Privacy Policy

1. Introduction

Magento 2 Product Editor ("we", "our", or "the Extension") is a Chrome extension that lets you edit Magento product data directly from the product page. This Privacy Policy explains what information we store, what we don't store, and how we protect it.

We built this extension for real daily store management, not marketing analytics. We aim to collect the minimum possible.

2. Information We Collect

2.1 Information You Provide

• Magento Store URL: Your store's base URL so the extension can talk to your Magento API.
• API Token: Your Magento API integration token (encrypted and stored locally in your browser).
• License Key: Your Premium license key, used to unlock premium features.
• Email Address: Only if you purchase Premium. Used for billing/receipts and license recovery.

2.2 Automatically Collected Information

• License Verification Data: We periodically check if your license is valid (for Premium users).
• Domain Information: We associate a license with a single Magento store domain to prevent key sharing.

2.3 Information We DO NOT Collect

• ❌ Product/catalog data (SKUs, prices, descriptions, etc.)
• ❌ Order or customer data
• ❌ Your store performance metrics or revenue
• ❌ Your browsing history
• ❌ Credit card information (Stripe handles payment)
• ❌ Analytics / tracking pixels / cookies

3. How We Use Your Information

3.1 Local Storage (in your browser)

• API Token: Encrypted and stored locally to authenticate API requests to your Magento store.
• Store Configuration: Your base URL and settings, saved locally so you don't have to re-enter them.
• License Data: Cached locally to enable or disable Premium features, even offline.

3.2 Remote Storage (our backend)

• License Verification: We store your license key and subscription status so the extension can confirm you’re Premium.
• Subscription Management: We keep minimal billing info (via Stripe) so you can keep/stop Premium.
• Domain Registration: We record which store domain is using your key. One license = one Magento store domain.

4. Data Storage and Security

4.1 Where Data is Stored

• Your Computer: Extension settings (including encrypted API token) live in Chrome extension storage on your device.
• Our Backend: License + subscription data are stored in our database (hosted on encrypted infrastructure).
• Third-Party Services:
  • Vercel: Hosts our backend API (serverless).
  • Stripe: Handles payments and billing (PCI DSS compliant).

4.2 Security Measures

• ✅ API tokens are encrypted (AES-GCM) before saving locally.
• ✅ All communication uses HTTPS/TLS.
• ✅ We do not store your Magento catalog data.
• ✅ We do not store your Magento customers, orders, or sales data.
• ✅ We never store your credit card (Stripe does).

5. Third-Party Services

Stripe (Payment Processing)

• Purpose: Manage Premium subscriptions and payments.
• Data Shared: Your email and payment method details when you subscribe.
• Privacy Policy: https://stripe.com/privacy

Vercel (Hosting)

• Purpose: Host the backend that validates your license.
• Data Shared: License verification requests (e.g. “is this key valid?”).
• Privacy Policy: https://vercel.com/legal/privacy-policy

Your Magento Store

• Purpose: Read and update product information when you ask it to.
• Data Shared: Only direct API requests between your browser and your Magento store.
• Important: Your catalog data never goes through our servers.

6. Chrome Extension Permissions

We request the following permissions so the extension can work:

• storage: Save encrypted credentials and settings locally.
• activeTab: Detect when you're viewing a Magento product page.
• sidePanel: Show the product editor UI in a side panel.
• scripting: Inject the “Edit Product” button into product pages.
• host_permissions: Talk to your Magento API and verify your license with our backend.

7. Your Rights

You can:

• Access: See your license status in the extension settings, or email fasticom@proton.me.
• Delete: Ask us to remove your license/subscription record.
• Export: Ask us for a copy of the license data we have for you.
• Opt-Out: Uninstall the extension at any time to stop all local data use.
• Correct: Update or rotate your API token in the extension settings.

8. Data Retention

• Local Data: Stays in your browser until you uninstall the extension or reset settings.
• License Data: Kept while your license is active.
• Subscription Data: Kept for up to 2 years after cancellation to meet tax and accounting rules.
• Account Data: If you ask us to delete your account, we remove it within 30 days (except what we must keep for billing compliance).

9. Cookies

The extension does not use cookies. Settings are stored using Chrome extension storage.

10. Children's Privacy

This extension is not intended for users under 13 years of age. We do not knowingly collect personal data from children.

11. International Data Transfers

Depending on where you are, your billing/ license info may be processed in other countries (for example, where Stripe or our hosting runs). We only use providers with appropriate protections.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make changes, we'll update the “Last Updated” date at the top of this page. Your continued use of the extension after changes means you accept the update.

13. California Residents (CCPA)

California residents have rights to:

• Know what personal data is collected about them.
• Request deletion of their personal data.
• Opt out of sale of personal data (we do not sell data).
• Not be discriminated against for exercising these rights.

14. European Residents (GDPR)

Under GDPR, you may:

• Request access to your personal data.
• Request correction (rectification).
• Request deletion (“right to be forgotten”).
• Request data portability.
• Object to or restrict certain processing.

15. Contact Us

If you have questions about this Privacy Policy, want to exercise your rights, or want to report a bug or security issue:

• Email: fasticom@proton.me
• Website: https://fasticom.vercel.app