TrustFixTrustFix
← Home
Sign InGet Started

Privacy Policy

Last Updated: March 1, 2026

Effective Date: March 1, 2026

TrustFix is operated by Vikavi Security LLC ("we," "us," or "our"), a Delaware limited liability company. This Privacy Policy explains how we collect, use, and protect information when you use TrustFix at trustfix.dev (the "Service").

1. Information We Collect

Account information: When you sign up, we collect your name, email address, and organization name via Clerk authentication.

AWS account data: When you connect an AWS account, we collect read-only IAM role metadata, trust policies, and policy attachments. We never collect or store AWS access keys. All AWS access is via temporary STS credentials through a customer-created cross-account IAM role.

GitHub data: When you connect a GitHub repository, we read workflow files (.github/workflows/*.yml) and repository metadata. We do not read source code.

Usage data: We collect logs of actions taken within the Service, including scans initiated, findings generated, and remediation PRs created.

Payment data: Payments are processed by Stripe. We do not store credit card numbers or payment details on our servers.

We do not sell your data to third parties.

2. How We Use Your Information

We use collected information to:

  • Provide the TrustFix scanning and remediation Service
  • Generate AI-powered Terraform fixes using third-party AI service providers
  • Send security finding alerts and product notifications
  • Improve detection accuracy and product features
  • Comply with legal obligations

3. Data Sharing

We do not sell your data. We share data only with the following service providers who process it on our behalf:

  • AI service providers: IAM finding context is sent to third-party AI services to generate Terraform fix recommendations. These providers' privacy policies apply.
  • Clerk: Authentication and user management.
  • Stripe: Payment processing.
  • AWS: Cloud infrastructure hosting the Service.

4. Data Security

We use industry-standard security practices including encrypted connections (TLS), read-only AWS access, temporary credentials, and audit logging of all actions. Your AWS account data is never accessible to other customers. We maintain an immutable audit trail of every scan, finding, and remediation action.

5. Data Retention

We retain your account data for as long as your account is active. Scan findings and audit logs are retained for 12 months by default. You may request deletion of your data at any time by contacting us.

6. Your Rights

You may request access to, correction of, or deletion of your personal data at any time. To exercise these rights, email us at privacy@trustfix.dev. We will respond within 30 days.

7. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice. Continued use of the Service after changes constitutes acceptance.

9. Contact

Vikavi Security LLC, operating as TrustFix
Delaware, United States
Email: privacy@trustfix.dev