Privacy Policy
Effective date: January 8, 2026
This Privacy Policy explains how OpenFCC ("OpenFCC," "we," "us," or "our") collects, uses, and protects personal data when you purchase or use the OpenFCC software and related services. We are committed to data minimization: we collect only what is necessary to deliver your purchase and operate the license.
1. Data Controller
The data controller responsible for your personal data is OpenFCC. You can reach us for any privacy matter via our Support page (Telegram).
2. Data We Collect
- Email address. Used to deliver your download link and license key and to provide order-related support.
- Order and payment metadata. Such as order identifier, product purchased, amount, currency, and transaction status. Payments are processed by third-party payment providers: card payments by Gumroad, Inc., acting as merchant of record, and cryptocurrency payments by a third-party crypto payment provider. We do not collect or store payment card numbers.
- Hashed device serial number. For license activation, the application transmits a SHA-256 hash of your device's serial number. The plaintext serial number is never transmitted to or stored by us; only the irreversible hash is used to bind and verify the license.
- Anonymous site usage statistics. Our website uses Vercel Web Analytics, a cookieless service that records aggregated, anonymized visit statistics such as page views and country of origin. It sets no cookies and uses no persistent identifiers that could track you across sites.
No telemetry in the app. The OpenFCC Android application itself contains no analytics, tracking, or telemetry. It does not collect usage data, location, or device identifiers beyond the hashed serial used for activation described above.
3. Purposes and Legal Bases (GDPR)
- Delivering your purchase and license (contract performance, Art. 6(1)(b)). Processing your email, order metadata, and hashed serial to fulfil the sale, deliver the download and license key, and activate and verify your license.
- Fraud prevention, security, and abuse mitigation (legitimate interest, Art. 6(1)(f)). Using order and license data to prevent unauthorized redistribution, duplicate activation, and fraudulent transactions.
- Legal compliance (Art. 6(1)(c)). Retaining transaction records where required by tax or accounting law.
4. Processors and Third Parties
We share personal data only with service providers acting on our behalf, including:
- Payment providers (Gumroad, Inc., merchant of record for card purchases, and a third-party cryptocurrency payment provider) to process your payment;
- Email provider to deliver download links, license keys, and support correspondence;
- Analytics provider (Vercel Web Analytics) to produce cookieless, anonymized site usage statistics;
- Hosting and infrastructure provider to operate the website and license service.
These providers are bound by contractual obligations to protect your data and process it only as instructed. We do not sell your personal data.
5. Data Retention
We retain personal data only as long as necessary for the purposes described above. Order and transaction records are retained for the period required by applicable tax and accounting law. License records, including the hashed serial, are retained for the lifetime of the license to support permanent activation binding and abuse prevention, and are deleted or anonymized thereafter. You may request earlier erasure as described below, subject to legal retention obligations.
6. Your Rights
Subject to applicable law and, for individuals in the European Economic Area, the GDPR, you have the right to:
- Access the personal data we hold about you;
- Request rectification of inaccurate data;
- Request erasure of your data ("right to be forgotten");
- Request restriction of, or object to, certain processing;
- Receive your data in a portable, machine-readable format (data portability);
- Lodge a complaint with your local data protection supervisory authority.
To exercise any of these rights, contact us via our Support page. We will respond within the timeframes required by law.
7. International Transfers
Some of our processors may store or process data outside your country, including outside the European Economic Area. Where personal data is transferred internationally, we rely on appropriate safeguards such as European Commission adequacy decisions or Standard Contractual Clauses to ensure your data remains protected.
8. Cookies
Our website uses only essential cookies necessary for the site to function and to complete your purchase. We do not use advertising or non-essential tracking cookies.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will revise the "Effective date" above and, where required, provide additional notice of material changes.
10. Contact
For privacy questions or to exercise your rights, contact OpenFCC via our Support page.