SizeFit

← Back to SizeFit

SizeFit Privacy Policy

Last updated: 2026-06-10

This Privacy Policy explains what information the SizeFit: Size Chart & Fit Finder Shopify app ("SizeFit", "the app", "we", "us", "our") collects, how we use it, and the choices you have. SizeFit is operated by Raphael Mun, operating as Instafluff ("the operator"). SizeFit is a third-party application that merchants install on their Shopify store; it is not provided by Shopify.

1. Who this policy applies to

SizeFit has two kinds of people in scope:

  • Merchants — Shopify store owners and their staff who install and use SizeFit in the Shopify admin.
  • Shoppers — visitors to a merchant's storefront who interact with the SizeFit size chart or Fit Finder on a product page.

Where SizeFit decides how and why merchant account data is handled, we act as a data controller. For the limited storefront activity described below, the merchant is the controller of their store and shoppers, and SizeFit acts as a service provider / data processor on the merchant's behalf.

2. The short version

  • SizeFit does not store customer/shopper personal information — no names, no email addresses, no order data, no contact details.
  • The Fit Finder takes a shopper's anonymous body measurements for a single browsing session to recommend a size. We do not store those measurements against any identifiable person, and we do not build shopper profiles.
  • We store merchant-configured content (your size charts, chart assignments, and fit rules) and anonymous usage events (e.g., "a fit recommendation was made for product X"), all scoped to your shop.
  • We read your products and collections from Shopify read-only so you can choose what a chart applies to.
  • We do not sell personal information, and we do not use it for cross-site advertising or third-party ad targeting.

3. Information we collect

3.1 Merchant account and authentication data

When you install SizeFit, Shopify provides us, via OAuth, with:

  • Your shop domain (e.g., your-store.myshopify.com) and basic shop identifiers.
  • An OAuth access token / session that lets SizeFit call the Shopify Admin API on your behalf, within the scopes you approve at install.

We store your Shopify session using a server-side session store so the app stays connected. We do not receive or store your Shopify account password.

3.2 Merchant content you create in the app

SizeFit stores the configuration you create, scoped to your shop:

  • Size chart definitions (measurement columns, rows, units, labels, templates, CSV imports).
  • Chart-to-product / collection / tag assignments.
  • Fit rules (the deterministic measurement-to-size logic the Fit Finder uses).
  • App UI / settings state (e.g., your saved preferences and configuration within the app).

3.3 Product and collection data (read-only)

To let you pick what a size chart applies to, SizeFit reads your products and collections from the Shopify GraphQL Admin API on a read-only basis (product/collection titles, IDs, tags, and similar catalog metadata). SizeFit does not request or use write access to your products, and does not read your orders, customers, payments, or fulfillment data.

3.4 Anonymous storefront usage and fit events

When a shopper uses the size chart or Fit Finder on your storefront, SizeFit records anonymous events to power your returns-avoided analytics. An event contains:

  • An anonymous session identifier generated in the shopper's browser (see Section 4),
  • The product the interaction relates to,
  • The recommended size (for Fit Finder events),
  • A timestamp, and
  • Aggregate, non-identifying interaction details (e.g., that a chart was opened or a recommendation was made).

The shopper's entered body measurements are used in the moment to compute a recommendation. SizeFit does not store those measurements tied to an identifiable person and does not collect shopper names, emails, IP-based identity profiles, account information, or order history.

3.5 Information we do not collect

SizeFit does not collect or store: customer/shopper names, email addresses, phone numbers, shipping/billing addresses, payment or card data, order or transaction records, or any other Shopify "customer" personal data. The mandatory Shopify customer-data webhooks (see Section 9) therefore have no stored shopper PII to return or erase — but we honor them regardless.

4. Browser storage on the storefront (no tracking cookies)

The SizeFit storefront widget uses first-party browser storage, not advertising or cross-site tracking cookies:

  • sessionStorage key sizefit_session_id — a random, anonymous identifier that exists only for the current browser session. It lets us de-duplicate and attribute fit events within one visit. It is not a persistent cookie, is not shared across sites, and is not linked to a shopper's identity. It is cleared when the browser session ends.
  • localStorage key for the unit preference (cm/inch) — remembers whether the shopper prefers centimeters or inches so they don't have to switch every time. This is a convenience preference only and contains no personal data.
  • localStorage key for the anonymous fit profile — remembers the shopper's chosen usual size and fit preference so they don't have to re-enter it on every product. It is scoped to your store only, is not linked to a shopper's identity, contains no names, emails, or contact details, and never leaves the shopper's own browser. The shopper can clear it at any time by clearing their browser storage.

SizeFit does not set third-party cookies, does not run advertising pixels, and does not perform cross-site or cross-device tracking.

5. How we use information

We use the information above to:

  • Provide the app — display the right size chart on the right product, run the Fit Finder, and render the merchant admin.
  • Produce your returns-avoided analytics — turn anonymous fit events into an estimated number of returns avoided and dollars saved, using inputs you provide (such as AOV and a baseline return rate). These figures are always presented as estimates with the assumptions shown.
  • Operate and secure the service — authenticate API calls, isolate each shop's data, debug, and prevent abuse.
  • Bill the service — process subscriptions through the Shopify Billing API (see Section 7).
  • Support you — respond to your questions and resolve issues.

We do not use shopper data to build advertising profiles, and we do not sell or rent personal information.

