SSerialDoctor← Back to home
LEGAL

Privacy Policy

Effective: April 25, 2026 · Last updated: April 25, 2026

We built SerialDoctor for developers who want to fix their boards fast. This policy explains — in plain English — exactly what data we collect, why we collect it, and what we do with it. No legalese traps, no dark patterns.

1. Introduction

Welcome to SerialDoctor. We are committed to protecting your personal information and being transparent about what we collect and why. This Privacy Policy applies to all users of SerialDoctor, accessible at serialdoctor.com.

By using SerialDoctor, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our service.

We review and update this policy regularly. The date at the top of this page reflects the most recent revision. We will notify you of significant changes via email or a prominent notice on our website.

2. Who we are

SerialDoctor is a web-based AI diagnostic platform built for embedded systems developers working with ESP32, ESP8266, STM32, Arduino, and other microcontroller boards. Our service is operated at serialdoctor.com.

References to "we", "us", or "our" refer to the SerialDoctor team. For any privacy-related questions, contact us at privacy@serialdoctor.com.

3. Data we collect

We collect only what is necessary to operate SerialDoctor. Here is a complete breakdown of every category of data we collect:

Account & identity data
When you create an account, we collect your name, email address, and (if you use Google Sign-In) your Google profile ID. This is processed by Clerk, our authentication provider. We do not store passwords — Clerk handles credential management using industry-standard hashing and security practices.
Serial monitor output
When you run a diagnosis, the raw text from your board's serial monitor is transmitted to our server and forwarded to OpenAI's API for AI analysis. This data is used solely to produce your diagnosis result. We do not permanently store the raw serial dump — only the structured diagnosis result is saved.
Board & project metadata
Optional context you provide — board type, baud rate, power source, motor drivers, wireless modules, and a description of what your project was doing — is used to improve AI diagnosis accuracy. This is included in the same OpenAI API request as your serial output.
Clarification answers
If the AI needs more information to diagnose a problem, it may ask you follow-up questions. Your answers are sent back to OpenAI as part of the same diagnostic session. They are not stored separately.
Diagnosis history
We store the title, severity level, board type, timestamp, and full structured result of each completed diagnosis in our Supabase database. This lets you access past diagnoses from the History page across sessions and devices. You can delete any entry at any time.
Usage & quota data
We track the number of diagnoses you have run in the current billing month and which subscription plan you are on. This is stored in our database and used to enforce plan-based usage quotas (Hobbyist: 1/month, Practitioner: 100/month, Atelier: unlimited).
Payment data
Payments are processed by Razorpay. We receive a confirmation of your payment and your resulting plan tier. We never see, store, or have access to your card number, CVV, expiry date, or bank account details. All payment card data is handled exclusively by Razorpay's PCI-DSS certified infrastructure.
Technical & server log data
Our hosting provider (Vercel) automatically logs standard web server data — IP address, browser type and version, operating system, referring URL, pages visited, and timestamps. These logs are used for security monitoring, debugging, and performance analysis. They are retained for up to 30 days and then automatically deleted.
Communications
If you contact us via email (e.g. privacy@serialdoctor.com or support@serialdoctor.com), we retain the contents of your message and your email address to respond to your inquiry and maintain records of our communications.

5. How we use your data

We use your data exclusively to operate and improve SerialDoctor. Specifically:

  • To authenticate you and maintain your login session securely
  • To run AI-powered diagnostics on serial output you submit
  • To save and display your diagnosis history across devices and sessions
  • To enforce plan-based usage quotas
  • To process subscription payments and manage your plan status
  • To send transactional emails such as payment confirmations and account alerts
  • To detect and prevent abuse, fraud, or misuse of the platform
  • To improve AI diagnostic accuracy using aggregated, anonymised patterns — never individually identifiable data
  • To comply with legal obligations including financial record-keeping
  • To respond to your support requests and communications

We do not sell your data. We do not share your personal data with advertisers, data brokers, or any third parties for commercial purposes.

6. Third-party services

SerialDoctor is built on top of trusted third-party infrastructure. Each provider processes data in accordance with their own privacy policies:

ClerkAuthentication & user management

Stores your email, name, and session tokens. Handles password security, OAuth flows, and multi-factor authentication. Data is stored in the US.

Privacy policy →
SupabaseDatabase

Stores your diagnosis history, plan info, and usage counters. Data is encrypted at rest and in transit. Hosted on AWS.

Privacy policy →
OpenAIAI diagnosis engine

Receives your serial output and optional project context to generate a diagnosis. OpenAI does not use API inputs for model training by default (API data is not used for training as per their enterprise policy). Data may be retained for up to 30 days for abuse monitoring.

Privacy policy →
RazorpayPayment processing

Handles all payment card data under PCI-DSS compliance. We receive only a payment confirmation and your resulting plan tier. Razorpay is regulated by the Reserve Bank of India.

Privacy policy →
VercelHosting & infrastructure

Serves the SerialDoctor application globally via CDN. Logs basic request data for security and performance monitoring.

Privacy policy →
GoogleOAuth sign-in (optional)

Only used if you choose to sign in with Google. We receive your name, email, and Google profile ID. We do not receive access to your Google Drive, Gmail, or any other Google services.

