Privacy Policy
Effective Date: January 1, 2025 · Last Updated: January 1, 2025
BreachFix values your privacy. This policy explains how we collect, use, store, and protect data when you use BreachFix Cloud and related Services. Canonical policy: breachfix.com/privacy.
Overview
We use industry-standard safeguards, transparent practices, and controls that let you manage your data where applicable.
Information We Collect
We collect personal information (name, email, account and billing details), content you upload, usage data (IP, device, pages and features used, logs), and cookies for authentication, analytics, and preferences (marketing cookies only with consent).
How We Use Your Information
We use data to deliver and maintain Services, process payments, personalize experience, communicate updates, and protect against fraud and abuse while meeting legal obligations.
Payment Information
We do not store full card numbers on our servers. Payments are processed by PCI-DSS compliant providers such as Stripe. We store transaction IDs, status, and subscription metadata as needed.
Data Retention
We retain data while accounts are active and as needed for legal, dispute, and backup requirements. Deleted accounts follow our retention schedule for recovery windows and anonymized analytics.
Security
We use encryption, access controls, monitoring, and staff training. No method is 100% secure; we work to improve safeguards continuously.
Children's Privacy
We do not knowingly collect data from children under 13 (or higher local age). Contact us if you believe we have such data.
Your Rights
Depending on location you may have rights to access, correct, delete, port, restrict, or object to processing. Contact [email protected]; we respond within 30 days where required.
International Users
Data may be processed outside your country with appropriate safeguards. You have the same rights regardless of location where applicable law requires.
BreachFix Cloud — Hosting Data
When you use BreachFix Cloud we additionally collect and process: deployment and build logs; service configuration and environment variable names (values are stored encrypted at rest where configured); container metrics; GitHub repository metadata you connect; and audit events (deploys, settings changes).
We use this data to run builds, route traffic, enforce quotas, debug failures, and secure the platform. Logs may be retained for a limited period for operations and compliance, then rotated or deleted.
Customer application data processed inside your deployed Services is your responsibility; configure secrets and data stores according to your compliance needs. For the main BreachFix product privacy practices, see breachfix.com/privacy.
Changes to This Policy
We may update this policy with a new date. Significant changes may be notified by email; continued use indicates acceptance.
Contact Us
Privacy: [email protected] · DPO: [email protected] · Support: [email protected]