Privacy Policy

Last updated: February 28, 2026

1. Introduction

FirmwareShield ("we", "us", "our") operates the firmwareshield.io website and the FirmwareShield firmware security analysis platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information

When you create an account, we collect your email address, name, and company name. We store a hashed version of your password -- we never store passwords in plain text.

Firmware Data

When you upload firmware images for analysis, we temporarily store the binary file in encrypted cloud storage (Cloudflare R2). Firmware files are automatically deleted 90 days after upload. Analysis results (component lists, vulnerability findings, compliance scores) are retained as long as your account is active.

Usage Data

We collect anonymized usage analytics including page views, feature usage, and scan counts to improve our service. We do not track you across other websites.

3. How We Use Your Information

  • To provide and maintain the firmware analysis service
  • To process your subscription and billing
  • To send scan completion notifications and security alerts
  • To improve our analysis accuracy and service quality
  • To comply with legal obligations

4. Data Sharing

We do not sell your personal data or firmware analysis results. We share data only with:

  • Stripe -- for payment processing
  • Cloudflare -- for hosting, CDN, and object storage
  • Sentry -- for error tracking (anonymized)
  • Resend -- for transactional email delivery

5. Data Security

All data is encrypted in transit (TLS 1.3) and at rest. Firmware files are stored in isolated, encrypted buckets. We follow OWASP security best practices and conduct regular security reviews of our platform.

6. Data Retention

  • Firmware binary files: 90 days after upload, then automatically deleted
  • Analysis results: retained while your account is active
  • Account data: retained until you delete your account
  • Billing records: retained for 7 years as required by law

7. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. To exercise these rights, contact us at privacy@firmwareshield.io.

8. Contact

For privacy-related inquiries, contact us at privacy@firmwareshield.io.