1Introduction

FixFlow ("we," "our," or "us") operates a platform that connects software repositories with automated bounty systems for bug fixes. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including our website, GitHub App, and associated services (collectively, the "Service").

By using FixFlow, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Service.

2Information We Collect

Information from GitHub OAuth

When you authenticate with GitHub, we receive and store:

GitHub username and user ID
Email address associated with your GitHub account
Profile picture URL
Public repository information (for repositories where our App is installed)
Pull request and issue metadata (numbers, titles, status)

Blockchain and Payment Information

To facilitate bounty payments, we collect and process:

MNEE wallet addresses (Bitcoin-style addresses starting with '1' or '3')
Ethereum wallet addresses (addresses starting with '0x')
Transaction hashes for completed payments
Payment amounts and timestamps

Important: We never collect or store private keys. Wallet addresses are public blockchain information and do not enable access to your funds.

Automatically Collected Information

Like most web services, we automatically collect:

IP addresses and approximate geolocation
Browser type and version
Operating system
Referring URLs and pages visited
Time spent on pages and click patterns
Error logs and diagnostic data

3How We Use Your Information

We use the information we collect to:

Operate the Service

Create and manage bounties, process payments, verify PR merges

Authenticate Users

Verify your identity through GitHub OAuth

Process Payments

Send MNEE or Ethereum tokens to your wallet address

Improve the Service

Analyze usage patterns to enhance features and fix bugs

Communicate

Send service-related notifications (e.g., payment confirmations)

Prevent Fraud

Detect and prevent fraudulent or abusive behavior

4Data Sharing and Disclosure

We may share your information in the following circumstances:

Public Blockchain Data

When we process payments, transaction data (wallet addresses, amounts, transaction hashes) becomes part of the public blockchain record. This is inherent to blockchain technology and cannot be altered or deleted.

GitHub Integration

We post comments on GitHub issues and pull requests (e.g., bounty notifications, payment confirmations). Your GitHub username may be mentioned in these comments. This information is visible according to the repository's visibility settings (public or private).

Service Providers

We may share data with trusted third-party service providers who assist in operating our Service (e.g., hosting providers, analytics services). These providers are contractually bound to protect your data and use it only for the purposes we specify.

Legal Requirements

We may disclose your information if required by law, subpoena, or other legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5Data Security

We implement industry-standard security measures to protect your data:

TLS encryption for all data in transit
Encrypted database storage for sensitive information
Regular security audits and vulnerability assessments
Access controls limiting who can view personal data
Private keys for payment wallets stored in secure, isolated environments

While we take reasonable precautions, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

6Data Retention

We retain your data for as long as necessary to provide the Service and fulfill the purposes described in this policy:

Account data: Retained while your account is active and for 90 days after deletion request
Payment records: Retained for 7 years for legal and tax compliance
Log data: Automatically deleted after 90 days
Blockchain data: Permanent (immutable by nature of blockchain technology)

7Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal data:

Access

Request a copy of your personal data

Correction

Request correction of inaccurate data

Deletion

Request deletion of your account and data

Portability

Request your data in a machine-readable format

Objection

Object to certain types of processing

Withdraw Consent

Withdraw consent where processing is based on consent

To exercise these rights, please contact us at the email address below.

8International Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your country. By using the Service, you consent to the transfer of your information to these countries. We take appropriate safeguards to ensure your data remains protected in accordance with this policy.

9Children's Privacy

FixFlow is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover that a child under 16 has provided us with personal information, we will delete such information promptly.

10Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page and, for significant changes, we may notify you via email or through a notice on our Service. Your continued use of the Service after any changes constitutes your acceptance of the new Privacy Policy.

11Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

support@locsafe.org

We aim to respond to all privacy-related inquiries within 30 days.

Privacy Policy

Privacy at a Glance