Privacy Policy
Last updated June 18, 2026
Data We Process
ShipFix processes account email, scan metadata, uploaded ZIP contents, public GitHub repository contents, report findings, audit events, and Stripe billing identifiers when payments are configured.
Secrets and Uploads
ShipFix masks detected secrets in findings and rejects obvious secret files in uploaded archives. Do not upload private keys, production secrets, or repositories you are not authorized to scan. Owners can delete a scan to remove its stored upload and scan workspace artifacts.
Report Controls
Scan owners can delete reports and revoke or regenerate public share links. Deleted scans remove findings, fix prompts, scan logs, stored uploads, and workspaces; audit events remain for security and abuse review.
Payment Data
Stripe handles payment method details. ShipFix stores Stripe customer and subscription ids plus subscription state written by verified webhook events.
Analytics
ShipFix uses privacy-conscious internal product analytics to understand where users drop off and which actions lead to upgrades. Events may include aggregate actions such as landing CTA clicks, scan starts, report views, fix prompt copies, exports, checkout starts, and webhook activations. Analytics do not store uploaded code, raw findings, secret snippets, full uploaded filenames, repository URLs, pentest targets, or other scan contents. User ids may be used internally for aggregate admin reporting and abuse prevention.
Third Parties
ShipFix may call GitHub for public repository scans, Stripe for billing, and Resend for login emails when configured.
See Retention for deletion windows.