Privacy policy

Last updated: April 22, 2026

Who we are

JustFixMe (“we”, “us”) is operated by D. Smidstrup Holding ApS (CVR 45751937), trading as Random Code, Havnegade 12, 3. 1, 5000 Odense C, Denmark. Contact us at support@justfixme.app.

What we collect

  • Account data: your email address and display name, created when you sign in with Google.
  • OpenAI API key (BYOK plan only): encrypted at rest using AES-256. Only decrypted in memory for the duration of a single fix request.
  • Usage counters: the number of fixes and words processed, and the timestamp of the last fix. We use this to enforce plan limits and show your usage.
  • Fixed text: forwarded to OpenAI only for the duration of the fix request. Not logged, not stored, not shared.
  • Payment data: handled entirely by Creem (our merchant of record). We never see your card number.

Chrome extension

The JustFixMe Chrome extension runs locally in your browser. It handles the following data on your device:

  • Pairing token: a bearer token, scoped to a single install, stored in chrome.storage.local. Used to authenticate fix requests to https://justfixme.app/api/fix. Not shared with any third party.
  • Server base URL: defaults to https://justfixme.app, stored in chrome.storage.local. Exposed for self-hosting and development only.
  • Selected text: when you press the keyboard shortcut, the extension reads the current text selection in the active tab and sends it to https://justfixme.app/api/fix over HTTPS. The corrected text is returned and written back into the page. The text is not persisted anywhere - not in the extension, not on our servers, not in logs.

The extension does not read, collect, or transmit any page content, browsing history, keystrokes, form values, or cookies other than the specific text you select and submit for a fix. It does not contain any analytics, telemetry, tracking, or remote code-execution capability.

Limited use of user data

JustFixMe's use of information received from Google APIs, and data handled by the Chrome extension, adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. Specifically:

  • We use user data only to provide and improve the single purpose of the extension - fixing spelling in text the user explicitly selects.
  • We do not transfer user data to third parties for advertising or other unrelated purposes.
  • We do not use user data to determine creditworthiness or for lending purposes.
  • We do not sell user data, and we do not allow humans to read user data except (a) with the user's explicit consent, (b) where necessary for security purposes (e.g. investigating abuse), or (c) where required by law.

How we use your data

  • To run the spelling-fix service when you press the shortcut.
  • To enforce plan limits (word cap per month).
  • To display your usage stats and history on your dashboard.
  • To send transactional emails (receipts, security notices, plan changes).

We do not sell your data. We do not share it with third parties for advertising.

Third-party services

  • Database: Supabase, EU region (eu-west).
  • AI processing: OpenAI (US). On the managed plan, we use our own OpenAI account. On the BYOK plan, your own key is used. Text is sent to OpenAI only for the duration of each fix request.
  • Payments: Creem, our merchant of record, handles billing, VAT, and payment processing.
  • Hosting: Vercel (edge network, with EU processing).

Cookies

We use essential authentication cookies only - set by Supabase Auth to keep you signed in. No advertising cookies, no cross-site tracking, no analytics by default.

Data retention

Account data (email, display name, usage counters, billing records) is retained while your account is active. When you delete your account, all personally identifying data is permanently removed within 30 days: your email, encrypted API key, extension tokens, and billing details.

We never retain the text you fix. It is transient - present only in memory during a request, then discarded.

Your rights (GDPR)

You can request access to, correction of, or deletion of your personal data at any time. Email support@justfixme.app and we will respond within 30 days.

Children

JustFixMe is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has signed up, contact us and we will delete the account.

Changes

We may update this policy. Material changes will be posted here with an updated date.