Privacy Policy

Last updated: January 6, 2026

The Short Version

  • 🔐 Your API keys are encrypted - We can't see them
  • 🏢 Your code stays in GitHub - We never store it
  • 🎯 Bring Your Own Key (BYOK) - You control everything
  • 📊 Minimal data collection - Just what's needed to work
  • 🚫 No selling data - Ever

What We Collect

Account Information

When you create an account via Clerk authentication:

  • Email address
  • Organization ID
  • User ID (generated by Clerk)

API Keys (Encrypted)

You provide your own API keys for:

  • Claude API - For AI code generation
  • GitHub Token - For repository access
  • Vercel Token - For deployment monitoring (optional)

🔐 Encryption Details:

  • Keys are encrypted at rest using industry-standard encryption (AES-256)
  • Stored in Vercel KV (Redis) with encryption keys managed by Vercel
  • We cannot decrypt or view your keys
  • Keys are only decrypted in memory when making API calls on your behalf

Usage Data

We collect minimal usage data to provide the service:

  • Deployment events (from Vercel webhooks)
  • Build success/failure status
  • File paths being modified (for fix tracking)
  • Error logs (temporarily, to generate fixes)

What We DON'T Collect

  • ❌ Your source code (stays in GitHub)
  • ❌ Your Claude API responses (processed in memory only)
  • ❌ Your repository contents
  • ❌ Personal browsing data
  • ❌ Third-party tracking cookies

How We Use Your Data

We only use your data to:

  • ✅ Authenticate you (via Clerk)
  • ✅ Make API calls on your behalf (using your encrypted keys)
  • ✅ Monitor your deployments (via Vercel webhooks)
  • ✅ Generate code fixes (temporarily processing error logs)
  • ✅ Display your projects and settings

Third-Party Services

BuildFix integrates with these services (using YOUR keys):

Anthropic (Claude API)

You provide your Claude API key. We use it to call Claude on your behalf. Anthropic's privacy policy applies to those API calls.

GitHub

You provide a GitHub personal access token. We use it to read/write code in your repos. GitHub's privacy policy applies.

Vercel

You optionally provide a Vercel token for deployment monitoring. Vercel's privacy policy applies.

Clerk (Authentication)

We use Clerk for authentication. They handle your login credentials. Clerk's privacy policy applies.

Data Retention

  • API Keys: Stored (encrypted) until you delete them
  • Project Settings: Stored until you delete the project
  • Error Logs: Temporarily stored (minutes) during fix generation, then discarded
  • Build Events: Stored for 30 days for debugging

Your Rights

You can:

  • ✅ Delete your API keys at any time
  • ✅ Delete your account and all associated data
  • ✅ Export your project settings
  • ✅ Request a copy of your data
  • ✅ Request deletion of all your data

Security

We take security seriously:

  • 🔐 All API keys encrypted at rest (AES-256)
  • 🔒 HTTPS/TLS for all communications
  • 🛡️ Triple-layer authentication (middleware, UI, API)
  • 📝 Detailed audit logs of all actions
  • 🔍 Regular security audits

Changes to This Policy

We may update this privacy policy from time to time. We'll notify you of any material changes by email or prominent notice in the app.

Contact Us

Questions about privacy? Email us at: privacy@buildfix.dev

Terms of ServiceBack to Home