Privacy Policy

Effective Date: January 2025 · Last Updated: January 2025

Hotfix, LLC ("Hotfix," "we," "us," or "our") operates the Hotfix AI service, including the Hotfix GitHub App. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service.

1. Information We Collect

1.1 GitHub Account Information

When you install the Hotfix GitHub App, we receive and store:

• Your GitHub username and account type (user or organization)
• Your GitHub avatar URL
• Your email address (if provided via GitHub OAuth)
• GitHub installation ID

1.2 Repository Information

We collect information about repositories you grant us access to:

• Repository names
• Default branch settings
• Repository configuration preferences

1.3 Error Data

When errors are sent to our service (via our SDK or API), we collect:

• Error messages and stack traces
• File paths and line numbers where errors occurred
• Contextual information you choose to include
• Branch names
• Timestamp of when the error occurred

1.4 Service Usage Data

We maintain logs of service activity, including:

• API requests and job history
• Pull requests created by our service
• Actions taken within your account (audit logs)
• IP addresses associated with requests

1.5 Payment Information

If you subscribe to a paid plan via GitHub Marketplace, GitHub processes your payment. We receive your plan tier, billing cycle, payment status, and GitHub Marketplace account ID. We do not receive or store your credit card numbers or payment method details.

2. How We Use Your Information

We use the information we collect to:

• Provide the Service: Analyze error reports, generate fixes, and create pull requests
• Authenticate Users: Verify your identity via GitHub OAuth
• Process AI Analysis: Send error data to AI services to generate fix suggestions
• Improve Our Service: Monitor usage patterns and service performance
• Communicate: Send service-related notifications (if enabled)
• Comply with Legal Obligations: Respond to legal requests and prevent abuse

3. Third-Party Services

3.1 GitHub

We integrate with GitHub to access your repositories and create pull requests. Your use of GitHub is subject to GitHub's Privacy Policy.

3.2 AI Processing

We use third-party AI services (such as DeepSeek) to analyze error data and generate code fixes. Error messages, stack traces, and relevant code context are sent to the AI provider solely to generate fix suggestions.

3.3 Infrastructure Providers

We use third-party cloud infrastructure providers to host our service. These providers maintain their own security and privacy practices.

4. Data Retention

We retain your data as follows:

• Account Data: Retained while your GitHub App installation is active. Deleted upon uninstallation.
• Error Data & Job History: Retained for up to 90 days, or until you delete your account.
• Audit Logs: Retained for up to 1 year for security and compliance purposes.
• Session Data: Automatically expires after 7 days of inactivity.

You may request deletion of your data at any time by contacting us.

5. Data Security

We implement reasonable security measures to protect your information:

• All data transmission uses TLS/HTTPS encryption
• API keys are generated using cryptographically secure methods
• Database access is restricted and logged
• We use GitHub's webhook signature verification to authenticate requests
• Session tokens are securely generated and expire automatically

Your source code is accessed only through GitHub's API using the permissions you grant. We do not store copies of your entire codebase.

6. Data Sharing

We do not sell your personal information. We may share information only in the following circumstances:

• Service Providers: With third-party services necessary to operate Hotfix (AI providers, infrastructure)
• Legal Requirements: When required by law, legal process, or government request
• Safety: To protect the rights, safety, or property of Hotfix, our users, or the public
• Business Transfers: In connection with a merger, acquisition, or sale of assets (you would be notified)

7. Your Rights and Choices

You have the following rights regarding your data:

• Access: Request a copy of the data we hold about you
• Deletion: Request deletion of your data by uninstalling the GitHub App or contacting us
• Correction: Update your information through GitHub (synced automatically)
• Revoke Access: Remove repository access or uninstall the GitHub App at any time through GitHub settings
• API Key Regeneration: Generate a new API key at any time through the dashboard

California Residents (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information is collected and the right to opt out of the sale of personal information. We do not sell personal information.

European Users (GDPR)

If you are in the European Economic Area, you have rights under GDPR including access, rectification, erasure, and data portability. Our legal basis for processing is contract performance (providing the service) and legitimate interests (improving the service).

8. Children's Privacy

Hotfix is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or through the GitHub App. Your continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Hotfix, LLC
Email: privacy@hotfix.ai