Privacy Policy

Last updated: June 2026

🔒

Your code is scanned and immediately deleted.

🔒

We do not store your source code.

📋

We store only scan findings and reports.

What we collect

Your email address (for account access)
Scan findings: file paths, issue titles, explanations (no source code)
Scan metadata: mode, target URL or "zip-upload", status, timestamps
Subscription status (managed by Paddle)

What we do NOT collect

Your source code — it is deleted immediately after scanning
Your passwords or API keys (even if found in a scan — only location is stored)
Payment details — processed by Paddle (Merchant of Record)

How scans work

When you upload a ZIP or provide a Git URL, we extract the code to a temporary folder, run static analysis tools, and then delete the temporary folder. Only the findings (issue titles, explanations, and fixes) are saved to our database. Your source code is never written to our database.

Website scans

For website scans, we send HTTP requests to the URL you provide (like a web browser would). We only scan websites you confirm you own. We use a light, non-destructive scan — we never attempt to exploit or damage your site.

Data deletion

You can delete your account and all associated data (findings, reports) at any time by emailing us. We will process deletion within 30 days.

Contact

Questions? Email: privacy@codeaudit.dev