Privacy Policy

Effective May 1, 2026

This Privacy Policy (the “Policy”) describes how Omen Division, Inc., a Delaware corporation (“Omen,” “we,” “us,” or “our”), collects, uses, discloses, and safeguards information when you access or use our products, websites, command-line tools, APIs, and related services, including usefirmware.com (collectively, the “Service”).

This Policy supplements, and should be read together with, our Terms of Service. Capitalized terms not defined here have the meanings given to them in the Terms of Service. For a plain-English explanation of how data flows through the Service, see our Security page; this Policy is the contractual document governing our privacy practices.

By accessing or using the Service, you acknowledge that you have read and understood this Policy. If you do not agree with our practices, you may not access or use the Service.

1. Information we collect

We collect information in three ways: information you provide directly, information collected automatically when you use the Service, and information we receive from third parties.

A. Information you provide.

  • Account information. When you register, we collect your name, email address, and authentication credentials (a hashed password or, if you sign in via single sign-on, an OAuth identifier from the provider you use).
  • Billing information. Payments are processed by our payment processor, Stripe. We do not store full payment-card numbers on our servers. We receive limited information from Stripe, such as the last four digits of the card, the card brand, the expiration date, and the billing postal code, in order to manage your subscription and reconcile invoices.
  • Your Content. When you upload schematics, datasheets, source files, or other materials, or when you send prompts and other inputs to the Service, that content is “Your Content” as defined in the Terms of Service. The handling and retention of Your Content is described in Section 4 below.
  • Communications. If you contact us for support, sales, or other inquiries, we keep a record of the message, your contact details, and any information you choose to share with us.

B. Information collected automatically.

  • Usage and telemetry. We collect logs of how you interact with the Service, including timestamps, request types, latency, error events, and the features you use, to operate, secure, and improve the Service.
  • Device and connection information. Our servers automatically receive information that your browser or client sends, including your IP address, user-agent string, operating system, browser type, and the date and time of your requests.
  • Cookies and similar technologies. We use cookies, local storage, and similar technologies to keep you signed in, remember your preferences, secure the Service, and measure usage. See Section 11 for details.

C. Information from third parties.

  • Identity providers. If you sign in via a single sign-on provider (such as GitHub or Google), we receive the basic profile information that provider chooses to share, typically your name, email address, and profile picture.
  • Payment processor. Stripe shares with us the non-sensitive billing metadata described above, plus information about the success or failure of charges and any chargebacks or disputes.

2. How we use information

We use the information we collect to:

  • provide, operate, and maintain the Service, including authenticating you, routing inference requests, and responding to your queries;
  • process payments, manage subscriptions, and prevent payment fraud;
  • communicate with you about transactional matters (account notices, security alerts, billing), and, where you have opted in, about product updates, surveys, or marketing;
  • monitor, secure, debug, and improve the Service, including by analyzing aggregated usage patterns and investigating outages and bugs;
  • detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Service or applicable law; and
  • comply with legal obligations and enforce our agreements.

3. AI processing and our no-training commitment

The Service routes inference requests to third-party model providers (currently including Anthropic, OpenAI, and inference hosts running open-weight models) to generate Output. Traffic routed through those providers is governed by our commercial or zero-retention agreements with them, which contractually prohibit them from training their models on Your Content.

We do not train artificial intelligence or machine-learning models on Your Content. If we develop our own models in the future, we will train them only on data that is licensed for that purpose, on synthetic data we generate, or on data you have expressly opted in to providing.

If you point the Service at a self-hosted inference endpoint, Your Content is sent to that endpoint instead of our routed providers, and the operation, security, and privacy practices of that endpoint are your responsibility.

4. Your Content and storage

Files you upload to the Service for processing are stored on our infrastructure on a temporary basis while the Service parses them, and are then deleted from our systems. Persistent project context is stored locally on your device, in the .omen directory inside your project. We do not retain a copy of that local context.

We may retain limited records of the fact that a request was made (for example, request timestamps, byte counts, and tokens consumed) to support billing, fraud prevention, and security; these records do not contain Your Content.

As between you and us, you remain the controller of Your Content. We process Your Content as your processor, only as needed to provide the Service to you, in accordance with the Terms of Service and this Policy.

5. How we share information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We disclose information only in the following circumstances:

A. Service providers. We share information with vendors who perform services for us under written contracts that require them to keep the information confidential and to use it only for the purpose of providing services to us. These categories currently include:

  • cloud-infrastructure providers (hosting, storage, networking, content delivery);
  • our payment processor, Stripe;
  • email-delivery and customer-support tooling;
  • error-monitoring and product-analytics providers; and
  • third-party model providers and inference hosts, as described in Section 3.

B. Legal and safety. We may disclose information if we believe in good faith that disclosure is required to comply with a subpoena, court order, or other legal process; to enforce our Terms of Service; to protect the rights, property, or safety of Omen, our users, or others; or to investigate fraud, security incidents, or violations of law.

