PRIVACY

Privacy policy.

Short and specific. No dark patterns.

1. What we collect

  • Your name and email — so we can reply to you.
  • The description you type into the form.
  • The redacted debug context your coding agent sends us after you approve it.
  • Timestamps on tickets and reports.
  • IP address and user-agent when a report is posted — for security and abuse prevention only.

2. What we do NOT collect

  • .env values.
  • API keys, tokens, database URLs, or any other credentials.
  • Third-party analytics beyond Vercel Analytics (aggregate traffic only).
  • Behavioral or advertising cookies. We don't set tracking cookies.

3. How the redaction works

When you paste the ticket prompt into your agent, Step 3 of that prompt is a mandatory redaction pass. Before any context leaves your machine, the agent scrubs:

  • OpenAI-style keys matching sk-[A-Za-z0-9]{20,}.
  • AWS access keys matching AKIA[0-9A-Z]{16}.
  • GitHub tokens matching ghp_[A-Za-z0-9]{30,}, gho_, ghu_, ghs_, ghr_.
  • JWTs matching eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+.
  • Credentials embedded in URLs (scheme://user:pass@host).
  • Any environment variable whose name contains KEY, SECRET, TOKEN, or PASSWORD.

After redaction, the agent is required to show you the exact payload and wait for your approval before POSTing. You see the full prompt yourself before pasting it — nothing is fetched from a remote URL at runtime.

4. Data retention

Report payloads (the redacted debug context) are retained for 90 days, then moved to cold archive. Ticket records (name, email, description) are retained indefinitely so we can reference past fixes, but you can email us anytime to request deletion.

5. Contact

Questions, deletion requests, or concerns: support@fixthisbug.dev.