doc/help/Privacy-Policy.md
Last updated: June 28, 2026
This policy describes how the Serial Studio desktop application handles your
data. It covers the application you install and run on your own computer. The
Serial Studio website and online store (serial-studio.com,
store.serial-studio.com) are operated separately and handle account and
purchase data under their own terms.
Serial Studio is a local-first desktop application. The data you stream from your hardware, the projects you build, the sessions you record, and the files you export all stay on your machine. Serial Studio does not run analytics, does not collect usage telemetry, and does not upload crash reports.
The only network connections Serial Studio makes on its own are license activation, trial registration, and an optional update check. Everything else that leaves your machine is something you start: connecting to a device, opening the AI Assistant, loading map tiles in the GPS widget, or browsing the examples and extensions catalogs.
The following never leaves your computer unless you explicitly export or share it:
Serial Studio operates one server that the application contacts directly:
https://cloud.serial-studio.com/trial). When you
start a Pro trial, the application sends a machine fingerprint, a timestamp,
and a one-time nonce so the trial can be bound to your machine and its
expiry tracked. No name, email, or device data is included.There is no other reporting back to Serial Studio. No analytics, no telemetry, no crash reporting, no usage statistics.
Some features rely on third-party services. When you use them, data goes directly from your machine to that service, governed by that service's own privacy policy.
Pro license activation, validation, and deactivation contact the Lemon Squeezy
licensing API (https://api.lemonsqueezy.com/v1/licenses/...). The application
sends your license key and a machine fingerprint. Lemon Squeezy is the payment
processor and reseller for Serial Studio Pro; it holds the purchase
information you provided at checkout (such as name, email, and payment
details) under its own privacy policy at https://www.lemonsqueezy.com/privacy.
Once activated, your license metadata is cached locally in encrypted form so
the application can work offline for up to 30 days between checks.
The AI Assistant is off by default and requires you to supply your own API key for a provider you choose. When you send a message, the conversation and any project context you include are sent directly from your machine to that provider's endpoint. Requests are not routed through any Serial Studio server. Before a request is sent, a redaction pass removes detected secrets (such as API keys) from the context.
Supported providers and their endpoints:
| Provider | Endpoint host |
|---|---|
| Anthropic | api.anthropic.com |
| OpenAI | api.openai.com |
| Gemini API endpoint | |
| DeepSeek | api.deepseek.com |
| Groq | api.groq.com |
| Mistral | api.mistral.ai |
| OpenRouter | openrouter.ai |
| Local | a host you configure |
Each remote provider processes your messages under its own privacy policy. Review that policy before sending sensitive data. To keep AI processing fully offline, point the Assistant at a local OpenAI-compatible endpoint (such as Ollama, llama.cpp, LM Studio, or vLLM); in that case no data leaves your network. See the AI Assistant page for details.
If update checks are enabled, the application downloads a small static version
file from GitHub (https://raw.githubusercontent.com/Serial-Studio/Serial-Studio/master/updates.json)
and compares it against the running version on your machine. The request
carries only what any HTTP client sends (your IP address and a user agent),
which GitHub processes under its own policy. No license, machine, or usage
data is attached. You can disable automatic update checks in the application
settings.
Some panels fetch content on demand when you open them:
raw.githubusercontent.com, api.github.com). These requests carry no
personal data.api.iconify.design) with your
search term to resolve icons.services.arcgisonline.com) and a cloud overlay image. The tile requests
include the coordinates of the area being displayed, which reveals the
geographic region you are viewing to the tile provider.Activation and trial registration use a machine fingerprint to bind a license or trial to a specific computer. The fingerprint is a one-way hash derived from a stable operating-system identifier (for example the OS machine ID on Linux, the platform UUID on macOS, or the registry machine GUID on Windows). It contains no personal files, no file contents, and no account information, and the original identifier cannot be recovered from it. The same value is used to derive the local encryption key described below, so encrypted data from one machine cannot be decrypted on another.
API keys and license data are stored encrypted at rest in the application settings, using a key derived from the machine fingerprint and protected with an integrity hash. Plaintext API keys are scrubbed from memory when a key is removed. Project files, session databases, and exports are ordinary files under your control and are not encrypted by the application; protect them with your operating system's own mechanisms if they contain sensitive data.
Depending on where you live, you may have rights to access, correct, or delete personal data held about you. To exercise those rights for data Serial Studio holds, use the contact below.
Serial Studio is a tool for engineering, education, and hobbyist use and is not directed at children under 13. Serial Studio does not knowingly collect personal data from children.
This policy may be updated as features change. Material changes will be reflected here with a new date at the top, and the current version always ships with the application.
For privacy questions or data requests, email [email protected].