Privacy Policy

Effective: 22 April 2026

Fireal Software is a sole proprietorship operating in the United States. This Privacy Policy explains what personal information we collect when you visit fireal.dev, use the license and download dashboard at portal.fireal.dev, or run our software products, how we use it, and your rights. Questions about this policy can be sent to support@fireal.dev.

1. Data we collect

We try to collect as little as possible. Specifically:

Category	Data	When collected
Checkout info	Your full name and email address	When you start a purchase on the store page
Payment info	Your PayPal payer ID and order ID (not your card details)	When you complete a PayPal payment
License records	License key, product, activation count, the above identifying info	When a license is issued to you
Activation info	Device identifier (a SHA-256 hash of your computer’s hostname and OS install path) and a human-readable device name	When your software calls our activation API with your license key
Software telemetry (licensed)	Same device identifier as above, the running software version, and first-seen / last-seen timestamps	Every ~6 hours while the licensed software is running, piggybacked on the update check
Software telemetry (free / trial)	An anonymous install ID (SHA-256 of a random 32-byte token generated on your machine), the same hashed device identifier, and the software version	Every ~6 hours while trial or unlicensed software is running, unless you opt out
Server logs	IP address, request path, timestamps, user agent	Automatically for every request, for debugging and abuse prevention

We do not collect payment card or bank details. All payment processing is handled by PayPal; we only receive confirmation that a payment succeeded, the amount, and a PayPal order/payer identifier.

Telemetry explicitly excludes usage data, error reports, file paths, window titles, screen contents, user input, and any hardware information beyond the hashed device identifier described above. The free-tier ping stores only SHA-256(token) — the token itself is never persisted on our side. Full technical details and the on-wire payload are documented in The free-tier heartbeat: what we send, what we don’t, and how to opt out.

Opt-out. Both eyehands and Godot Catalyst accept a --no-telemetry CLI flag. They also honour an empty .no-telemetry marker file in their per-user data directory (%APPDATA%\eyehands\ on Windows; ~/.godot-catalyst/ on any OS). Either disables the heartbeat completely, including the generation of the install token, for the lifetime of the install.

2. How we use your data

Deliver the product — issue license keys, send purchase confirmation emails, validate activations.
Count installs — the telemetry heartbeat feeds a simple counter of active installs per version, so I can decide when to drop support for old versions and roughly size the user base. It is never used for advertising or shared with third parties.
Provide support — respond to your questions and troubleshoot issues.
Prevent abuse — rate-limit brute-force attempts, enforce activation limits, detect fraudulent purchases.
Comply with legal obligations — respond to lawful requests from government authorities.

We do not sell, rent, or share your personal information with advertisers. We do not use your data for profiling or automated decision-making beyond the activation limit check.

3. Third parties we use

We rely on a small number of service providers to run the portal. Each receives only the data necessary for its function.

Provider	Purpose	Data shared
PayPal	Payment processing	Name, email, amount, cart contents
Porkbun	Transactional email delivery and DNS hosting	Your email address and the contents of license emails we send you
Google Fonts	Web font delivery	Your IP address and user agent when your browser fetches fonts from fonts.googleapis.com / fonts.gstatic.com
UptimeRobot	Monitoring the portal’s health endpoint	None of your personal data — UptimeRobot only polls our server-side /api/health endpoint
Hetzner Online GmbH	Server hosting (datacenter in Ashburn, Virginia, USA)	All data stored on the portal, including license records and server logs

4. Cookies and browser storage

The Fireal Portal does not use tracking cookies, and we do not run analytics software (Google Analytics, Plausible, Facebook Pixel, etc.). The store page uses sessionStorage to temporarily hold your purchase result (license key, product name) between the PayPal checkout and the success screen; this is first-party, same-tab-only storage that is automatically cleared when you close the tab.

5. Data retention

License records — kept indefinitely so you can continue to activate and validate your license. You can request deletion at any time; see section 7.
Server access logs — kept for roughly one week (default Docker log rotation) unless needed longer for an active security investigation.
Backups — daily snapshots of the license database are kept for 90 days, plus Hetzner full-VM snapshots for the most recent 7 days.
Email — any emails you send us at support@fireal.dev are retained for as long as needed to resolve the issue, typically no longer than two years.

6. Location of data

All customer data is stored on servers physically located in the United States (Hetzner’s Ashburn, Virginia datacenter). If you are outside the United States — for example, in the European Economic Area, the United Kingdom, or elsewhere — your personal information will be transferred to and processed in the United States, which may have different data-protection laws than your home jurisdiction. By purchasing from us, you consent to this transfer.

7. Your rights

You can ask us to:

Show you what personal data we have about you.
Correct inaccurate data.
Delete your data (note: deletion will revoke any active licenses tied to that data).
Stop using your data for any specific purpose.

To exercise any of these rights, email support@fireal.dev from the email address on the account you want to act on. We will respond within 30 days.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA). The rights listed above cover the CCPA requirements of access, deletion, and non-discrimination. We do not sell personal information.

8. Security

We use HTTPS (TLS) for all connections to the portal, enforce rate limits on sensitive endpoints, and require a bearer-token credential for administrative access. No system is perfectly secure; if you believe your license key has been compromised, email us immediately and we will rotate it.

9. Children

The Fireal Portal and its products are not directed at children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. The Effective date at the top indicates when it was last changed. If changes are material, we will try to notify you by email. Continued use of the portal or our software after the updated policy takes effect constitutes acceptance.

11. Contact

Questions or requests? Email support@fireal.dev.