CIMEA Fastpass — Privacy Policy

Last updated: June 14, 2026

This privacy policy explains what data the CIMEA Fastpass browser extension collects, why it is collected, and how it is used.

Summary

CIMEA Fastpass helps users monitor a payment page and notify when an actionable event occurs. The extension runs in the user's browser and performs page checks locally. It does not request or transmit credit card details.

What the extension needs (permissions)

• storage — to store the activated license key (locally) and small preferences needed to resume or report state.
• tabs — to identify and interact with the active browser tab used for monitoring (read URL, reload, navigate back to starting page when user stops).
• notifications — to show a desktop notification when a success or notable error occurs (optional depending on user settings).
• Host permission for the CIMEA site(s) (for example https://mywallet.cimea-diplome.it/*) — required to read the page DOM and detect the payment markers on the payment page.

Remote code / execution

The extension does not execute remote JavaScript code fetched from third-party servers. It may fetch lightweight configuration or detection rules from the project server to keep detection logic up to date; these are data only (rules/config), not executable code.

Data we collect

The extension collects minimal operational data needed to provide the service. Data is limited to the following categories:

• Website content (page DOM): the extension reads the payment page DOM in the active tab to detect payment markers and alerts. This is necessary to determine whether a payment slot became available.
• Active tab URL: the extension reads the URL of the monitored tab to ensure it is on the supported payment start page and to navigate back to the starting URL when the user stops monitoring.
• License & session: the user's license key is stored locally in browser storage to keep the extension activated. The extension may send a masked license identifier or session token to the backend for license validation and telemetry; the actual full card or payment details are never collected or transmitted by the extension.
• Operational telemetry: optional telemetry events (errors, monitoring outcomes such as success/failure, rule-set version) are sent to the project's backend to help diagnose issues and improve detection. Telemetry is limited to event-level information and does not include personal identifiers.

Data we do not collect

• We do NOT collect or request credit card numbers, CVV, full billing details, or other payment sensitive data.
• We do NOT collect health data, precise location (GPS), or personal communications (email/chat content).
• We do not collect keystrokes or perform network-level monitoring of other web requests.

How data is used

Data is used to: (1) detect payment availability, (2) validate license activation, (3) provide notifications to the user, and (4) optionally collect anonymized telemetry to improve detection rules. License validation may involve sending a session token or masked key to the backend; the full license key is kept local unless you explicitly perform an activation which requires a validation call.

Third parties

Payments are handled by Lemon Squeezy on their secure checkout pages. We do not process card payments directly. Telemetry and license validation are processed by the project's backend services; telemetry does not include PII.

User controls

• You can remove the extension at any time from your browser; this clears local storage related to the extension.
• You can choose to opt out of sending telemetry in the extension preferences (if enabled in the UI).
• If you need to request deletion of any stored account or telemetry data, contact: ilya1196@gmail.com.

Contact

If you have questions or requests related to privacy, contact: ilya1196@gmail.com.