Skip to content

Privacy notice

How Microfirm handles account, billing, support, firmware-analysis, and scan-result data.

Information Microfirm collects

Microfirm collects account email addresses, workspace names, role and membership records, authentication session records, invite activity, support messages, billing state, scan metadata, uploaded firmware artifacts, generated findings, export records, webhook endpoint settings, and operational logs needed to run and secure the service.

Stripe processes payment details. Microfirm stores Stripe customer, subscription, price, and webhook event references, but does not store card numbers or bank-account credentials.

How the data is used

Data is used to authenticate users, isolate workspaces, process firmware scans, generate reports, enforce billing gates, send transactional email, deliver customer webhooks, provide support, investigate abuse or security issues, and operate the service.

Service providers

Microfirm runs on a small set of infrastructure providers: Vercel for hosting, Neon for Postgres, Upstash for Redis-backed queues and rate limits, Cloudflare R2 for private firmware artifact storage, Stripe for billing, and Resend for transactional email.

Firmware artifacts and retention

Firmware uploads are treated as untrusted and sensitive input. Current artifacts are stored privately, scoped by workspace, and default to a 30-day retention window unless a written agreement says otherwise.

Security and access

Workspace membership is the application access boundary. Microfirm uses signed upload URLs, verified Stripe webhooks, signed customer webhooks, server-side authorization checks, and audit events for security-sensitive actions.

Contact and updates

Email support@tkoresearch.com for privacy, security, billing, or support requests. Updates to this notice will be published at https://firmware.tkoresearch.com/privacy.