Privacy Policy — FAM Sample Cart - Intelligent Edition

Last updated: February 20, 2026

This privacy policy describes how the FAM Sample Cart Chrome extension (“the Extension”) collects, uses, and protects user data.

Data Collected

The Extension collects and processes the following data:

Product page content: When you activate the Extension on a retailer website, it reads the current page’s DOM to extract product information (name, price, images, sizes, colors, description).
Product page URLs: The URL of the page you are viewing when you use the Extension to extract product data.
Authentication tokens: OAuth tokens obtained through Microsoft Azure AD sign-in, used to authenticate with the company API.
User email address: Retrieved via Microsoft OAuth for user identification and access control.
AI API keys: User-provided API keys for OpenAI, Anthropic, or Google Gemini services, stored locally for AI-powered product extraction.
Cart data: Product information you add to your sample cart, stored locally in the browser.

Product extraction: Page content is sent to AI services (OpenAI, Anthropic, or Google Gemini) to intelligently extract and normalize product metadata for the internal sample ordering workflow.
Sample ordering: Extracted product data is sent to the company’s Scraper API for storage and processing as part of the internal sample management system.
Authentication: OAuth tokens and email are used solely to verify your identity and authorize access to company resources.
Local cart management: Cart items are stored in your browser’s local storage for session persistence.

The Extension communicates with the following third-party services:

OpenAI API (api.openai.com): Receives page content for AI-powered product data extraction (when OpenAI is selected as the AI provider).
Anthropic API (api.anthropic.com): Receives page content for AI-powered product data extraction (when Anthropic is selected as the AI provider).
Google Generative Language API (generativelanguage.googleapis.com): Receives page content for AI-powered product data extraction (when Gemini is selected as the AI provider).
Company Scraper API (rd-scraper-api-v2.azurewebsites.net): Receives extracted product data for internal storage and sample management.
Microsoft Azure AD: Handles user authentication via OAuth.

No data is sold, shared with advertisers, or used for any purpose other than the internal sample ordering workflow described above.

Local storage: Authentication tokens, AI API keys, cart items, and user preferences are stored in chrome.storage.local within your browser. This data remains on your device and is not transmitted except as described above.
Server-side storage: Product data sent to the company Scraper API is stored in the company’s database in accordance with company data retention policies.

Local data: Cleared when you sign out of the Extension or uninstall it. You can also manually clear stored data through the Extension’s settings.
Server-side data: Retained per company data retention policies. Contact your administrator for details.

All network communication uses HTTPS encryption.
Authentication tokens are stored securely in Chrome’s extension storage, which is sandboxed from web page access.
AI API keys are stored locally and never transmitted to company servers.

The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

We may update this privacy policy from time to time. Changes will be reflected in the “Last updated” date above.

For questions about this privacy policy or the Extension’s data practices, contact your FAM Brands team administrator.