Privacy Policy

Firepanel (“Firepanel”, “we”, “us”) is an admin panel for Firebase projects, operated by Scale, a sole proprietorship based in India. This policy explains what information we collect when you use getfirepanel.com, how we use it, and the choices you have. We’ve tried to write it plainly. Where we can’t avoid jargon, we’ve explained it.

We collect the minimum information needed to run Firepanel for you.

• Account information. Your name, email address, and avatar provided by Google when you sign in with Google OAuth.
• Firebase service-account credentials. When you connect a Firebase project, the service account JSON you paste in. It is encrypted at rest (see below).
• Usage data. Which features you use, and an audit log of actions you take inside Firepanel (e.g. opened collection X, edited document Y). This metadata helps us run the product, support you, and show your team who did what.
• Payment information. Handled by our payment processor, Razorpay. We do not store card numbers or CVVs — we receive only the metadata needed for billing (plan, status, last four digits).

We use the information above to:

• Operate Firepanel and provide the features you use.
• Authenticate you and keep your account secure.
• Reply to support requests you send us.
• Bill you for paid plans and prevent fraud.
• Understand how the product is used so we can improve it. We work from aggregate usage, not from reading your data.

Service-account credentials are encrypted at rest with AES-256-GCM before they touch our database. The encryption key lives in our server environment configuration, not in the database, so a database dump alone is not enough to read your credentials.

We do not permanently store your Firebase data. When you browse your Firestore documents, Auth users, or Storage files in Firepanel, we read them live from your Firebase project on each request and pass them through to your browser. We do not copy your Firestore documents, Auth user records, or Storage files onto our servers.

Firepanel is hosted on Vercel and uses Neon Postgres as its database for our own data (your account, your connected-project metadata, your subscriptions, and the audit log).

We do not sell your data. We share information only with the third-party services that Firepanel uses to function, and only the minimum each needs:

• Google — for OAuth sign-in.
• Razorpay — for payment processing.
• Plunk — for transactional email (sign-in notifications, billing receipts, replies to contact-form messages).
• Mixpanel — for product analytics (account email and id only, no Firestore data, no PII beyond that).
• Vercel and Neon — for hosting and database infrastructure.

We will also disclose information if required by law (a valid subpoena, court order, or equivalent legal process) and will tell you when we’re allowed to.

You can ask us to:

• Show you the data we hold about you.
• Correct anything that’s wrong.
• Delete your account and the data tied to it.
• Export your data in a portable format.

Reach us through the Contact page and we’ll respond within a reasonable timeframe.

We keep your account and project data for as long as your account is active. When you delete a connected project, its encrypted credentials are permanently deleted. When you delete your account, we remove your personal information and connected projects from our systems within 30 days. Audit log entries and billing records may be retained longer where required by law or for fraud prevention, but in a form that minimises personal data.

Firepanel uses session and authentication cookies that are required to keep you signed in. We do not use third-party advertising cookies, behavioural-ad networks, or cross-site tracking.

We use Mixpanel to understand how Firepanel is used and improve the product. Mixpanel may set cookies to track usage patterns. We do not send personally identifiable information beyond your account email and id. You can opt out at any time from the cookie notice (“Decline analytics”); essential authentication cookies remain.

Firepanel is not intended for users under 18. We do not knowingly collect information from anyone under 18. If you believe a minor has created an account, please contact us and we’ll remove it.

We may update this policy as Firepanel evolves. When we make material changes we’ll update the “Last updated” date at the top and, where appropriate, notify you by email or inside the product. Continued use of Firepanel after a change means you accept the updated policy.

Questions or concerns about privacy? Reach us through the Contact page.