Privacy Policy

Last updated: April 19, 2026

Fixor ("we", "our", or "us") provides automated security analysis for GitHub pull requests. This Privacy Policy explains what data we access, how we process it, and your rights as a user.

1. What We Access

When you install Fixor on your GitHub repositories, we access:

We do not access the full codebase, issues, secrets, environment variables, or any private data outside the scope of pull request analysis.

2. How We Use Your Data

Your pull request diffs are processed by our analysis engine (powered by Anthropic's Claude AI) to detect SQL injection risks. We use this data exclusively to:

3. Data Retention

Pull request diffs are processed in-memory and are not stored on our servers. Generated PDF reports are hosted on Cloudinary with public-but-unguessable URLs. Reports older than 90 days may be automatically purged.

4. Third-Party Services

We use the following services to operate Fixor:

5. Your Rights

You can uninstall Fixor at any time from your GitHub settings, which immediately revokes our access to your repositories. You may also request deletion of any stored PDF reports by contacting us.

6. Security

All communication with GitHub uses signed webhooks (HMAC-SHA256 verification) and short-lived installation tokens (expiring within 1 hour). We never store personal access tokens.

7. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via our GitHub repository and this page.

8. Contact

For privacy questions or data requests, open an issue at github.com/tornidomaroc-web/fixor.