Privacy Policy

Last updated: 18 May 2026

TL;DR

SizeSync never asks for your body measurements. We store your account profile (email, name, Google profile photo), the clothing items you save to your wardrobe, and a small set of technical records (IDs, timestamps, a hashed deletion-audit row). Your data lives in Ireland and is yours to export or delete at any time.

Who we are (the controller)

Felix Ingemarsson, a sole trader based in the United Kingdom, is the data controller for SizeSync. That means we decide what data is collected, why, and how it's used. When this becomes an incorporated company, this page will be updated.

Contact for any privacy question, data request, or concern: felix@sizesync.fit

What we collect

When you sign in with Google, we receive:

Your email address
Your full name
Your Google profile photo URL
The Google account identifier (the sub claim, Google's stable ID for your account, needed to sign you in reliably)

Nothing else from Google. Not your contacts, calendar, files, or anything else Google shows on the consent screen.

When you save a clothing item to your wardrobe, we store what you tell us about it:

The brand and product name (e.g. H&M Slim Fit Jeans)
The category (jeans, t-shirt, dress, etc.)
The size you bought (e.g. M, L, 32)
The garment dimensions we pulled from the retailer's product page (e.g. waist 78cm, inseam 81cm)
Your fit rating (fits well / runs small / runs large)
The URL of the retailer's product page (this reveals which item you saved, so saving an item discloses that you viewed it on that retailer)
A link to the product image from the retailer's page (we store the URL only, not the image)
Any note you add yourself. Free-text. Anything you type into the notes field is stored as-is, so don't write things you wouldn't want us to hold.

When you visit a supported retailer's product page and the extension is active, none of that page data goes to our server. The extension reads the retailer's published size chart, compares it locally against your wardrobe, and shows you a recommendation. The only thing we fetch from our server during browsing is your wardrobe. We don't see what products you're looking at unless you click "Save".

What we use your data for, and our lawful basis

Under UK GDPR we have to tell you why we process each kind of data and our legal basis for doing it. Plainly:

What	Why	Lawful basis
Email, name, Google account ID	Sign you in and keep your account secure	Contract (we can't provide the service without identifying you)
Profile photo URL	Show a friendly account header in the extension	Legitimate interests (display)
Wardrobe items, fit ratings, notes	The actual product. Recommendations are computed from these.	Contract
Deletion-audit hash	Operational record that a deletion happened (no PII; hashed user ID only)	Legitimate interests + legal obligation (right-to-erasure proof)
Email correspondence	Respond to your support / privacy requests	Legitimate interests + legal obligation

If you ever feel a legitimate-interest use is unbalanced, email us and we'll review it.

What we never collect

Your body measurements. Not your height, weight, bust, hips, inseam, anything. The whole point of SizeSync is you don't have to give us these. (If you choose to type body measurements into the notes field, they'll be stored as part of that note. But we never ask.)
Your browsing history outside the supported retailers. The current supported retailers are ASOS, H&M, Zara, and Uniqlo. We'll update this page before adding materially different retailer access. The extension never activates on your bank, email, news, work tools, or anywhere else.
Payment information. SizeSync is free.
Photos, screenshots, or anything from your computer.

Where your data lives

We use Supabase to store everything. Your data sits in Supabase's West EU region (currently AWS eu-west-1, Ireland). Supabase Inc. is US-headquartered, but the data itself is hosted in Ireland. The connection between your browser and our database is encrypted, and the database is encrypted at rest.

Who else sees your data

Two processors, both necessary for the product to work:

Google: only when you sign in. They confirm you are who you say you are. They don't see what you save.
Supabase Inc.: they host our database. Their access is governed by their own data processing terms.

That's the entire list. No analytics services, no advertising networks, no third-party trackers, no data brokers. If that changes materially, we'll update this page and email account holders.

How long we keep your data

Until you delete it. You can delete your account at any time from the extension's Settings screen (click the gear icon in the wardrobe header, then Delete my account). Your wardrobe and account data are removed from active systems within 14 days. Supabase's automated backups also expire on their normal retention cycle. Your data will not persist in backups beyond that window.

If you prefer to email us instead, send a deletion request to felix@sizesync.fit and we'll remove everything from active systems within 14 days.

The deletion-audit log retains a SHA-256 hash of your user ID (no name, no email, no PII) so we can prove a deletion happened. The hash can't be reversed into the original ID.

If you stop using SizeSync but don't delete your account, your wardrobe stays put. We don't auto-purge inactive accounts.

Your rights under UK GDPR

You have the right to:

See what data we hold on you (right of access)
Get a copy in a portable format (we'll email you a JSON export)
Correct anything that's wrong
Delete it all
Restrict processing (we'll only store it, not use it)
Object to us processing it under legitimate interests
Lodge a complaint with the ICO if you think we've mishandled your data

To exercise any of these, email felix@sizesync.fit. We respond within 30 days as required by law.

Cookies and tokens

The extension stores authentication tokens (an access token plus a refresh token, both issued by Supabase) in Chrome's extension-local storage to keep you signed in. That's it. No marketing cookies, no third-party cookies, no fingerprinting, no behavioural tracking, no analytics.

Children

SizeSync is for people 16 and older. We don't knowingly collect data from anyone under 16. If you're a parent and your child signed up, email us and we'll delete the account.

International transfers

Data is hosted in Ireland during normal operation. However:

Google (our sign-in processor) and Supabase (our database processor) may process limited authentication, security, and operational metadata in other countries under their own data processing terms and standard contractual safeguards.
If you sign in from outside the EU, the technical metadata needed to authenticate you (including your IP address) will cross borders. That's unavoidable for any internet service.

Google API data: Chrome Web Store Limited Use disclosure

SizeSync's use of information received from Google APIs (specifically, the user-profile data we receive via Google OAuth: email, name, profile photo, account identifier) adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements.

In plain English: we only use Google data to provide and improve user-facing features of SizeSync (sign-in and account display). We never transfer it to third parties except as necessary to provide the service or comply with law, we never use it for advertising, and we never let humans read it except for support, security, or legal reasons you've consented to.

Changes to this policy

If we change anything material (what we collect, who we share with, our lawful basis), we'll update this page and email everyone with an account. We won't quietly broaden the scope.