Privacy Policy

• Account: email address, bcrypt-hashed password, role.
• Payments: Stripe customer ID and payment metadata. We never see your card number — Stripe handles it.
• Uploaded ECU binaries (in the course of processing): stored encrypted at rest, deleted after 30 days.
• Job audit metadata: job ID, file sha256, detected variant, processing timestamp, success/failure status. Retained indefinitely so refunds can be honored.

• Train AI models on your uploaded binaries.
• Share or sell your binaries to other customers, partners, or third parties.
• Use your binary to learn ECU patterns we'll then sell to others. Algorithm research is conducted on dumps we own (donor ECUs we purchased) or dumps you explicitly consent to as part of our research program.
• Send marketing emails without your opt-in.

• Stripe — payment processing. Stripe is PCI-DSS Level 1 compliant.
• Vercel — hosting our frontend.
• Render — hosting our worker API.
• Resend — transactional email (job notifications, password resets).
• Law enforcement when required by valid legal process. We will notify you unless the process forbids it.

• Access: request a copy of all data we hold about you.
• Deletion: request deletion of your account and binaries. Audit metadata may be retained where required for compliance.
• Correction: update your account email at any time from /dashboard.
• Portability: export your job history as JSON or CSV on request.
• Withdrawal of consent: if you previously consented to your binaries being used for research, you can revoke at any time. We will stop using your specific binaries; derived factual offset data already integrated into the patch registry cannot be unilaterally retracted, but no future research will use your files.

Email hello@immolocksmith.com for any of the above. We respond within 30 days.