Privacy Policy
Effective date: June 20, 2026 ยท Last updated: June 20, 2026
1. Who We Are
mychipserver.com ("we", "our", "us") is operated by MyChipServer, Inc. We provide remote embedded hardware access โ including device reservations, firmware flashing, GDB debugging sessions, and logic analyzer streams โ via our web platform.
Contact: privacy@mychipserver.com
2. What Data We Collect
Account data: Email address, display name, organization name. Collected at sign-up via Clerk authentication.
Usage data: Device reservation history, session durations, firmware job logs, OpenOCD command history, logic analyzer frame data.
Authentication data: Hashed passwords (managed by Clerk), two-factor authentication preferences, session tokens.
Technical data: IP address, browser type, request timestamps, API call logs. Collected automatically for security and rate limiting.
Tenant/organization data: Company name, SSO domain, SAML metadata URLs, team structure, member role assignments. Collected when an organization subscribes.
3. How We Use Your Data
We use your data to: provide and operate the hardware access platform; authenticate your identity and enforce role-based access; track device-hour usage against your subscription quota; send service emails (reservation confirmations, invitation emails, security alerts); improve platform reliability and debug issues.
We do not sell your data to third parties. We do not use your data for advertising.
4. Data Sharing
Clerk (Authentication): Your email, password hash, and 2FA settings are managed by Clerk, Inc. See clerk.com/privacy.
Supabase (Database): All application data is stored in Supabase, Inc. infrastructure. See supabase.com/privacy.
Vercel (Hosting): The platform is hosted on Vercel, Inc. infrastructure. See vercel.com/legal/privacy-policy.
We may disclose data if required by law or to protect the safety of users and our systems.
5. Data Retention
Account data is retained for as long as your account is active. Device session logs and firmware history are retained for 12 months. You may request deletion of your account and associated data at any time by emailing privacy@mychipserver.com.
6. Security
We use industry-standard security practices: TLS for all data in transit, AES-256 encryption at rest in Supabase, two-factor authentication (email OTP + TOTP), HMAC-SHA256 for rack agent authentication, and row-level security policies on all database tables.
7. Your Rights
Depending on your location, you may have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your data; object to or restrict certain processing; data portability.
To exercise any of these rights, email privacy@mychipserver.com. We will respond within 30 days.
8. Cookies
We use cookies and local storage for: session management (Clerk authentication tokens), theme preference (light/dark mode), simulation feature flags (admin use only). We do not use advertising or tracking cookies.
9. Children
Our service is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.
10. Changes to This Policy
We may update this policy periodically. We will notify registered users by email of material changes at least 30 days before they take effect. Continued use of the platform after that date constitutes acceptance.