C. Business transfers. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our assets, information may be transferred as part of that transaction. The successor entity will be bound to honor this Policy with respect to information transferred, or you will be given notice and an opportunity to delete your information before any change in practices.

D. With your consent. We may share information for any other purpose disclosed to you with your consent.

6. Data retention

We retain information for only as long as we need it to provide the Service or as required by law. Specific retention practices include:

  • Account information: retained for the life of your account and for up to thirty (30) days after termination, except where a longer retention period is required by law (for example, tax and accounting records, which we typically retain for seven (7) years).
  • Your Content uploaded for processing: deleted from our infrastructure after parsing, as described in Section 4.
  • Usage logs and security telemetry: typically retained for up to ninety (90) days, except where a longer period is required for security investigations or legal compliance.
  • Billing and tax records: retained as required by applicable financial-records law.
  • Backups: information may persist in routine encrypted backups for up to ninety (90) days after deletion from production systems, after which it is purged in the ordinary course.

7. Data security

We implement administrative, technical, and physical safeguards designed to protect information against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit (TLS), encryption at rest for data we store, access controls, audit logging, and least-privilege engineering practices.

No method of transmission or storage is one-hundred-percent secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for promptly notifying us of any suspected unauthorized access at contact@usefirmware.com.

8. International data transfers

We are based in the United States, and the Service is operated from infrastructure located in the United States and other countries. If you are accessing the Service from outside the United States, your information will be transferred to, stored, and processed in the United States and other countries where our service providers operate.

Where required, we rely on appropriate transfer mechanisms recognized under applicable law, including the European Commission’s Standard Contractual Clauses and equivalent mechanisms for transfers from the United Kingdom and Switzerland. By using the Service, you acknowledge that your information will be transferred outside your country of residence.

9. Your rights and choices

Depending on where you reside, you may have the following rights with respect to your personal information:

  • Access: request a copy of the personal information we hold about you.
  • Correction: ask us to correct inaccurate or incomplete information.
  • Deletion: request that we delete your personal information, subject to legal exceptions.
  • Portability: receive a copy of certain information in a structured, commonly used format.
  • Objection or restriction: object to, or request restriction of, certain processing of your information.
  • Withdrawal of consent: where we process information based on your consent, withdraw that consent at any time without affecting the lawfulness of prior processing.
  • Complaint: lodge a complaint with your local data-protection or privacy authority.

To exercise any of these rights, contact us at contact@usefirmware.com. We will respond within thirty (30) days, or within the period required by applicable law. We may need to verify your identity before fulfilling a request. We will not discriminate against you for exercising any of these rights.

10. Region-specific notices

A. United States — California (CCPA / CPRA). If you are a California resident, you have the rights described in Section 9, which mirror your rights under the California Consumer Privacy Act (as amended by the CPRA): the right to know, to delete, to correct, to limit use of sensitive personal information, to opt out of sale or sharing for cross-context behavioral advertising, and to non-discrimination. We do not sell or share personal information for cross-context behavioral advertising.

In the twelve (12) months preceding the effective date of this Policy, we have collected the categories of information described in Section 1, and we have disclosed those categories to the service-provider categories described in Section 5.A for business purposes only.

B. European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR). If you are located in the EEA, the UK, or Switzerland, our legal bases for processing your information are:

  • Performance of a contract — to provide the Service to you and to administer your subscription;
  • Legitimate interests — to operate, secure, and improve the Service, prevent fraud and abuse, and communicate with you about your account, where these interests are not overridden by your rights;
  • Consent — for processing where consent is required (such as certain marketing communications), which you can withdraw at any time; and
  • Legal obligation — to comply with applicable laws and regulations.

You have the right to lodge a complaint with your local supervisory authority. We have not appointed a Data Protection Officer or EU representative; for any inquiries, please contact us at contact@usefirmware.com.

11. Cookies and similar technologies

We use cookies, local storage, and similar technologies for the following purposes:

  • Strictly necessary: to keep you signed in, route your requests, and protect the Service against abuse and fraud.
  • Functional: to remember your preferences (such as theme or language).
  • Analytics: to measure how the Service is used in aggregate, so we can prioritize improvements.

We do not use cookies or similar technologies for advertising or for cross-context behavioral profiling. You can control cookies through your browser settings; disabling strictly-necessary cookies may impair the functionality of the Service.

12. Children’s privacy

The Service is not directed to, and we do not knowingly collect personal information from, individuals under the age of sixteen (16). If you believe we have collected information from a child under sixteen, please contact us at contact@usefirmware.com and we will delete it promptly.

13. Third-party links and services

The Service may contain links to third-party websites or services that we do not operate. This Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services before providing them with information.

14. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify you by email to the address associated with your account, by an in-app notice, or by another reasonable means, and we will update the effective date above. Your continued use of the Service after the changes take effect constitutes acceptance of the updated Policy. If you do not agree, you must stop using the Service.

15. Contact

Omen Division, Inc.
Delaware, United States
Privacy questions and requests: contact@usefirmware.com