Privacy Policy
Last updated: March 5, 2026
1. Introduction
Vectorpoint (“Company,” “we,” “us”) operates hppy.dev (the “Service”). This Privacy Policy describes how we collect, use, store, and share your personal information when you use the Service.
2. Data We Collect
We collect the following categories of information:
- Account information: Name, email address, GitHub user ID, and avatar URL (provided via GitHub OAuth).
- Contact information: Phone number (if provided for SMS notifications).
- Payment information: Billing details processed and stored by Stripe. We do not store full credit card numbers on our servers.
- Repository data: Source code context, file contents, and repository metadata accessed through your GitHub authorization to provide triage and fix proposals.
- Bug reports and feature requests: Descriptions, attachments, and related metadata you submit through the Service.
- Usage data: Log data, browser type, IP address, pages visited, and interactions with the Service.
- File attachments: Images and files uploaded to bug reports or feature requests, stored on Vercel Blob.
3. How We Use Your Data
- To provide, maintain, and improve the Service.
- To analyze bug reports and source code using AI (Anthropic Claude) and generate fix proposals and triage assessments.
- To process payments and manage subscriptions via Stripe.
- To send transactional emails (via Resend) and SMS notifications (via Twilio).
- To respond to support requests and communicate with you about the Service.
- To detect, prevent, and address fraud, abuse, and technical issues.
4. AI Processing and Transparency
The Service sends source code context, bug reports, and feature requests to Anthropic Claude for analysis. This processing is essential to providing the core functionality of the Service. Anthropic's API data usage policy states that data submitted via the API is not used to train their models. We send only the minimum source code context necessary to perform the requested analysis.
5. Subprocessors
We share data with the following third-party subprocessors to operate the Service:
| Subprocessor | Purpose | Data Shared |
|---|---|---|
| GitHub | Authentication, repository access | OAuth tokens, repository data |
| Anthropic (Claude) | AI analysis and fix generation | Source code context, bug reports, feature requests |
| Stripe | Payment processing | Billing details, email |
| Resend | Transactional email | Email address, notification content |
| Twilio | SMS notifications | Phone number, notification content |
| Vercel | Hosting, file storage (Blob) | All application data, file attachments |
| Neon | Database hosting | All stored application data |
| Inngest | Background job orchestration | Job payloads (IDs, metadata) |
| Upstash | Rate limiting, caching | Request metadata |
6. Cookies
We use essential session cookies only, which are required for authentication and maintaining your signed-in state. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.
7. Data Retention
We retain your account data and associated project data for as long as your account is active. Bug reports, feature requests, and AI-generated analysis are retained indefinitely to maintain your project history, unless you request deletion. Upon account deletion, we will remove your personal data within 30 days. Some data may be retained in backups for up to 90 days.
8. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate personal data.
- Deletion: Request deletion of your personal data and account.
- Portability: Request an export of your data in a machine-readable format.
- Objection: Object to certain processing of your personal data.
To exercise any of these rights, contact us at privacy@hppy.dev. We will respond within 30 days.
9. GDPR Compliance (EEA Users)
If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:
- Contract performance: Processing necessary to provide the Service you have subscribed to.
- Legitimate interest: Processing for fraud prevention, security, and service improvement.
- Consent: Where required, such as for optional communications.
Data is transferred to the United States where our infrastructure is hosted. We rely on standard contractual clauses and subprocessor agreements to ensure adequate data protection.
10. CCPA Compliance (California Residents)
If you are a California resident, you have the right to know what personal information we collect, request deletion of your personal information, and opt out of any “sale” of personal information. We do not sell personal information. To exercise your rights, contact us at privacy@hppy.dev.
11. Data Security
We implement industry-standard security measures including encryption in transit (TLS), encrypted database connections, and access controls. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or a prominent notice within the Service at least 30 days before the changes take effect.
13. Contact
For questions or concerns about this Privacy Policy, contact us at privacy@hppy.dev.
For general support inquiries, contact support@hppy.dev.