FirmPatch ("we", "us", "our") is a firmware co-pilot for eurorack synthesizers. This policy explains what data we collect, why, and what we do with it. We keep it short because we don't do anything creepy with your data.
What we collect
- GitHub account info — when you sign in with GitHub, we receive your GitHub username, display name, email address, and avatar. We use this to identify your account and attribute patches and bounties to you.
- Session data — the prompts you send, the firmware diffs generated, and which modules you interact with. This powers the community knowledge base that makes future responses better.
- Payment info — if you fund or claim a bounty, payment is processed by Stripe. We receive confirmation of payment but never see raw card numbers. Stripe's privacy policy applies to payment data.
- Usage analytics — anonymized event data (page views, feature usage) via PostHog, used to understand how the product is being used. No cross-site tracking, no ad targeting.
- Cookies — we use cookies strictly for authentication (keeping you logged in) and anonymous analytics. We don't use advertising cookies or sell your data to third parties.
Private vs. public mods
If your firmware fork is in a private GitHub repository, your mods and generated patches are private to you. They are not visible to the community, not eligible for bounties, and not shared with anyone. If your repo is public, patches you generate may contribute to the shared community knowledge base (stripped of personal identifiers).
How we use your data
- To authenticate you and keep your account secure
- To process bounty payments via Stripe
- To improve AI responses using aggregated session data
- To display community activity stats (session counts, patch counts) — never individual identifying data
What we don't do
- We don't sell your data
- We don't run advertising
- We don't share your data with third parties except as necessary to operate the service (GitHub OAuth, Stripe, PostHog)
- We don't store raw card numbers or payment credentials
Data retention
Account data is retained as long as your account is active. Session and patch data may be retained indefinitely to power the community knowledge base. You can request deletion of your account and associated data at any time by emailing us.
Your rights
Depending on where you live, you may have rights under GDPR (EU/EEA) or CCPA (California) to access, correct, or delete your personal data. To exercise these rights, contact us at the address below.
Contact
Questions about this policy? Reach us at privacy@firmpatch.dev.