FowelFowel
PrivacyTerms

Legal

Privacy Policy

Last updated: March 10, 2026

This Privacy Policy describes how Hackmamba Inc. ("Hackmamba," "we," "us," or "our") collects, uses, discloses, stores, and otherwise processes personal information in connection with Fowel, our website, hosted application, GitHub App, billing systems, customer support operations, and related services (collectively, the "Services"). This Privacy Policy is intended to address applicable privacy and data protection requirements, including the European Union General Data Protection Regulation ("GDPR"), the UK GDPR and Data Protection Act 2018, and the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA").

Hackmamba Inc. is the operator of Fowel. Our business address is 1111B S Governors Ave., Dover, Delaware 19904, United States. For privacy inquiries, data subject requests, or questions about this Privacy Policy, you may contact us at hi@hackmamba.io.

1. Scope

This Privacy Policy applies to personal information we collect from:

  • Visitors to the Fowel marketing website.
  • Users who create or access a Fowel account.
  • Users who authenticate through Clerk or connected GitHub accounts.
  • Customers who install or use the Fowel GitHub App.
  • Individuals whose information is included in GitHub repositories, pull requests, issue comments, documentation files, billing records, support communications, or usage logs processed through the Services.

2. Categories of Information We Collect

Information you provide directly

  • Account details such as name, email address, profile image, and account identifiers.
  • Billing and subscription details, including selected plan, billing status, transaction history, checkout activity, and related metadata.
  • Communications you send to us, including customer support, legal, privacy, or commercial inquiries.

Information collected through authentication and integrations

  • Authentication and identity data provided through Clerk, including Clerk user identifiers and account profile information.
  • GitHub account and integration data, including GitHub user identifiers, GitHub installation identifiers, repository names, repository ownership details, pull request metadata, issue comment metadata, and installation events.

Documentation review and service usage data

  • Repository configuration settings, such as target branches, repository activation status, context-review settings, and supplemental instructions entered by users.
  • Documentation and pull request content processed in connection with reviews, including filenames, diffs, file contents where enabled, context files, prompts, structured outputs, generated comments, scores, summaries, and operational metadata.
  • Usage and metering information, including credits purchased, credits consumed, subscription allocation balances, estimated token counts, and review execution records.

Automatically collected information

  • Technical and device information such as IP address, browser type, operating system, timestamps, request headers, and application logs.
  • Security and webhook data, including GitHub webhook headers, Stripe webhook events, audit-style event logs, and fraud or abuse detection signals.
  • Cookie and session-related data used by Clerk, our application framework, and certain service providers to authenticate users, maintain sessions, and secure the Services.

Payment-related information

Payments are processed by Stripe. We do not store full payment card numbers in our systems. We do receive and store limited billing information and payment metadata, such as Stripe customer IDs, subscription IDs, checkout session IDs, invoice and event data, plan selection, status changes, and payment outcomes.

3. Sources of Personal Information

We collect personal information from the following sources:

  • Directly from you when you use or interact with the Services.
  • From authentication providers such as Clerk.
  • From connected third-party platforms such as GitHub.
  • From payment and billing providers such as Stripe.
  • Automatically from your browser, device, and interactions with the Services.
  • From our service providers, infrastructure providers, and analytics or security systems where applicable.

4. How We Use Personal Information

We use personal information for the following purposes:

  • To provide, operate, maintain, secure, and improve the Services.
  • To authenticate users, manage accounts, and administer access controls.
  • To install, configure, and operate the Fowel GitHub App and related repository integrations.
  • To analyze pull requests and documentation content and generate review outputs, comments, summaries, ratings, and recommendations.
  • To administer billing, subscriptions, extension packs, invoicing, payment collection, refunds, and fraud prevention.
  • To communicate with users regarding account status, service functionality, security issues, support requests, legal notices, and product changes.
  • To monitor performance, usage, quality, reliability, and abuse of the Services.
  • To comply with legal obligations, enforce our terms, investigate suspected misconduct, and protect our rights, systems, users, and the public.

5. Legal Bases for Processing Under GDPR

Where GDPR or similar laws apply, we rely on one or more of the following legal bases:

  • Performance of a contract: to provide the Services, authenticate users, process purchases, manage subscriptions, and operate requested integrations.
  • Legitimate interests: to secure the Services, improve functionality, detect abuse, maintain logs, troubleshoot issues, and administer business operations, provided our interests are not overridden by your rights and freedoms.
  • Compliance with legal obligations: to maintain records, respond to lawful requests, address tax and accounting obligations, and satisfy statutory requirements.
  • Consent: where required by law, such as for certain optional communications or non-essential cookies and similar technologies.