Privacy policy →

7. Data sharing & disclosure

We do not sell, rent, or trade your personal data. We share your data only in these limited circumstances:

  • Service providersWith the third-party services listed above, strictly to operate the SerialDoctor platform.
  • Legal requirementsIf required by law, court order, or government authority, we may disclose your data. We will notify you of such requests unless legally prohibited from doing so.
  • Business transfersIn the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you via email and provide a choice to delete your account before any transfer.
  • SafetyIf we believe disclosure is necessary to prevent harm, fraud, or illegal activity, we may share data with appropriate authorities.

8. Data retention

We retain different categories of data for different periods based on operational necessity and legal requirements:

Account dataRetained while your account is active. Deleted within 30 days of account deletion request.
Diagnosis historyRetained indefinitely while your account is active. You can delete individual entries at any time.
Raw serial outputNot stored permanently. Processed in memory and discarded after the diagnosis is generated.
Payment recordsRetained for 7 years as required by financial regulations.
Server logsRetained for up to 30 days, then automatically purged.
Support communicationsRetained for up to 3 years to maintain records of resolved issues.
Anonymised analyticsRetained indefinitely in aggregated, non-identifiable form.

9. Your rights

Depending on your location, you may have the following rights regarding your personal data. We honour all of these rights regardless of where you are located.

AccessRequest a copy of all personal data we hold about you, in a readable format.
CorrectionRequest that we correct inaccurate or incomplete personal data.
DeletionRequest that we delete your account and all associated personal data. We will complete this within 30 days.
PortabilityRequest your diagnosis history exported in a machine-readable JSON format.
ObjectionObject to processing of your data for certain purposes, such as direct marketing.
RestrictionRequest that we limit how we use your data while a dispute is being resolved.
Withdraw consentWhere processing is based on consent, withdraw it at any time without affecting prior processing.
Lodge a complaintFile a complaint with your national data protection authority if you believe we have violated your rights.

To exercise any of these rights, email privacy@serialdoctor.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

10. GDPR (European users)

If you are located in the EEA, UK, or Switzerland, the General Data Protection Regulation (GDPR) gives you specific rights over your personal data. We act as the data controller for the personal data you provide to us. Our third-party service providers act as data processors under our instruction.

We do not transfer your personal data outside the EEA without ensuring adequate safeguards are in place (such as Standard Contractual Clauses). Our primary service providers (Clerk, Supabase, OpenAI, Vercel) are covered by EU-US Data Privacy Framework certifications or equivalent mechanisms.

To exercise your GDPR rights, contact us at privacy@serialdoctor.com. If you are unsatisfied with our response, you have the right to lodge a complaint with your local supervisory authority.

11. CCPA (California users)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • The right to know what personal information we collect, use, disclose, and sell
  • The right to delete your personal information
  • The right to opt out of the sale of your personal information — note: we do not sell personal information
  • The right to non-discrimination for exercising your CCPA rights

To exercise your CCPA rights, contact us at privacy@serialdoctor.com or use the subject line "CCPA Request".

12. Security

We implement industry-standard security measures to protect your data:

  • All data in transit is encrypted using TLS 1.2 or higher
  • Data at rest in Supabase is encrypted using AES-256
  • Authentication is handled by Clerk, which implements OWASP-compliant security practices
  • API keys and secrets are stored as environment variables, never in source code
  • Access to production databases is restricted to authorised services only
  • We perform regular dependency audits to identify and patch known vulnerabilities

No system is 100% secure. If you discover a security vulnerability in SerialDoctor, please disclose it responsibly to security@serialdoctor.com. We take all reports seriously and will respond within 48 hours.

13. Cookies

We use essential cookies only. We do not use advertising, tracking, or analytics cookies of any kind.

__sessionClerk

Authentication session token. Required to keep you logged in.

Duration: Session — deleted when browser closes

__client_uatClerk

Client-side authentication state used by Clerk to sync session across tabs.

Duration: Session — deleted when browser closes

You can disable cookies in your browser settings, but this will prevent you from logging in to SerialDoctor.

14. Refund policy

We offer a 7-day money-back guarantee on all paid plans. If you are not satisfied with SerialDoctor for any reason within 7 days of your first payment, email us at billing@serialdoctor.com and we will issue a full refund — no questions asked.

EligibilityFirst payment only. Subsequent billing cycles are non-refundable unless there was a billing error.
Processing timeRefunds are processed within 5–10 business days depending on your bank or card issuer.
MethodRefunds are issued to the original payment method used at purchase.
DisputesIf you believe you were charged in error, contact us before initiating a chargeback. We resolve billing disputes quickly and fairly.

15. Children's privacy

SerialDoctor is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, contact us at privacy@serialdoctor.com and we will delete it within 14 days.

16. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, sending you an email notification. Your continued use of SerialDoctor after changes are posted constitutes acceptance of the updated policy.

17. Contact us

For any privacy-related questions, requests, or concerns, contact us:

Privacy & data requestsprivacy@serialdoctor.com
Billing & refundsbilling@serialdoctor.com
Security vulnerabilitiessecurity@serialdoctor.com

We aim to respond to all privacy requests within 30 days. For urgent matters, include "URGENT" in your subject line.

Questions about your privacy?
We respond to all requests within 30 days — usually much faster.
Contact us →