Privacy Policy

Last updated: 27 April 2026

What we collect

When you sign in with Google, we store:

• Your email address and display name (from your Google profile)
• Your device list (products you add to your rig)
• Your firmware version selections and custom prices
• Product reports you file (message + curator reply + your optional one-shot follow-up)
• If you opt in to publish your rig: the alias, public display name, optional emoji, optional blurb, the "show rig total value" preference, and any photos you choose to upload

We do not collect passwords (authentication is handled entirely by Google), payment information, or browsing history.

Public rig (opt-in)

Rigs are private by default. You become discoverable only when you explicitly toggle Rig is public in the profile menu. Until then, nothing about your rig is exposed.

When public, the following becomes visible at fwradar.com/u/<your-alias> and may appear on the homepage "Featured rigs" section (if an admin selects you) or in the public /browse-rigs list:

• Your chosen alias, display name, optional emoji and blurb
• The list of devices in your rig with manufacturer and tags
• The total rig value — only if you opt in by ticking Show my rig total value (off by default)
• Up to 5 photos you choose to upload, displayed as a gallery on your public page (and used as the card cover on the homepage and browse list)

The following stays private and is never shown on your public page: your email address, your Google profile name and ID, your Telegram link, the specific firmware versions you've installed, your custom per-device prices, and any product or abuse reports you or others have filed.

You can flip the public toggle off at any time — your page returns 404 immediately. You can also change your display name (the URL regenerates) or delete your account entirely from the profile menu.

Photos you upload (opt-in)

Photos are entirely optional. If you choose to add any to your public rig, the following applies:

• EXIF metadata is stripped on upload. Camera model, GPS coordinates, capture date, software, lens info — all removed before storage. We do not keep, expose or use this metadata in any way. Only the resized image pixels and the original filename remain.
• Resized + re-encoded. The original file is discarded after processing. We keep two derivatives only: a 1600 px (long edge) WebP for full-size viewing, and a 400 × 400 WebP thumbnail. We never re-distribute the original you uploaded.
• Hosted on our infrastructure (Hetzner Cloud, EU-Germany), served through Cloudflare's CDN edge so visitors worldwide get reasonable load times. No third party stores your photos.
• Public to anyone with the URL while your rig is public. Search engines may index your public rig page, including the photo URLs. There is no "private gallery" mode — photos either are public or they are deleted.
• Deletable at any time. From the same modal you used to upload, click the ✕ on any photo to remove it. Deletion unlinks the files from our server permanently. Your other photos and rig data are untouched.
• Subject to moderation. Photos can be reported by other signed-in users (the photo is auto-hidden pending review). Confirmed violations of the Terms are removed; you are notified in /my-reports with the reason.

If you delete your account, all photos you uploaded are deleted along with the rest of your data.

How we use it

• To display your personal rig and firmware tracking dashboard
• To send firmware update notifications via Telegram or Email (only if you opt in, separately, for each channel)
• To improve the service (anonymous, aggregated usage statistics)

Email notifications (opt-in)

Email notifications are disabled by default. To enable them you must explicitly opt in from the profile menu and confirm your address via a verification email (double opt-in). We only use your address for transactional service emails about your rig — never for marketing, newsletters, or third-party content.

When email notifications are enabled, we send:

• A daily digest (around 11:00 CET) ONLY when there's at least one pending firmware update for a device in your rig — otherwise no email goes out.
• A confirmation email when you request a new product addition, telling you whether it was added or rejected (and why).

Every email includes a one-click Unsubscribe link in the footer (RFC 8058 compliant, works without needing to sign in) and you can disable email notifications any time from your profile on fwradar.com. Unsubscribing stops delivery immediately; it does not delete your account or rig.

Email delivery is handled by our email provider Resend (see "Third-party services" below). Resend acts as our sub-processor under GDPR; no third party beyond Resend receives your address.

Cookies

We use a single authentication cookie (JWT) to keep you logged in. No tracking cookies, no advertising cookies, no third-party cookies.

Analytics

We use Umami, a privacy-focused, cookieless analytics tool. It collects anonymous page view data only. No personal information is tracked.

Third-party services

• Google OAuth — for authentication only
• Reverb.com API — for used market price data (no personal data shared)
• Telegram Bot API — for firmware update notifications (only if you opt in)
• Resend — for transactional email delivery (only if you opt in to email notifications). Resend is our email sub-processor and receives only your email address and the message payload. We never share your address for any other purpose.
• Cloudflare — CDN and DDoS protection (IP addresses processed for that purpose only, not stored by us)

Data retention

Your data is stored as long as your account exists. You can delete your account at any time from your profile menu — this permanently removes all your data (GDPR Article 17).

Your rights

You can:

• Access all your data (visible in your rig dashboard)
• Delete your account and all associated data at any time
• Send us a message for any privacy-related requests

Contact

For privacy questions, send us a message. We read every one.