Last updated: June 12, 2026
This Privacy Policy describes how Neo Bug Forge ("we", "us", or "our") collects, uses, and protects information when you use our Service at neo-bug-forge.vercel.app and related tools. It complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
✓ Your code is never used to train AI models. We do not sell your data to third parties.
The data controller responsible for your personal data is:
As the data controller, we determine the purposes and means of processing your personal data. If you have any questions about how your data is handled, contact us at the address above.
We collect the following categories of personal data:
We do not collect passwords, payment card details (handled by our payment processor), or any data beyond what is necessary to operate the Service.
We only process your personal data where we have a lawful basis to do so. The table below sets out each processing activity and its legal basis:
| Processing Activity | Legal Basis | Details |
|---|---|---|
| Processing bug fix requests | Contract (Art. 6(1)(b)) | Necessary to perform the service you requested |
| Quota tracking & enforcement | Contract (Art. 6(1)(b)) | Necessary to deliver your subscribed plan |
| Billing & payment | Contract (Art. 6(1)(b)) | Required to process your subscription |
| Abuse detection & security | Legitimate interests (Art. 6(1)(f)) | Protecting the platform and other users from misuse |
| Storing fix history | Legitimate interests (Art. 6(1)(f)) | Allows you to retrieve past fixes; you may request deletion at any time |
| Service improvement (aggregated stats) | Legitimate interests (Art. 6(1)(f)) | Anonymised data only; cannot be linked back to you |
| Account communications | Contract / Legitimate interests | Essential account notifications and billing emails |
We do not rely on consent as a legal basis for processing because our processing is necessary to deliver the Service under our contract with you. You always have the right to object to processing based on legitimate interests — see Section 10.
Submitted code and fix results are stored in our database linked to your API key. This allows you to retrieve past fixes via the /v1/fix/{id} endpoint. You may request deletion of your stored fixes at any time by contacting us.
We do not share your code with third parties, except that it is transmitted to Anthropic's Claude API to generate the fix. Anthropic's use of API-submitted data is governed by Anthropic's Privacy Policy.
Your API key is stored as a SHA-256 hash — we never store the raw key. Even in the event of a database breach, your actual key cannot be recovered from our records.
We do not sell, rent, or share your personal data with third parties except with the following processors, each bound by data processing agreements:
As a UK-based business, your data is processed under UK GDPR. Some of our third-party processors are located in the United States, which means your personal data is transferred outside the UK. We ensure these transfers are lawful through the following safeguards:
You may request a copy of the relevant transfer safeguards by contacting us at ya7308312@gmail.com.
We retain different categories of data for different periods, based on operational need and legal requirements:
| Data Category | Retention Period | Reason |
|---|---|---|
| Fix history (code + results) | 90 days after submission, or until account deletion | Allows you to retrieve recent fixes; not needed long-term |
| API key metadata (hash, tier, usage counts) | Duration of account + 30 days after deletion | Required to operate and close your account cleanly |
| Email address | Duration of account + 30 days after deletion | Required for account management and billing communications |
| Billing records | 7 years from transaction date | UK legal requirement under the Companies Act and HMRC guidelines |
| Anonymised usage statistics | Indefinitely | Cannot be linked to any individual; used for product improvement only |
| Abuse / security logs | 12 months | Required to investigate and defend against misuse claims |
After the applicable retention period, data is securely deleted or irreversibly anonymised. You may request earlier deletion of your personal data (excluding legally required retention) at any time — see Section 10.
As a data subject, you have the following rights:
To exercise any of these rights, contact us at ya7308312@gmail.com. We will respond within 30 days as required by UK GDPR. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
We use industry-standard security practices including API key hashing (SHA-256), HTTPS-only transmission, and role-based access controls on our database. However, no system is 100% secure and we cannot guarantee absolute security. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected users without undue delay, as required by UK GDPR Article 33–34.
The Neo Bug Forge web app does not use tracking, advertising, or analytics cookies. We do not use any cookies that require consent under UK PECR (Privacy and Electronic Communications Regulations).
The Service is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, contact us and we will delete it promptly.
This Privacy Policy and any disputes arising from it are governed by the laws of England and Wales. Any legal proceedings shall be subject to the exclusive jurisdiction of the courts of England and Wales, except where applicable consumer protection law in your country of residence grants you additional rights that cannot be waived by contract.
If you are located in the European Union, you benefit from the same protections under EU GDPR and may lodge a complaint with your local supervisory authority.
We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date above and, where required by UK GDPR, by email if the changes materially affect your rights. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.
For privacy questions, data requests, or to exercise your rights:
If you are not satisfied with our response, you may contact the Information Commissioner's Office (ICO):
See also: Terms of Service