Showing results for 
Search instead for 
Did you mean: 

GDPR compliance of CubeIDE and CubeProgrammer?

Associate II

I just downloaded and installed both STM32CubeIDE and STM32CubeProgrammer.

They both forcibly installed with user-spying phone-home features how I use the software, while only mentioning how to disable the feature after they have been installed.

So, the spying feature is on by default, and there is even no option to opt-out of the feature at install stage.

I don't believe this is GDPR compliant and thus illegal in the EU. Please fix this before someone makes a GDPR report of this and you get fined.

If you start harassing your users with spying features, I can also start taking my money elsewhere and buy other MCUs.

ST Employee

Dear @SOlen.1​ ,

Thank you for using our ecosystem and STM32 Tools, We confirm that our Tools are GDPR compliant. It is very important for us to protect our users and care about their data. You can see attached our policy for analytics which collect only anonymized data in a legal way and GDPR compliant.


Senior III

Dear STOne-32,

Although your tools are GDPR compliant, the problem lies in the fact that the user cannot disable the feature during installation, and has to go through the menus to disable it afterwards.

It really feels like ST is forcing this analytics feature by relying on the fact that the user might be too lazy to deactivate it later on...

I have to live with it but I don't like it, as other users like @SOlen.1​ .

Best regards,


Not even sure why this stuff is even necessary, some robust SW QA and in-house usage and testing should have addressed many of the bugs years ago.

D​ignostics at a fine grain level should be demand driven and whilst working directly with support staff to remediate or analyze specific issues.

T​hese metrics probably make for good presentations but don't really address the core failings.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..

Phone home should be OFF by default, and only need enabling or using as part of a direct support case or interaction.

That some feature works for 99.99% of users is pretty much irrelevant to the 0.01% for whom it doesn't. Need to focus on failing cases. Getting data from people who can't explain their own situation and context coherently

F​eatures need to be added by using and understanding what's expected via in-house dog fooding, and listening to requests for actual features that fit normal flows and expectations.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..

"T​hese metrics probably make for good presentations but don't really address the core failings."

It feels more marketing oriented and not support oriented.

Well, I just downloaded Linux version of CubeProg and reinstalled it to verify.

I don't see what you claim on your screenshots, so what you claim is not true.

Here are my screens about the subject, during installation, and on the first start of the program.

_legacyfs_online_stmicro_images_0693W00000bi2o9QAA.pngNo option to back out, not even a pre-ticked checkbox. Just "OK".


ST Employee

Dear Gentlemen,

As you know the GDPR applies to any information concerning an identified or identifiable natural person. In your first message you are invoking a technical feature which purpose is to report statistical data that we are unable to associate directly or indirectly to you. Consequently, in this particular context such statistical data are not protected by the GDPR. If you have further queries on this particular point we invite you to interact directly with our data privacy organization via the generic email address



Associate II

OK, fine, then it is according to GDPR, although I can't be sure you are not able to identify me.

But still, the Linux version experience is not as advertised by you.

Why do Windows installs have the option to back out on spying me during install, but Linux version doesn't?

That's kind of discriminating.

I should have the same options on same piece of software, regardless of the platform.

The Linux version is inconvenient if I have to do extra steps to make sure the program never sends anything to anyone.

I never want to give automatic feedback to anyone on anything I use. That's a waste of network bandwidth.