Baxbax

Privacy Policy

Effective date: March 5, 2026

1. Introduction

Bax is operated by Ziplyne Agency ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Bax at bax.dev and app.bax.dev (collectively, "the Service"). By using the Service, you consent to the practices described in this policy.

2. Information We Collect

2.1 Account Information

When you sign up, we collect information from your GitHub account including your username, email address, profile picture, and organization memberships.

2.2 Repository Metadata

We import metadata about your GitHub repositories: names, descriptions, languages, visibility settings, commit activity, default branches, star counts, and configuration files (such as package.json, requirements.txt, and similar manifest files). We do not store your source code.

2.3 User-Generated Content

Data you create within Bax, including folder structures, tags, project statuses, service links, notes, and editor preferences.

2.4 Integration Data

When you connect third-party services (such as Vercel), we receive deployment statuses, project metadata, and webhook events from those services. OAuth tokens for connected services are encrypted at rest using AES-256-GCM.

2.5 Usage Data

We collect analytics data about how you use the Service, including pages visited, features used, and performance metrics. This is collected via Vercel Analytics and Vercel Speed Insights.

2.6 Waitlist Information

If you join our waitlist, we collect your email address to notify you when the Service is available.

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To import and organize your repository metadata
  • To generate AI-powered project descriptions, tech stack detection, and dependency audits
  • To display activity feeds from connected integrations
  • To compute health badges and project status indicators
  • To send digest emails and notifications (configurable)
  • To process payments for paid subscriptions via Stripe
  • To communicate with you about the Service, updates, and support
  • To detect and prevent fraud, abuse, or security issues

4. AI Processing

Bax uses the Anthropic Claude API to analyze your repository metadata and configuration files. This data is sent to Anthropic for processing to generate project descriptions, detect tech stacks, and audit dependencies. We do not send your source code to any AI provider. Anthropic's use of this data is governed by their own privacy policy and data processing terms.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

  • Service providers: Third-party services that help us operate the Service (hosting, payments, analytics, AI processing)
  • Connected integrations: Data flows between Bax and services you explicitly connect (GitHub, Vercel, etc.)
  • Legal requirements: If required by law, regulation, legal process, or governmental request
  • Business transfers: In connection with a merger, acquisition, or sale of assets

6. Data Security

  • All OAuth tokens are encrypted at rest using AES-256-GCM
  • Row-level security in PostgreSQL for multi-tenant data isolation
  • API rate limiting to prevent abuse
  • Webhook signature verification for all integrations
  • Minimal OAuth scopes — we request only read-only access to repositories
  • All data transmitted over HTTPS/TLS

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data and repository metadata within 30 days, except where we are required to retain it by law. Anonymized, aggregated data may be retained for analytics purposes.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Disconnect any third-party integration at any time
  • Export your data
  • Opt out of non-essential communications

To exercise any of these rights, contact us at admin@bax.dev.

9. Cookies and Tracking

Bax uses essential cookies for authentication and session management. We use Vercel Analytics and Vercel Speed Insights for performance monitoring, which do not use cookies and are privacy-friendly. We do not use third-party advertising trackers.

10. Children's Privacy

The Service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly.

11. International Data Transfers

Your data may be processed and stored in the United States or other countries where our service providers operate. By using the Service, you consent to the transfer of your data to these locations.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. Your continued use of the Service after changes constitutes acceptance of the revised policy.

13. Contact

If you have questions about this Privacy Policy or our data practices, contact us at admin@bax.dev.