Privacy Policy
What Fidel Does
Fidel is a Chrome extension that compares live web pages against Figma designs to identify visual discrepancies. It runs primarily client-side in your browser.
Information We Collect
Data that stays on your device (never sent to our servers)
- Validation results and match scores
- Extension settings and preferences
- Pinned element mappings
Data collected via your Figma account
- Your Figma user ID, display name, and email address (received during OAuth sign-in)
- Figma file and node IDs extracted from URLs you provide
- Figma file data (designs, components, variables) fetched on-demand for each validation
We do not store your Figma file contents. Design data is held in memory only during the active session.
Data sent to Anthropic (via our servers)
- When signed in, unmatched element names and text content are sent to Claude (via our Supabase proxy) for semantic matching
- No screenshots, page URLs, or personally identifiable information are sent to Anthropic
- The Anthropic API key is held server-side only — never stored in or exposed to the extension
Data sent to our servers (Supabase)
- Figma OAuth tokens: Exchanged and stored server-side for secure token refresh (client secret never exposed to the browser)
- Validation runs: When you save a report, the match score, severity counts, and individual issue diffs are stored for the web app dashboard
- Review feedback: When you submit review verdicts (true positive / false positive ratings), the following is sent:
- Case ID (a hash of the Figma URL + live page URL — not the URLs themselves in identifiable form)
- Your element-level and property-level verdicts
- The raw validation result for that run
- User profile: Figma user ID, handle, and email (from Figma OAuth) to identify your account
Data we do NOT collect
- We do not capture or store screenshots of your web pages
- We do not track which websites you visit (the content script only activates when you trigger a validation)
- We do not collect browsing history
- We do not sell or share your data with third parties for advertising
Cookies & Local Storage
Fidel does not use cookies. The extension uses browser local storage to persist:
- Authentication tokens (Figma OAuth, Supabase session)
- Validation results and settings
- Review feedback drafts
No advertising or cross-site tracking cookies are used.
Analytics & Telemetry
Fidel collects anonymized usage telemetry to improve the product. Events tracked include:
- Extension opened, validation started, validation completed, validation errors
- Review feedback saved
- Authentication success/failure
Telemetry is tied to your Figma user ID (not browsing activity) and stored in our Supabase database. No third-party analytics services (e.g., Google Analytics, Mixpanel) are used within the extension.
Third-Party Services
Fidel relies on the following third-party services to operate:
| Service | Purpose | Data shared |
|---|---|---|
| Figma | Design data source | OAuth tokens, file/node IDs |
| Anthropic | AI semantic matching | Element names and text content (no PII) |
| Supabase | Authentication, data storage, serverless functions | User profile, OAuth tokens, validation results, telemetry |
Each service is governed by its own privacy policy. We do not control how these services handle data once received.
Data Retention
- Local data: Stored indefinitely in your browser. Clear it by uninstalling the extension or clearing extension data in Chrome settings.
- Server-side OAuth tokens: Retained as long as your account exists. Revoke access anytime by disconnecting Fidel from your Figma account settings.
- Validation runs and reports: Retained as long as your account exists. Contact us to request deletion.
- Review feedback: Retained indefinitely for accuracy improvement. Contact us to request deletion.
- Account deletion: Upon request, all server-side data associated with your account will be deleted within 30 days.
Your Rights
- Access: You can view all locally stored data via Chrome DevTools. Server-side data is visible in the Fidel web app dashboard.
- Deletion: Uninstall the extension to remove all local data. Email us to delete server-side data.
- Portability: Export your validation results as JSON or Markdown from the extension's results view.
- Opt-out: You can use Fidel without signing in for local-only validation (AI matching and report sync require sign-in).
Data Security
- Figma OAuth client secret is stored server-side only, never in the extension
- All API communication uses HTTPS
- The extension's Content Security Policy restricts script execution
- No use of
unsafe-evalor remote code execution - Database access is restricted to authorized users via Row Level Security policies
Children's Privacy
Fidel requires a Figma account to use. Users must meet the minimum age requirements of Figma's Terms of Service (currently 13+). We do not knowingly collect data from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.
International Data Transfers
Fidel's servers are hosted in the United States. If you are accessing Fidel from outside the United States, your data may be transferred to and processed in the United States.
Changes to This Policy
We will update this page when the policy changes. Material changes will be communicated via the extension's update notes or email.
Contact
For privacy questions or data deletion requests:
Email: team@usefidel.com