Skip to main content

Minimal footprint

The embed script (fmv.js) runs on your page but has an extremely limited scope:
  • No DOM access — Does not read page content, forms, user inputs, other scripts, or any merchant DOM elements. It reads only its own <script> tag attributes and click targets with data-fmv-open-widget.
  • No cookies or storage — Sets zero cookies and does not touch localStorage or sessionStorage on your domain.
  • No data transmission — The embed script sends no data anywhere. It’s purely a UI shell that creates an iframe.
  • Creates exactly 2 elements — A <div> overlay and an <iframe>. Nothing else.

Inside the iframe

The iframe runs on cdn.fitmyvehicle.com.au — a completely separate origin from your site. Inside the iframe:
  • No cookies or storage either — The Supabase client is explicitly configured with persistSession: false and autoRefreshToken: false, so no cookies or storage are used even on the iframe’s own domain.
  • Data only goes to FMV — All data submitted inside the iframe goes exclusively to *.fitmyvehicle.com.au domains over HTTPS.
  • Font providers are iframe-only — Adobe Fonts and Google Fonts are loaded inside the iframe only. They never touch your page.
  • Customer data — Names, emails, phone numbers, and vehicle selections entered in the widget are submitted exclusively to api.fitmyvehicle.com.au over HTTPS.

No third-party tracking

No analytics pixels, ad trackers, or third-party scripts are loaded on your page by the FMV widget. The only external requests from the iframe are to FMV’s own domains and font providers.

Where data lives

Quote data, product catalogues, pricing, fitment rules, and customer contact details are stored on FMV’s servers. Nothing is written to your CMS, database, or file system.

Privacy

FMV processes data in accordance with Australian Privacy Law, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles. For full details, see the FMV Privacy Policy.