Privacy Policy

Last updated: February 2026

1. Information We Collect

When you use humans fix ai, we collect:

  • Account information: Your email address and name when you register.
  • GitHub data: When you connect your GitHub account, we receive an OAuth access token and your GitHub username. We use these to list your repositories and grant developers read-only access to selected repos.
  • Payment information: Payment card details are collected and processed directly by Stripe. We never see or store your full card number. We store Stripe session and payment intent IDs to track transaction status.
  • Task content: Descriptions, screenshots, and patch files you upload as part of the fix workflow.

2. How We Store Your Data

  • GitHub tokens are encrypted at rest using AES-256 GCM before being stored in our database.
  • Passwords are hashed using bcrypt and are never stored in plain text.
  • Payment data is handled entirely by Stripe. We only store transaction references (session IDs, payment intent IDs) — never card numbers.
  • Our database is hosted on a secured PostgreSQL instance with encrypted connections.

3. How We Use Your Data

  • To provide the fix service: matching your task with a developer, managing repo access, processing payments.
  • To send transactional emails about your tasks (status updates, payment confirmations, deadline reminders).
  • To prevent fraud and abuse of the platform.

4. Who We Share Data With

  • Stripe: For payment processing and developer payouts via Stripe Connect.
  • GitHub: To manage repository access for developers working on your fix.
  • Developers on the platform: When a developer accepts your task, they receive read-only access to the selected repositories. They can see your task description and screenshots.

We do not sell your data to third parties. We do not use your data for advertising.

5. Data Retention

We retain your account data and task history for as long as your account is active. When you delete your account, we remove all personal data, task content, screenshots, and patch files. Anonymised financial records (payment amounts, dates) may be retained as required by law for tax and compliance purposes.

6. Your Rights

Under GDPR and similar regulations, you have the right to:

  • Access: View the personal data we hold about you via your profile and settings pages.
  • Deletion: Delete your account and all associated data from Settings > Delete Account, or by emailing hello@humansfix.ai.
  • Portability: Request a copy of your data by emailing hello@humansfix.ai. We will provide it within 30 days.
  • Withdraw consent: You can delete your account at any time to withdraw consent for data processing.

7. Cookies & Third-Party Services

We use the following cookies and third-party services:

  • Session cookie (HUMANFIX_SESSION): Essential. Keeps you logged in. HttpOnly, SameSite=Lax, Secure in production.
  • CSRF cookie (XSRF-TOKEN): Essential. Protects against cross-site request forgery attacks.
  • Google Fonts: We load fonts from fonts.googleapis.com. Google may collect anonymised usage data when fonts are loaded. See Google's Privacy Policy.
  • Stripe: We load Stripe's JavaScript library (js.stripe.com) for payment processing. Stripe may set its own cookies for fraud detection. See Stripe's Privacy Policy.
  • Google Analytics: If you accept analytics cookies, we use Google Analytics (GA4) to understand how visitors use our site. Data is anonymised (IP anonymisation enabled). Analytics starts in cookieless/denied mode and only activates when you click "Accept All". You can change this at any time by clearing your browser's local storage. See Google's Privacy Policy.

We do not use advertising cookies. We do not sell your data.

8. Contact

For privacy questions, contact us at hello@humansfix.ai.