Privacy at TinkerNorth.
Every app in the Dish suite ships with its own privacy policy because each one runs on a different platform with different permissions. They all share the same posture: no analytics, no advertising, no advertising ID, no account system, no cloud backend. The only data your device sends out during normal use is your own encrypted controller input to your own Satellite. Dish for Android additionally ships Firebase Crashlytics for crash and ANR reports (stack traces and device model only, never your gamepad input or Satellite addresses), with a one-tap opt-out in the app's Settings screen; see that app's policy for the precise scope.
One policy per app
Each Dish client and Satellite itself has its own page below. They live at /privacy/<app>/ and cover the jurisdiction-specific rights for GDPR (EU), UK GDPR, CCPA / CPRA (California), and LGPD (Brazil) inside each policy. That's the pattern most software companies use; it's simpler to read than a stack of region-specific policies, and it's what regulators expect.
Last reviewed: 2026-05-21. Each app's policy tracks its own revision date in case one changes faster than the others.
-
Dish for Android
ActiveThe Android app. Covers controller input capture, on-device sensor use, Bluetooth HID, network behavior, permissions, and the opt-out Crashlytics scope. The only V1 client with an outbound TinkerNorth-touched flow at all.
-
Satellite for Windows
Coming soonThe V1 server. Runs on your gaming PC, ships zero crash-reporting SDK, and never contacts a TinkerNorth-operated server during normal use. The OTA-update path fetches from GitHub Releases.
-
Dish for Windows
In developmentNative desktop client. In development; published before the app's first release.
-
Dish for macOS
In developmentNative SwiftUI client. In development; published before the app's first release.
-
Dish for Linux
In developmentQt6 + SDL2 client. In development; published before the app's first release.
-
Satellite for Linux
In developmentSame receiver, /dev/uinput-based, packaged for APT / DNF / AUR / AppImage. In development; published before the app's first release.
What's true across every app
- No analytics. No Google Analytics, no Firebase Analytics, no Plausible, no Umami, no custom event pipeline. The apps don't ship usage statistics anywhere.
- Crash reporting: minimal, scoped, and opt-out-able. Dish for Android uses Firebase Crashlytics for crash and ANR reports only: never gamepad input, Satellite addresses, or SSIDs. A one-tap opt-out lives on the app's Settings screen under Diagnostics. The other clients (Windows, macOS, Linux) and Satellite itself ship with no crash reporting SDK at all. Each app's policy spells out its specific scope.
- No ads, no advertising SDKs. The apps don't link any ad libraries and don't show ads.
- No account system. There's nothing to sign up for. We don't know who's using Dish.
- No remote configuration. No feature flags fetched from a server. The apps don't phone home for behavior toggles.
- No cloud backend. The "server" in the system is Satellite, which runs on your gaming PC, on your LAN. TinkerNorth doesn't operate any infrastructure that touches your gameplay.
- Open source, auditable. Every line of every app is in a public repo. You can verify the claims on this page.
The website itself
tinkernorth.com and dish.tinkernorth.com are static sites hosted on Amazon S3 behind CloudFront. There are no client-side analytics scripts on this site. CloudFront and S3 generate standard server-side access logs (IP, user-agent, request path, timestamp) that AWS retains per its documented retention. We use those logs for capacity planning and abuse detection only; we don't profile visitors and we don't share the logs with third parties.
Donation links in the footer open third-party platforms (GitHub Sponsors, Ko-fi, Buy Me a Coffee). Once you click through, you're on their site under their privacy policy.
Your rights, wherever you are
Each app's policy spells out the access / correction / deletion / portability rights for the relevant jurisdictions. The short version: because the apps don't collect personal data and TinkerNorth doesn't operate a backend, most "data subject access requests" are answered by uninstalling the app. Specific app permissions (like Bluetooth contacts on Android) live on your device's settings and you control them there.
Disclosure and contact
Found something we missed in a policy or in the apps' actual behavior? Email privacy@tinkernorth.com (it's a monitored mailbox) or open an issue on the relevant repo. For coordinated security disclosure, see SECURITY.md in the Satellite repo.