Privacy Policy

• Account & team: name, email, a securely hashed password, team name and membership.
• Integration data:GitHub App installation IDs and selected repositories; your Sentry organization, OAuth tokens and selected projects; and any encrypted “bring-your-own” Anthropic API key (encrypted at rest).
• Run data: Sentry error details (titles, types, stack traces), repository names, branches, generated pull-request links, and token usage / cost estimates.
• Billing: plan, subscription status and billing identifiers via Stripe. We do not store full card details.
• Technical: logs and limited usage data needed to operate and secure the Service.

• To provide the Service and your account — performance of a contract (Art. 6(1)(b)).
• To process payments and meet accounting obligations — contract and legal obligation (Art. 6(1)(b), (c)).
• To enforce usage limits, prevent abuse and keep the Service secure — our legitimate interests (Art. 6(1)(f)).
• To send service-related emails such as team invitations and billing notices — contract / legitimate interests.

To generate a fix, the agent reads only the files needed for the specific error and sends the relevant context to our AI sub-processor (Anthropic) for processing. Your code is processed transiently to produce a pull request and is not used to train AI models. Repositories are accessed through a GitHub App with fine-grained, per-repository permissions that you control.

We share data with the following processors strictly to operate the Service:

• Anthropic — AI processing of error and code context.
• GitHub — reading repository contents and opening pull requests.
• Sentry — receiving error events and reading issue details.
• Stripe — payments and subscription management.
• MongoDB Atlas — database hosting.
• Resend — transactional email.
• Vercel — application hosting.

Some processors (for example Anthropic, Stripe and GitHub) are located outside the European Economic Area. Such transfers are protected by appropriate safeguards, such as the EU Standard Contractual Clauses or an adequacy decision.

We keep personal data for as long as your account is active and as needed to provide the Service, then delete or anonymize it — except where longer retention is required by law (e.g. accounting records). Deleting your team removes its members, integrations and run history.

Under the GDPR you have the right to access, rectify, erase, restrict or object to processing, to data portability, and to withdraw consent. To exercise these rights, contact contact@bugzero.dev. You also have the right to lodge a complaint with the Polish supervisory authority — Prezes Urzędu Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warszawa.

We use industry-standard measures including encryption in transit (TLS), encryption at rest for sensitive secrets (such as your Anthropic API key), and access controls. No system is perfectly secure, but we work to protect your data.

We use a single strictly-necessary session cookie to keep you signed in. We do not use advertising or third-party tracking cookies.

The Service is not intended for anyone under 16, and we do not knowingly collect their data.

We may update this policy; material changes will be notified by email or in-app, with the “last updated” date revised above.