the Who else sees your data section below lists only data processors (Google for sign-in, Supabase for storage). Retailer image hosts are not processors of your data, but they do receive a network request when their image is loaded.

If you join the waitlist (before you have an account), we store the email address you submit so we can notify you when SizeSync is ready. We use it for that single announcement and nothing else; you can ask us to delete it any time at felix@sizesync.fit. Waitlist emails live in the same EU-hosted Supabase database.

What we use your data for, and our lawful basis

Under UK GDPR we have to tell you why we process each kind of data and our legal basis for doing it. Plainly:

What Why Lawful basis
Email, name, Google account ID Sign you in and keep your account secure Contract (we can't provide the service without identifying you)
Profile photo URL Show a friendly account header in the extension Legitimate interests (display)
Wardrobe items, fit ratings, notes The actual product. Recommendations are computed from these. Contract
Recommendation records (the size we suggested, our confidence, the wardrobe items that informed it) Measure and improve how accurate our size recommendations are Legitimate interests (we have a genuine need to know whether the core feature works, and the records are tied to items you chose to save)
Coverage records (retailer hostname + page type the extension ran on, whether it could recommend) and onboarding steps (viewed/completed) Measure where our retailer support fails and where onboarding loses people Legitimate interests (no URLs, no product details, no page contents; coverage records expire after 90 days)
Anonymized, aggregated statistics derived from the above (how sizes and fit relate across brands) Improve and train the recommendation engine and develop new fit features Legitimate interests (the output is aggregated and no longer identifies you, so it carries minimal privacy impact)
Deletion-audit hash Operational record that a deletion happened (no PII; hashed user ID only) Legitimate interests + legal obligation (right-to-erasure proof)
Email correspondence Respond to your support / privacy requests Legitimate interests + legal obligation

If you ever feel a legitimate-interest use is unbalanced, email us and we'll review it.

Aggregated, anonymized insights

The thing that makes SizeSync work is understanding how sizes relate across brands: that an H&M medium tends to fit like a Zara large, and so on. We learn this by combining wardrobe and fit data across many people into aggregated statistics that describe brands and sizes, not people.

These aggregates are anonymized: they're stripped of anything that points back to you (no name, no email, no account ID, no individual wardrobe). Under UK GDPR, data that genuinely can't be linked to a person is no longer "personal data". That matters in two practical ways:

What we will never do is sell, rent, or hand over your personal data, the wardrobe tied to your account, to advertisers, data brokers, or anyone else. The aggregates are general knowledge about clothing; your account and wardrobe stay private.

What we never collect

Where your data lives

We use Supabase to store everything. Your data sits in Supabase's West EU region (currently AWS eu-west-1, Ireland). Supabase Inc. is US-headquartered, but the data itself is hosted in Ireland. The connection between your browser and our database is encrypted, and the database is encrypted at rest.

Who else sees your data

Two processors, both necessary for the product to work:

That's the entire list. No third-party analytics services, no advertising networks, no third-party trackers, no data brokers. The recommendation, coverage, and onboarding records described above are first-party: we collect them ourselves, hold them in our own Supabase database, and don't share them with outside analytics or ad companies. If that changes materially, we'll update this page and email account holders.

How long we keep your data

Until you delete it. You can delete your account at any time from the extension's Settings screen (click the gear icon in the wardrobe header, then Delete my account). Your wardrobe and account data, including the recommendation records tied to your account, are removed from active systems within 14 days. Supabase's automated backups also expire on their normal retention cycle. Your data will not persist in backups beyond that window.

The one thing that stays is the anonymized, aggregated statistics described above. Because those no longer identify you (they describe brands and sizes in general, not your account), deleting your account doesn't remove them. This is standard under UK GDPR, which treats genuinely anonymized data as no longer personal.

If you prefer to email us instead, send a deletion request to felix@sizesync.fit and we'll remove everything from active systems within 14 days.

Coverage records (which retailer hostname and page type the extension ran on) are deleted automatically after 90 days, whether or not you delete your account.

The deletion-audit log retains a SHA-256 hash of your user ID (no name, no email, no PII) so we can prove a deletion happened. The hash can't be reversed into the original ID.

If you stop using SizeSync but don't delete your account, your wardrobe stays put. We don't auto-purge inactive accounts.

Your rights under UK GDPR

You have the right to:

To exercise any of these, email felix@sizesync.fit. We respond within 30 days as required by law.

Cookies and tokens

The extension stores authentication tokens (an access token plus a refresh token, both issued by Supabase) in Chrome's extension-local storage to keep you signed in. That's it. No marketing cookies, no third-party cookies, no fingerprinting, no cross-site behavioural tracking, no third-party analytics. The first-party recommendation records described earlier are stored in our own database, not in cookies or trackers.

Children

SizeSync is for people 16 and older. We don't knowingly collect data from anyone under 16. If you're a parent and your child signed up, email us and we'll delete the account.

International transfers

Data is hosted in Ireland during normal operation. However:

Google API data: Chrome Web Store Limited Use disclosure

SizeSync's use of information received from Google APIs (specifically, the user-profile data we receive via Google OAuth: email, name, profile photo URL, account identifier) adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements.

In plain English: we only use Google data to provide and improve user-facing features of SizeSync (sign-in and account display). We never transfer it to third parties except as necessary to provide the service or comply with law, we never use it for advertising, and we never let humans read it except for support, security, or legal reasons you've consented to.

Business transfers

SizeSync is an early project and may one day be acquired by, merge with, or sell its assets to another company. If that happens, the data we hold can transfer to the new owner as part of the business. Specifically:

We will not use a sale as a backdoor to hand your personal data to advertisers or data brokers. A successor steps into our shoes; it doesn't get rights we don't have.

Changes to this policy

If we change anything material (what we collect, who we share with, our lawful basis), we'll update this page and email everyone with an account. We won't quietly broaden the scope without telling you.