Privacy Policy
Last updated: February 6, 2026
Zero Persistence Promise
Shim does not store your raw JSON data. When you send a repair request, we:
- Process the JSON in memory
- Return the repaired result
- Discard the raw content immediately
What We Store
We only store metadata for operational purposes:
- Repair operation timestamps
- Repair types applied (syntax vs schema)
- Confidence scores (high, medium, low)
- Request/response sizes (bytes only)
- API usage counts for billing
All metadata is retained for 90 days, then permanently deleted.
Account Information
When you create an account, we collect:
- Email address (for login and billing)
- Password (hashed with bcrypt, never stored plaintext)
- Stripe customer ID (for payment processing)
- API keys (hashed with SHA-256)
Third-Party Services
We use these services:
- Stripe: Payment processing and billing. Subject to Stripe's Privacy Policy.
- Cloudflare: Hosting and DDoS protection. Subject to Cloudflare's Privacy Policy.
Data Security
We protect your data with:
- TLS 1.3 encryption for all API traffic
- API key hashing (SHA-256, never stored plaintext)
- Rate limiting to prevent abuse
- Regular security audits
Your Rights
You have the right to:
- Request a copy of your account data
- Delete your account and all associated data
- Opt out of marketing emails (we don't send them anyway)
To exercise these rights, email [email protected].
Contact
Questions about this policy? Email [email protected].