Privacy Policy
Effective: March 30, 2026
Article 1. Personal Information Collected and Collection Methods
The Company collects the following personal information to provide the Service: [Required] GitHub account information (username, email address, profile image) via OAuth authentication; service usage logs (access IP, browser information, access timestamps, feature usage history). [Optional] Display name, notification preferences. For paid services, payment information (card number masked, transaction ID) is processed directly by the payment provider and is not stored by the Company. Personal information is collected through: account registration via GitHub OAuth, automatic collection during service use, and voluntary submission through inquiry forms.
Article 2. Purpose of Processing Personal Information
The Company processes personal information for the following purposes: 1. Service provision and operation: user authentication, repository analysis, result delivery, service maintenance 2. Account management: identity verification, membership management, service eligibility verification 3. Service improvement: analysis of anonymized usage patterns, feature development, quality improvement 4. Communications: service announcements, analysis completion notifications, policy change notices 5. Legal compliance: obligations under applicable law, dispute resolution, fraud prevention Personal information will not be used beyond the stated purposes without prior consent.
Article 3. Retention and Use Period
Personal information is retained for the following periods: - Account information: Until account deletion (or 1 year after last login in case of dormant accounts) - Source code: Deleted immediately upon analysis completion (maximum 1 hour) - Analysis results: Until user deletion request or account termination - Service usage logs: 3 months (for security and fraud prevention purposes) - Payment records: 5 years (Act on the Consumer Protection in Electronic Commerce) - Communication records: 3 months (Protection of Communications Secrets Act) Upon expiration of the retention period or achievement of the processing purpose, personal information is destroyed without delay.
Article 4. Third-Party Disclosure and Processing Entrustment
The Company does not provide personal information to third parties without your consent, except as required by law. The Company has entrusted processing of personal information as follows: - Anthropic, Inc. (United States): AI analysis processing — zero-data-retention policy applied, no model training use - Amazon Web Services, Inc. (United States): Cloud infrastructure and data storage — AWS Data Processing Agreement - Cloudflare, Inc. (United States): CDN, security, and network services — Cloudflare Data Processing Addendum All entrustees are contractually prohibited from using entrusted personal information beyond the scope of the entrusted tasks.
Article 5. Destruction of Personal Information
The Company destroys personal information without delay when the retention period expires or the processing purpose is achieved. Electronic files are permanently deleted using technical methods that prevent recovery. Paper documents containing personal information are shredded or incinerated. Source code uploaded for analysis is stored in isolated containers and automatically deleted upon analysis completion (maximum 1 hour). Deletion completion can be verified in the service dashboard.
Article 6. Rights of Data Subjects and How to Exercise Them
You have the following rights regarding your personal information: 1. Right to access: Request confirmation of whether your personal information is being processed and access to that information 2. Right to rectification: Request correction of inaccurate personal information 3. Right to erasure: Request deletion of personal information (subject to legal retention obligations) 4. Right to restriction: Request restriction of processing in certain circumstances 5. Right to data portability: Request transfer of your data in a structured, machine-readable format (JSON/PDF export) 6. Right to object: Object to processing based on legitimate interests Requests can be submitted at privacy@code-fix.dev or through the account settings page. The Company will process requests within 10 business days. Identity verification may be required before processing requests.
Article 7. Security Measures
The Company implements the following technical and organizational measures to protect personal information: Technical measures: - Encrypted transmission: TLS 1.3 for all data in transit - Encrypted storage: AES-256 for sensitive data at rest - Inter-service security: mTLS (mutual TLS) between Edge and Engine services - Access control: Role-based access control, principle of least privilege - Code isolation: Analysis performed in isolated containers with no persistent storage Organizational measures: - Access logging and monitoring for all personal data access - Regular security training for personnel handling personal information - Strict data handling procedures for outsourced processors
Article 8. Privacy Officer
The Company has designated the following Privacy Officer: Privacy Officer: Jeongmin Bae (Representative Director) Department: Management Email: privacy@code-fix.dev You may contact the Privacy Officer for all privacy-related inquiries, complaints, and data subject requests. The Privacy Officer will respond to all inquiries within 10 business days.
Article 9. Remedies and Notification Obligations
If you believe your privacy rights have been violated, you may contact the following organizations: - Personal Information Dispute Mediation Committee: privacy.go.kr / 1833-6972 - Korea Internet & Security Agency (KISA) Privacy Violation Report Center: privacy.kisa.or.kr / 118 - Supreme Prosecutors Office Cybercrime Investigation Division: spo.go.kr / 1301 - National Police Agency Cyber Bureau: ecrm.cyber.go.kr / 182 The Company will notify affected users within 72 hours of discovering any personal information breach, in accordance with applicable law. Notifications will include the type of information involved, the likely consequences, and measures taken.