Privacy Policy

Effective Date: October 5, 2025

Fix After AI ("we", "us", or "our") operates this website and platform to connect projects with experts who can fix AI‑generated, Vibecoded apps. This Privacy Policy explains what we collect and how we use it — in clear, readable terms.

What We Collect

Account: Email address and password (stored as a hash).
Candidate profile: Full name, headline, bio, skills, optional links (e.g., GitHub, LinkedIn, website, X), availability fields.
Media & documents: Avatar images and resume/CV files that you upload. These files are stored in our storage and may be served via secure links when you choose to share them.
Employer: Company name, website, logo, and description.
Offers & applications: Job offers you publish and the applications you submit through the site.
Legal consents & preferences: Timestamps for Terms and Privacy acceptance and your analytics preference (opt-out).
Waitlist: Email address and your selection (updates/founder/talent). We also record your explicit consent timestamp and may receive an HTTP referrer from your browser. We do not store IP, user‑agent, or UTM parameters for the waitlist.
Cookies & sessions: A session cookie to keep you signed in. No third‑party advertising cookies.
Analytics & monitoring: Privacy-friendly analytics using Vercel Web Analytics (cookie‑less) and server-side analytics using PostHog (EU data center). We record page views and basic events tied to a pseudonymous identifier (your account ID when signed in, or anonymous when not). We respect the browser’s Do Not Track setting and your account‑level analytics opt‑out. We also use Sentry (EU region) for error monitoring and performance diagnostics and avoid sending personally identifiable information by default.

How We Use Information

Run the core features (login, profiles, offers, applications).
Show public candidate profiles that you opt to publish.
Facilitate contact between employers and candidates.
Maintain security and reliability, and improve the product (including error monitoring and performance diagnostics).
Send important service or account notifications.
Manage the waitlist: If you opt in, we use your email solely to send launch notifications. Separate optional consent controls marketing emails.

Cookies

We use only essential (strictly necessary) cookies which are required for the website to function, including authentication and security. Under GDPR/ePrivacy, essential cookies do not require consent. However, we still provide this notice for transparency. You can block cookies in your browser, but some features will not work.

Session cookie: Keeps you signed in during your session.
Security: Helps protect accounts and requests.
Preference (session): May store transient UI state during the current visit.

We do not use advertising or behavioral tracking cookies. Our analytics avoid third‑party tracking cookies: Vercel Web Analytics is cookie‑less, and our server‑side analytics do not set client cookies. IP addresses are hashed before transmission.

Vercel Web Analytics

What: We use Vercel Web Analytics to measure page views and basic usage on public pages. It is designed to be privacy‑friendly and cookie‑less.
How: The browser loads an analytics script from our own domain at /_vercel/insights/*, and sends page view beacons to the same path.
Controls: We respect your browser’s Do Not Track setting and your account‑level analytics opt‑out (when signed in). We also avoid loading analytics on private, authenticated areas of the app.
More info: See Vercel’s documentation for Web Analytics for details on data handling and privacy.
Vercel Web Analytics documentation

Sharing

We do not sell your personal data.
We use service providers to operate the platform (for example, Cloudflare for security, PostHog for server-side analytics, and Sentry for error monitoring). These providers act on our instructions.

Error Monitoring & Session Replay (Sentry)

What: We send error and performance diagnostics to Sentry. This may include error messages, stack traces, URLs without query strings, and basic device/browser info.
Session Replay: With your consent, we may capture interaction and UI rendering data to help reproduce issues. Text is masked and media is blocked by default. Sensitive fields (passwords, auth, payment) are not recorded.
Region: Data is sent to Sentry’s EU data region (ingest.de.sentry.io).
Legal basis: Legitimate interests to maintain service quality (Art. 6(1)(f) GDPR). Session Replay, if enabled, is based on your consent (Art. 6(1)(a)).
Controls: We honor Do Not Track and your account-level analytics opt-out for Replay. You can refuse Replay by declining consent in the cookie notice or toggling analytics in your account settings.
We may disclose information if required by law or to protect rights, property, or safety.

Security

We apply reasonable administrative, technical, and organizational measures to safeguard information. No method of storage or transmission is 100% secure.

Children’s Privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact us and we will take appropriate action.

Your Choices & Rights

You may request access to, correction of, or deletion of certain information. Contact us at contact@fixafter.ai. To opt out of analytics, enable Do Not Track in your browser or use the account setting to disable analytics. You can also email us and we will disable server-side analytics for your account.

Changes to This Policy

We may update this Privacy Policy. If we make material changes, we will notify users by email and update this page.

Contact

Questions about privacy? Email us at contact@fixafter.ai.