6. How We Share Personal Information

We may disclose personal information to the following categories of recipients, subject to appropriate contractual and legal safeguards:

  • Authentication and identity providers, including Clerk.
  • Payment and billing service providers, including Stripe.
  • Artificial intelligence and model providers used to generate documentation review outputs, including OpenAI.
  • Source control and repository platforms used to deliver and operate the Services, including GitHub.
  • Hosting, cloud, database, logging, monitoring, security, and infrastructure vendors that support service delivery.
  • Professional advisers, auditors, insurers, legal counsel, and acquirers or counterparties in connection with corporate transactions.
  • Government authorities, regulators, courts, law enforcement, or other third parties where disclosure is required by law or reasonably necessary to establish, exercise, or defend legal claims or rights.

We do not sell personal information for money. We also do not knowingly share personal information for cross-context behavioral advertising as that term is used under California law.

7. AI Processing and Repository Content

Fowel is designed to review documentation in pull requests and related repository contexts. To deliver that functionality, we may process pull request metadata, diffs, filenames, user-entered repository settings, issue comments, and repository file contents. Depending on the repository configuration, the Service may also retrieve surrounding context files to improve review quality.

That content may be transmitted to our model providers for the purpose of generating documentation review outputs. Our current implementation is configured not to request storage of model interaction content by the model provider. However, users should avoid submitting content through the Services unless they have the authority to do so and are comfortable with such content being processed in accordance with this Privacy Policy and our Terms of Service.

8. Retention

We retain personal information for as long as reasonably necessary to provide the Services, maintain legitimate business records, comply with legal obligations, resolve disputes, enforce agreements, and protect the security and integrity of the Services. Retention periods vary depending on the nature of the data, the sensitivity of the information, the volume and frequency of use, contractual commitments, and legal requirements.

By way of example, we may retain account information while an account is active; billing records and payment metadata for accounting, tax, and audit purposes; security logs for fraud prevention and system integrity; and repository or review-related records for continuity, troubleshooting, usage accounting, customer support, and legal compliance.

9. International Data Transfers

We are based in the United States and may process or store personal information in the United States or other countries where we or our service providers operate. Where required by law, we use appropriate safeguards for cross-border transfers, which may include standard contractual clauses, equivalent contractual protections, or other legally recognized transfer mechanisms.

10. Security

We implement reasonable administrative, technical, and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. However, no method of transmission over the internet or electronic storage is completely secure. Accordingly, we cannot guarantee absolute security.

11. Your Privacy Rights

GDPR, UK GDPR, and similar rights

Subject to applicable law and certain limitations, you may have the right to:

  • Access personal information we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Request deletion of personal information.
  • Request restriction of processing.
  • Object to certain processing based on legitimate interests.
  • Request portability of certain personal information.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a competent supervisory authority.

California privacy rights

If you are a California resident, you may have the right to request:

  • Disclosure of the categories and specific pieces of personal information we collected about you.
  • Disclosure of the categories of sources from which personal information was collected.
  • Disclosure of the business or commercial purposes for collecting, using, or disclosing personal information.
  • Disclosure of the categories of third parties to whom personal information was disclosed.
  • Correction of inaccurate personal information.
  • Deletion of personal information, subject to exceptions.
  • Information about whether we sell or share personal information. We do not sell personal information for monetary consideration and do not knowingly share it for cross-context behavioral advertising.
  • Freedom from unlawful discrimination for exercising your rights.

We do not use or disclose sensitive personal information for purposes that would trigger a right to limit such use under California law, except as permitted by law.

12. How to Exercise Your Rights

To submit a privacy request, please email hi@hackmamba.io. We may need to verify your identity before fulfilling a request. Authorized agents may submit requests on behalf of California residents where permitted by law, subject to verification and authorization requirements.

13. Cookies and Similar Technologies

We and our service providers may use cookies, session tokens, and similar technologies to authenticate users, maintain sessions, secure the Services, remember preferences, and support operational and technical functions. To the extent required by law, we will request consent for non-essential cookies or similar technologies.

14. Children

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information through the Services, please contact us so we can investigate and take appropriate action.

15. Third-Party Services and Links

The Services may integrate with or link to third-party services, platforms, and websites. Their privacy practices are governed by their own policies and terms, not this Privacy Policy. We encourage you to review those policies carefully.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version on this page and revise the "Last updated" date above. Where required by law, we will provide additional notice or obtain consent.

17. Contact Information

Hackmamba Inc.
1111B S Governors Ave.
Dover, DE 19904
United States

Email: hi@hackmamba.io