Privacy Policy

Last updated: March 2026

Overview

Fragile is designed with privacy as a core principle. We do not collect, store, or have access to your source code, API keys, or analysis results.

What We Don't Collect

• Source code: Your code never passes through our servers. Analysis runs entirely within your GitHub Actions runner.
• API keys: Your OpenAI API key is stored in your GitHub Secrets and used directly by the Action. We never see it.
• Analysis results: The FRAGILE.md report is generated and committed directly to your repository. We have no access to it.
• Git history: All git history analysis happens locally in your runner.

What We Do Collect

When you purchase a license key, we collect:

• Email address: Used to deliver your license key and for account recovery.
• Payment information: Processed by Stripe. We do not store credit card numbers.

Third-Party Services

Fragile uses your OpenAI API key to send analysis prompts to OpenAI. Your use of OpenAI is subject to OpenAI's Privacy Policy.

License Key Validation

When you use a license key, the Action makes a request to our validation server with the license key only. No code or repository information is sent.

Data Retention

If you cancel your subscription, we retain your email for account records. You may request deletion by contacting us.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify license key holders of significant changes via email.

Contact

For questions about this Privacy Policy, contact us at [email protected].