Privacy Policy

Last updated: April 14, 2026

1. Who We Are

EnsureFix ("we", "us", "our") is an AI-powered software development platform operated by OmegaSwift. This Privacy Policy describes how we collect, use, store, and protect your information when you use the EnsureFix platform and website.

2. Information We Collect

2.1 Account Information

  • Registration data: name, email address, and company name when you sign up or request a demo.
  • Authentication: password (stored as a bcrypt hash; we never store plaintext passwords).
  • Organization details: organization name, membership, and role information.

2.2 Repository & Code Data

  • Repository credentials: encrypted OAuth tokens for connecting to your code hosting (GitHub, GitLab, Azure DevOps, Bitbucket).
  • Source code: files from repositories you connect are processed during AI analysis and code generation.
  • Ticket data: titles, descriptions, acceptance criteria, and attached images from your ticket providers.
  • AI outputs: generated code diffs, plans, and pull request content.

2.3 Usage & Technical Data

  • Usage metrics: ticket processing counts, feature usage, and performance data.
  • Audit logs: IP address, user agent, and action records for security monitoring.
  • Session data: a single HttpOnly authentication cookie (no tracking cookies).

2.4 Billing Data

  • Payment details are processed directly by Stripe and never stored on our servers.
  • We store Stripe customer IDs and subscription metadata for billing management.

3. How We Use Your Information

  • Service delivery: processing your tickets, generating code fixes, creating pull requests.
  • AI processing: your code and ticket data are sent to Anthropic's Claude API for analysis (see Section 5).
  • Authentication & security: verifying identity, preventing unauthorized access, maintaining audit logs.
  • Billing: processing payments via Stripe and tracking usage for metered billing.
  • Communication: sending account-related emails (invitations, billing confirmations) via our email provider.
  • Improvement: analyzing aggregate, anonymized usage patterns to improve the platform.

4. Data Sharing & Third-Party Services

We do not sell your personal information. We share data with the following service providers, strictly for operating the platform:

ProviderPurposeData Shared
Anthropic (Claude API)AI code analysis & generationSource code, ticket descriptions, screenshots
StripePayment processingEmail, organization name, usage metrics
ResendTransactional emailEmail addresses
GitHub / GitLab / Bitbucket / Azure DevOpsVersion control integrationOAuth tokens (encrypted), repository data

We may also disclose information when required by law or to protect our rights.

5. AI Processing & Code Transmission

When you run a ticket through EnsureFix, your repository code and ticket details are sent to Anthropic's Claude API for analysis and code generation:

  • Anthropic does not use data submitted via the API to train its models.
  • All data is transmitted over encrypted connections (TLS).
  • We recommend reviewing your repositories for secrets and credentials before connecting them.

6. Data Security

We implement industry-standard security measures:

  • Passwords: bcrypt hashed with cost factor 12.
  • VCS credentials: AES-256-GCM encrypted at rest; never logged or exposed in error messages.
  • Sessions: HttpOnly, Secure, SameSite=Strict cookies with 24-hour expiry.
  • Audit logs: tamper-detected via SHA-256 hash chains.
  • Transport: all data encrypted in transit via TLS.
  • Access control: role-based access with organization-scoped data isolation.

7. Data Retention

  • Account data: retained while your account is active; deleted upon account closure.
  • Workspace tickets & AI outputs: retained for 12 months, then automatically purged.
  • Audit logs: retained for 7 years for compliance purposes.
  • Billing records: retained as required by applicable tax and financial regulations.

8. Your Rights

Depending on your jurisdiction (including GDPR, CCPA/CPRA, and other applicable laws), you may have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Correction: update or correct inaccurate data.
  • Deletion: request deletion of your personal data (subject to legal retention requirements).
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to specific processing activities.
  • Restriction: request that we limit how we use your data.

To exercise any of these rights, contact us at privacy@ensurefix.com. We will respond within 30 days.

9. Cookies

We use a single HttpOnly session cookie for authentication. This cookie is strictly necessary to keep you logged in and does not track your activity. We do not use advertising cookies, analytics cookies, or any third-party cookies. For more details, see our Cookie Policy.

10. International Data Transfers

Your data may be processed in countries outside your own, including the United States. We ensure appropriate safeguards are in place, including standard contractual clauses where required by GDPR or other applicable data protection laws.

11. Children's Privacy

EnsureFix is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us immediately.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notification at least 30 days before they take effect. Continued use of the platform after changes constitutes acceptance of the updated policy.

13. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at privacy@ensurefix.com.