PRIVACY POLICY

Effective Date: June 19, 2026

Last Updated / Revised: July 1, 2026

This Privacy Policy explains how Firehill Software Solutions, LLC  ("Company", "we", "us", or "our"), located at 4539 N 22ND ST #5867; PHOENIX, AZ 85016, collects, uses, discloses, and safeguards your information when you interact with the software application Logiop Studio - Basic Edition  and our website located at https://logiop.com (collectively, the "Services").

We are deeply committed to data minimization and user privacy. Because Logiop Studio is engineered as a local-first Progressive Web Application (PWA), we do not upload, store, or see your engineering projects, source code, or design workspace files. Please read this policy carefully to understand exactly what data we collect, where it is stored, and how your rights are protected under global frameworks like the EU GDPR and the India Digital Personal Data Protection (DPDP) Act.

1. The Core Privacy Blueprint: Local Storage Architecture

Unlike traditional software-as-a-service (SaaS) platforms, the core operational data you generate inside Logiop Studio remains entirely on your machine:

  1. Workspace Data Ownership:  All state machine configurations, hierarchical layout files, properties, and schema exports are read from and written directly to your local computer file system via your browser’s native File System Access (FSA) API.
  2. Zero Cloud Uploads:  These architectural files are never transmitted to, processed by, or stored upon our remote cloud infrastructure. We have zero visibility into your intellectual property, layout architectures, or source code data models.

2. Information We Explicitly Collect

We limit data collection strictly to information required to authenticate your software license, fulfill transactions, and resolve technical support inquiries. We collect data via the following mechanisms:

A. Personal Authentication Metadata

When you register an account or sign into the Services via authorized third-party OAuth identity providers (such as Google or GitHub), we collect and store the basic identity tokens returned to pass your authentication:

  1. Your unique user authentication string (Firebase UID)
  2. Your full name and verified account email address
  3. Your public profile photo URL (provided by your OAuth platform)

B. Financial and Transactional Metadata

All payment processing is securely executed by our third-party Merchant of Record, Stripe. The Company does not collect, capture, or store your credit card numbers, bank routing indices, or CVV digits. We receive and store only transactional metadata via Stripe webhooks to administer your license, including:

  1. Subscription status, tier variables, and renewal/expiration deadlines
  2. Stripe customer tokens and payment reference strings

C. Voluntary Communication & Diagnostic Logs

If you voluntarily lodge an application support ticket or crash report via our integrated UI or email support, we collect the text of your message and any files you manually append. Users may optionally choose to attach browser execution traces, stack histories, or application flow charts (such as pulse.json). The Software will never autonomously, silently, or proactively harvest or transmit system runtime telemetry to our servers without your explicit, manual action and consent.

D. Derivative and Infrastructure Telemetry

Our cloud hosting infrastructure automatically logs basic routing indicators required to safely transmit data to your browser context, such as your IP address, browser type, operating system version, access times, and system interaction timestamps.

3. Local Browser Caching (IndexedDB & LocalStorage)

Logiop Studio does not deploy cross-site tracking or advertising cookies. To empower offline functionality and preserve system state across navigation refreshes, the PWA utilizes standard browser-contained storage engines:

  1. IndexedDB:  Used securely inside your localized sandbox to cache file handles and directory configurations so you don't have to re-select your workspace folder every time you launch the app.
  2. LocalStorage:  Retains core cryptographic authentication tokens and basic UI presentation tokens.

4. Lawful Grounds and Use of Your Information

We process your basic administrative account data strictly under the legal basis of Contractual Necessity  (to provision and maintain your licensed account tier) and our Legitimate Interests  (to protect our platform against client-side exploitation or server tampering). Specifically, we use information to:

  1. Initialize, verify, and monitor your active user licensing profile.
  2. Process billing renewals, downgrades, and tier configurations via Stripe webhooks.
  3. Transmit critical account updates, administrative alerts, and support responses.
  4. Isolate and diagnose system crashes or functional bugs explicitly submitted by you.

5. Sharing and Disclosure of Information

We do not sell, rent, trade, or distribute your identity metadata to third-party ad brokers or behavioral marketing networks. Your limited information is shared only with the following key infrastructural sub-processors bound by strict safety parameters:

  1. Google Cloud Platform / Firebase:  Provides our global application hosting infrastructure, secure OAuth user authentication systems, and cloud-gated Firestore database frameworks.
  2. Stripe, Inc.:  Serves as our payment architecture and Merchant of Record, processing all billing lifecycles.
  3. Legal Enforcement:  If required to comply with a valid subpoena, federal mandate, court order, or to protect the technical infrastructure of the Company against illegal tampering or security breach, we may share information as explicitly required under U.S. computing laws.

6. International Cross-Border Transfers

Our primary computing servers and backend databases are deployed inside the United States of America. If you are accessing the Services from the European Economic Area, United Kingdom, India, or other geographic spheres with distinct statutory data laws, please note that your basic account registration profile data will be moved to and processed within the United States. Your voluntary account initialization and subscription payment represents your clear and unambiguous consent to this cross-border transfer under our rigorous administrative protection guidelines.

7. Global Data Rights (GDPR, UK DPA, & India DPDP Protections)

We honor non-waivable global privacy mandates. Regardless of your native citizenship, you hold full statutory control over the administrative data we retain inside our Firebase databases. You possess the following enforceable privileges:

  1. The Right of Access:  You can request an exported copy of all metadata logged under your unique User ID.
  2. The Right to Correction / Rectification:  You may request modifications to inaccurate or broken profile values held on our servers.
  3. The Right to Erasure ("Right to Be Forgotten"):  You hold the legal right to request that your database profile, transaction history linkages, support logs, and authentication records be permanently purged from our remote cloud servers. (Please note that exercising this erasure right will permanently dissolve your active subscription token and software license keys).

To trigger any of these statutory privacy actions, simply transmit an explicit request to our support desk via email or open an intra-app support ticket. We commit to executing valid erasure or data access requests within standard regulatory deadlines.

8. Safety Controls and Data Retention

We employ strict administrative, operational, and network security controls within our Firebase architecture to preserve identity tokens. We retain your basic account metadata only as long as your subscription or user account remains active, or as strictly necessary to satisfy statutory tax reporting, financial auditing, or legal defense obligations under Arizona state rules.

9. Minor Privacy Controls

Logiop Studio is designed and marketed strictly as an engineering utility for developers, system architects, and professionals. We do not knowingly harvest, solicit, or maintain database entries belonging to minors under the age of 13 (or under the age of 18 within jurisdictions governed by India's DPDP child data consent provisions). If we discover that a minor has initialized an authenticated account, we will deploy immediate measures to wipe that tracking metadata from our servers.

10. Revisions and Modifications

The Company retains the right to modify or adjust this Privacy Policy to mirror engineering additions or shifting global statutory bounds. Any revisions will be logged by altering the "Last Updated" timestamp at the apex of this text. If significant changes occur, we will post a system notice directly inside the application interface or dispatch an update summary to your registered email address.

11. Data Protection Contact

If you hold technical questions regarding this local storage framework, cross-border data routing, or wish to exercise your data erasure privileges, please reach out directly to our support desk at our primary website channels or open an intra-app support ticket.