This Privacy Policy explains what personal information MCUHex collects when you use the website and web application at the MCUHex domain (the "Service"), how we use it, who we share it with, and the rights you have over it.
The data controller responsible for your personal information is Ömer Faruk Dak, an individual sole proprietor based in Türkiye. You can reach us at omrfrkdak@gmail.com.
This policy covers the MCUHex web application and marketing pages. It does not cover the locally-installed mcuhex-sdk desktop application, which runs on your own machine and communicates with the web app over a local-only network connection on your computer. Device memory, register values, captured samples, breakpoints, and source files exchanged with the local SDK stay on your machine and are not transmitted to us.
When you sign in via a third-party identity provider (see §5), we receive and store:
We never see or store the password you use with your identity provider.
When you upload an ELF/.out file for symbol parsing, we store the binary in encrypted cloud storage operated by our infrastructure provider (see the processor list in §5). Storage is designed so that uploads are isolated to the user that uploaded them. Alongside the file we record its original filename, file size, the internal object reference, and a request trace ID used for diagnostics.
When the application encounters an error, we record a small structured event to help us diagnose problems. The categories of information collected are limited to:
The contents of your uploaded files are never included in diagnostic records. We deliberately whitelist the fields above; no other application data is captured. Records are retained only briefly (see §4).
Our hosting provider (see §5) automatically records standard access logs — IP address, user agent, request URL, timestamp, and response status — for security and operational purposes, retained per that provider's platform defaults.
Today, the Service sets only strictly necessary cookies: the session and refresh cookies needed to keep you signed in. No analytics, advertising, or cross-site tracking cookies are set, and no consent banner is required for the cookies in use today.
We may introduce optional analytics or product-improvement cookies in the future. If we do, we will display a consent banner and will not set any non-essential cookies before you accept them.
The following data never leaves your machine and is never sent to our servers:
We process the data described above for the following purposes and on the following lawful bases (where GDPR or KVKK applies):
| Data | Retention |
|---|---|
| Uploaded firmware files | Automatically deleted after 3 days. |
| Error telemetry | Limited to roughly the most recent 100 entries per category on a rolling basis; typically a few days at current volume. |
| Account records | Retained until you request account deletion; deleted within 30 days of a verified request. |
| Server access logs | Per our hosting provider's platform default retention (see §5). |
We rely on the following processors to operate the Service. Each is bound by its own data processing terms.
| Processor | Purpose | Where data is processed |
|---|---|---|
| Supabase | Authentication, session management, user database | Per the Supabase project region we operate. |
| OAuth identity provider for sign-in | Globally, per Google's infrastructure. | |
| Amazon Web Services (S3, Lambda) | Encrypted file storage for uploads and serverless ELF symbol parsing | The AWS region configured for our deployment. |
| Upstash | Redis store for error telemetry | Per the Upstash database region we operate. |
| Vercel | Web hosting and serverless functions | Vercel's global edge network. |
| GitHub | Distribution of the mcuhex-sdk desktop installer | GitHub's CDN. We do not receive download analytics. |
We do not sell or rent your personal information, and we do not share it with third parties for cross-context behavioral advertising.
The data controller is located in Türkiye. Several of our processors operate infrastructure in the United States, the European Union, or other regions. Where personal data is transferred outside your country of residence, we rely on the cross-border transfer mechanisms each processor publishes (such as Standard Contractual Clauses or applicable adequacy decisions).
If you are located in the EU or EEA, you have the right to access, rectify, erase, restrict, and port your personal data; to object to processing based on legitimate interests; and to lodge a complaint with your local supervisory authority.
If you are located in Türkiye, you have the right to learn whether your personal data is being processed; to request information about the processing; to learn the purposes of processing and whether the data is used in accordance with those purposes; to know the third parties to whom your data is transferred; to request rectification, erasure, or destruction; and to object to outcomes that result from automated processing.
If you are a California resident, you have the right to know what personal information we collect and how we use it, to request deletion or correction, and to opt out of sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising.
Send a request from the email address associated with your account to omrfrkdak@gmail.com. We aim to respond within 30 days. We may need to verify your identity before acting on certain requests.
We protect your data with industry-standard measures, including:
No method of internet transmission or electronic storage is perfectly secure, and we cannot guarantee absolute security.
If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and the relevant supervisory authority without undue delay, in accordance with the requirements of GDPR and KVKK.
The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
We may update this Privacy Policy from time to time. Material changes will be announced on the website and reflected in the "Effective Date" above. Your continued use of the Service after a change takes effect constitutes acceptance of the updated policy.
For any questions, requests, or complaints regarding this Privacy Policy or the handling of your personal data, please contact:
Ömer Faruk Dak
Türkiye
omrfrkdak@gmail.com
See also our Terms of Service.