Privacy Policy

Last updated: 14 February 2026

1. Who we are

FuzzCTO is operated by Farzad Pezeshkpour ("Fuzz", "we", "us"). Our contact email is fuzz@fuzzcto.ai.

2. What data we collect

We collect the following categories of data:

  • Account information: Name, email address, and GitHub username when you register or submit a review request.
  • Repository access: When you connect a GitHub repository, we request read-only access to your codebase via GitHub OAuth. We access only the repositories you explicitly authorise.
  • Review reports: The generated CTO review reports are stored encrypted and associated with your account.
  • Payment information: Payment details are processed and stored by Stripe. We do not store card numbers, CVVs, or bank account details.
  • Usage data: Basic analytics about how you interact with the site (pages visited, features used).

3. How we process your code

This is the part you care about most. Here is exactly what happens:

  1. Your code is read via the GitHub API using the OAuth token you grant.
  2. Code is sent to the Anthropic Claude API for analysis. Anthropic's API does not train on or retain customer data. See Anthropic's privacy policy.
  3. The generated report is stored encrypted in our database (Supabase, hosted on AWS) with row-level security.
  4. Your source code is never stored permanently. It is processed in-memory and discarded after the review is generated.

For full technical details, see our Data Handling Policy.

4. Third-party services

We use the following third-party services to operate FuzzCTO:

Provider Purpose Data shared
Cloudflare Hosting, CDN, DNS HTTP request metadata
Supabase Authentication, database Account data, encrypted reports
Stripe Payments Name, email, payment method
Anthropic AI analysis (Claude API) Source code (in-memory, not retained)
GitHub OAuth, repository access OAuth token scope

All listed providers maintain their own SOC 2 certifications.

5. How we use your data

  • To generate and deliver CTO review reports.
  • To process payments and manage subscriptions.
  • To communicate with you about your account and reviews.
  • To improve the service (aggregated, anonymised analytics only).

We do not sell, rent, or share your personal data or code with third parties for marketing purposes.

6. Data retention

  • Source code: Not retained. Processed in-memory and discarded.
  • Review reports: Retained for the lifetime of your account. You can request deletion at any time.
  • Account data: Retained until you request account deletion.
  • Payment records: Retained for 7 years as required by UK tax law.

7. Your rights (GDPR)

If you are in the UK or EU, you have the following rights under GDPR:

  • Access: Request a copy of all data we hold about you.
  • Rectification: Correct inaccurate personal data.
  • Erasure: Request deletion of your data ("right to be forgotten").
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Restriction: Request restricted processing in certain circumstances.

To exercise any of these rights, email fuzz@fuzzcto.ai. We will respond within 30 days.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies. If we introduce analytics in the future, we will update this policy and request your consent.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email to registered users. The "Last updated" date at the top of this page indicates the most recent revision.

10. Contact

For privacy-related questions or concerns, contact fuzz@fuzzcto.ai.