Terms of Service
Last updated: May 23, 2026
By installing or using Fixor (the “Service”), you agree to these Terms. If you don't agree, uninstall the GitHub App and stop using the dashboard.
1. Service description
Fixor is a GitHub App that reviews pull request diffs for business-logic security issues across six detector families — authentication bypass, missing admin checks, IDOR (insecure direct object reference), environment-variable exposure, hardcoded secrets, and unverified webhook handlers — and posts a structured comment with suggested fixes plus a downloadable PDF/SARIF report. The Service is provided on an “as-is” basis.
2. Eligibility
You must be authorized to install GitHub Apps on the repositories where you deploy Fixor. You are responsible for the code committed to those repositories and for any consequences of acting (or not acting) on Fixor's findings.
3. Pricing and tiers
Pricing is in US dollars. Paid tiers are billed monthly via Paddle (see section 4):
| Tier | Price | Scans / month | Repos |
|---|---|---|---|
| Free | $0 | 5 | Public repos only |
| Indie | $29 / mo | 100 | 1 private + unlimited public |
| Team | $199 / mo | 2,000 | Unlimited |
Each org has a hard monthly Anthropic budget cap; when reached, scans pause until the next calendar month or the user upgrades to a higher tier. The cap is shown in your dashboard's billing page.
4. Billing via Paddle
Paddle is the merchant of record for Fixor. That means:
- Your card statement will list Paddle, not Fixor.
- Paddle handles VAT, sales tax, and chargebacks for your jurisdiction.
- Refunds, payment-method updates, and cancellations go through Paddle's hosted portal — the dashboard's “Update payment” / “Cancel” buttons link directly to the per-subscription portal page.
Subscriptions auto-renew monthly until cancelled. Cancellation takes effect at the end of the current paid period; you keep your tier until then. We do not pro-rate partial months.
5. Refund policy
If Fixor was unusable for you in the first 14 days of a paid plan due to a defect on our side, email support@fixor.dev and we'll refund the most recent charge through Paddle. After 14 days or for “changed my mind” cancellations, no refunds — cancel before the next renewal instead. Statutory consumer rights in your jurisdiction (e.g., the EU 14-day distance-selling right) override this paragraph where applicable.
6. Acceptable use
You may not:
- Install Fixor on repositories you don't own or aren't authorized to scan
- Use Fixor to attempt to exfiltrate data or model weights from Anthropic, our hosting providers, or Paddle
- Probe Fixor itself for vulnerabilities (we welcome responsible disclosures — email instead)
- Resell access to Fixor without our written consent
- Use Fixor in a way that overloads our infrastructure or violates Anthropic's usage policies
Violations may result in immediate termination without refund.
7. No warranty
Fixor's analysis is performed by a Large Language Model (Anthropic Claude). Findings are suggestions, not guarantees. We don't warrant that Fixor:
- Will catch every vulnerability in your diff
- Will not produce false positives
- Will produce fixes that are syntactically or semantically correct in your specific codebase
- Will be available 24/7 (we target high availability but make no SLA on the free tier)
You are solely responsible for reviewing every suggestion before merging code. Fixor is one signal among many in a security program, not a substitute for code review or pen-testing.
8. Limitation of liability
To the maximum extent permitted by applicable law, Fixor and its operator are not liable for any indirect, incidental, special, consequential, or punitive damages, or for lost profits, lost revenues, business interruption, or data loss arising from use of or inability to use the Service. Our total aggregate liability for any claim is capped at the amount you paid for Fixor in the 12 months preceding the claim. Some jurisdictions don't allow these limits; in those cases the limits apply only to the maximum extent allowed.
9. Intellectual property
Fixor's source is open source under the MIT License — see github.com/tornidomaroc-web/fixor. Your code is yours; Fixor doesn't claim any rights to the diffs or repositories you scan, doesn't store the diff content beyond the in-memory analysis window, and doesn't share diffs with third parties beyond the subprocessors listed in the Privacy Policy.
10. Termination
You can terminate at any time by uninstalling the GitHub App. We may suspend or terminate your access for violations of section 6, for non-payment after a reasonable cure period, or for any reason if we shut Fixor down (we'd give 30 days' notice on the GitHub repository in that case). On termination, your data is deleted on the schedule described in the Privacy Policy section 2.
11. Changes
Material changes to these Terms are announced on the GitHub repository and reflected on this page with an updated date at the top. Continued use after a change is acceptance of the updated Terms. If a change materially reduces your rights, we'll give 30 days' notice before it takes effect.
12. Governing law
These Terms are governed by the laws of the jurisdiction where the Service operator resides, without regard to conflict-of-law provisions. Disputes that cannot be resolved by emailing support@fixor.dev may be brought in the courts of that jurisdiction.
13. Contact
Email support@fixor.dev for billing, account, or terms questions. For technical issues, the GitHub issue tracker at github.com/tornidomaroc-web/fixor is also fine.