6. Operational notifications (internal business alerts)

The operator receives internal alerts about app business events — such as an install, an uninstall, or a subscription change (upgrade, cancellation, lapse) — via a private Discord webhook that only the operator can access. These messages contain shop-level information (for example, the shop domain and the event type) so the founder can run the business and support merchants. They do not contain shopper personal data, and they are not shared with advertisers or third parties. Discord, Inc. acts as the transport for these operator-only notifications.

7. Billing

SizeFit offers a Free plan and a Pro plan ($14/month at the time of writing) using the Shopify Billing API. Subscription charges are processed by Shopify, which bills through your existing Shopify account. SizeFit does not receive, handle, or store your payment-card details; Shopify handles all payment processing under Shopify's own terms and privacy policy.

8. How information is stored, secured, and where it lives

  • Hosting & data location. SizeFit runs on Microsoft Azure using Azure Container Apps and Azure Table Storage in the East US region (United States). Merchant configuration and anonymous events are stored in Azure Table Storage.
  • Per-shop isolation. All data access is scoped to the authenticated or verified shop. SizeFit does not perform cross-shop reads; one merchant cannot see another merchant's data.
  • Secrets. API keys, connection strings, and webhook secrets are stored server-side only and are never exposed to the browser.
  • Webhook authenticity. Every webhook is HMAC-verified before SizeFit acts on it.
  • In transit. Traffic between Shopify, shoppers, and SizeFit is served over HTTPS/TLS.

International transfer note. Because SizeFit is operated from the United States and hosted in the U.S. (Azure East US), data is processed in the U.S. If you or your shoppers are in the EU/EEA, UK, or another region with cross-border transfer rules, by using SizeFit you acknowledge this processing location. SizeFit minimizes this exposure by not storing shopper personal data at all. (Operator: if you onboard EU merchants who require a Data Processing Addendum or specific transfer mechanism, add one — see Section 14.)

9. Shopify mandatory data webhooks (GDPR compliance topics)

SizeFit registers and HMAC-verifies Shopify's mandatory compliance webhooks plus the uninstall webhook:

  • customers/data_request — When a shopper asks a merchant for their data, Shopify sends this request. Because SizeFit stores no shopper personal data, there is no shopper PII for us to return; we acknowledge the request accordingly.
  • customers/redact — A request to erase a specific shopper's data. SizeFit holds no identifiable shopper data to erase; we acknowledge and ensure nothing identifiable is retained.
  • shop/redact — Sent ~48 hours after a merchant uninstalls. On this event, SizeFit deletes the shop's data: its size charts, chart assignments, fit rules, anonymous analytics events, and app UI/settings state for that shop.
  • app/uninstalled — When a merchant uninstalls, SizeFit cleans up the app's session and begins decommissioning the shop's footprint, with full data deletion completed on shop/redact.

10. Data retention

  • Merchant content and anonymous events are retained while the app is installed so the app and your analytics keep working.
  • On shop/redact (after uninstall), the shop's charts, assignments, rules, anonymous analytics events, and UI/settings state are deleted.
  • The storefront sessionStorage session id is cleared automatically when the shopper's browser session ends.
  • Operational notification messages (Section 6) persist in the operator's private Discord channel as a business log; they contain shop-level, non-shopper-PII information.

11. Sharing and third parties

SizeFit shares data only as needed to run the service. We do not sell personal information. The third parties involved are:

Provider Role What it handles
Shopify Platform, auth, billing, catalog data OAuth/session, product/collection reads, subscription billing, compliance webhooks
Microsoft Azure Hosting & storage (East US, USA) Runs the app; stores merchant config and anonymous events
Discord Operator-only notification transport Delivers internal business-event alerts (shop-level, no shopper PII) to the operator

We may also disclose information if required by law, to enforce our Terms, or to protect the rights, safety, and security of merchants, shoppers, or the operator.

12. Your rights

Depending on where you are located, you may have rights under laws such as the EU/UK GDPR and the California Consumer Privacy Act (CCPA/CPRA), including the right to access, correct, delete, or port your data, and the right not to be discriminated against for exercising these rights.

  • Merchants can export their size charts and rules at any time using SizeFit's one-click data export (CSV/JSON), and can trigger deletion of their shop's data by uninstalling the app (which leads to shop/redact deletion).
  • Shoppers should direct data requests to the merchant whose store they used, since the merchant is the controller of their storefront. Because SizeFit stores no identifiable shopper data, there is typically nothing for us to retrieve or erase about an individual shopper.

California "Do Not Sell or Share" / sensitive data. SizeFit does not sell or share personal information for cross-context behavioral advertising, so no opt-out of "sale/sharing" is necessary. To exercise any right, contact us using Section 13.

13. How to contact us

For privacy questions or requests, contact the operator:

  • Email: support@instafluff.tv
  • Operator / data controller: Raphael Mun, operating as Instafluff
  • Postal address: 6520 29th Ave SW, Seattle, WA 98126, USA

We will respond within the timeframes required by applicable law.

14. Children's privacy

SizeFit is a business tool for merchants and is not directed to children. The storefront widget collects only anonymous, session-scoped measurements to recommend a size and does not knowingly collect personal information from anyone, including children.

15. Changes to this policy

We may update this Privacy Policy as the app or the law evolves. When we do, we will revise the "Last updated" date above and post the new version at the policy's published URL. Material changes will be reflected there. Your continued use of SizeFit after an update constitutes acceptance of the revised policy.