Privacy Policy
Last updated: June 2026
Bifixit and Technology Solutions Limited (“Bifixit”, “we”, “us”) is registered in Nigeria and as a Kentucky, USA LLC. This policy describes how we collect, use, store, and protect information when you use bifixit.com and our services, including PostPilot and VideoForge.
Information we collect
- Account & contact information: name, email address, WhatsApp number, country, and password (stored as a salted hash, never in plain text).
- Business information: details you provide about your business idea, brand, and target customers through our onboarding form and Bifix AI consultant, used to generate your business plan, brand assets, and PostPilot/VideoForge content.
- Payment information: we never store your card or bank details. Payments are processed directly by Stripe and Paystack, who provide us only with a transaction reference, amount, and status.
- Connected social accounts: if you connect Instagram, Facebook, LinkedIn, X (Twitter), TikTok, or YouTube to PostPilot/VideoForge, we store an encrypted access token (and refresh token, where applicable) and basic account identifiers (account name/ID) so we can publish content to that account on your behalf, at your request.
- Usage data: pages visited and basic interaction events, collected via PostHog, to understand how the product is used and fix problems.
Use of Google user data (YouTube)
If you connect your YouTube channel, Bifixit accesses your channel ID/name and requests permission to upload videos on your behalf, using Google’s OAuth 2.0 flow. We use this access solely to publish videos you generate through VideoForge to your own YouTube channel, at your explicit request — newly uploaded videos default to private visibility so you control if and when they go public.
Bifixit’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, do not use it to train AI or machine learning models, and do not sell or transfer it to third parties except as necessary to provide the publishing feature you requested (e.g. the upload request itself, sent directly to YouTube’s API).
You can revoke Bifixit’s access to your YouTube account at any time by disconnecting it from your VideoForge dashboard, or via Google Account → Security → Third-party apps with account access. Disconnecting immediately deletes the stored access and refresh tokens from our database.
How we use your information
We use the information above to deliver our services (business registration, branding, websites, content generation), process payments, communicate with you about your order, generate AI-assisted business advice and social content, and publish that content to platforms you’ve explicitly connected. We do not sell your personal information to third parties.
Third-party service providers
We share limited data with the following providers, only as needed to operate the service:
- Payments: Stripe and Paystack, in accordance with their own privacy policies.
- AI processing: Anthropic and OpenAI, to generate business plans, captions, images, and videos from the information you provide.
- Social platforms: Meta (Facebook/Instagram), Google (YouTube), X, LinkedIn, and TikTok — only for accounts you connect, and only to publish content you generate and approve.
- Analytics: PostHog, for product usage analytics.
Cookies & local storage
We use a small number of cookies: an authentication session cookie, and a randomly generated, non-identifying browser ID used to prevent abuse of free trials. We also store your selected currency in your browser’s local storage. None of these are used for third-party advertising or tracking.
Data retention & deletion
We retain your information for as long as your account is active or as needed to provide our services. Disconnecting a social account deletes its stored tokens immediately. See our Data Deletion Instructions for how to request deletion of connected-account data or your entire account.
Data security
Passwords are hashed, and social account access tokens are encrypted at rest. We limit access to personal data to staff who need it to operate the service.
Children’s privacy
Bifixit is intended for business founders and is not directed to, and does not knowingly collect information from, children under 18.
International data transfers
As a company registered in both Nigeria and the United States, your information may be processed and stored in either jurisdiction, and by service providers located elsewhere, as described above.
Changes to this policy
We may update this policy as our services evolve. We’ll update the “Last updated” date above when we do.
Contact us
Questions about this policy or your data? Email support@bifixit.com.
