Privacy Policy

CodeSec ("we", "us", or "our") operates the CodeSec platform, an AI-powered security scanning service for startups and developers ("Service"). This Privacy Policy describes how we collect, use, and share information about you when you use our Service.

By accessing or using CodeSec, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

• Provide, operate, and improve the Service
• Process and analyze security scans on your behalf
• Send transactional emails (scan completion, alerts, billing)
• Send product updates and security advisories (opt-out available)
• Respond to support requests and inquiries
• Enforce our Terms of Service and prevent abuse
• Comply with legal obligations
• Detect and prevent fraud and security incidents

We use trusted third-party services to operate CodeSec. Each processor handles your data under their own privacy policies and our data processing agreements.

We do not sell your personal data. We share information only in these cases:

• With service providers listed above who process data on our behalf
• When required by law, court order, or government request
• To protect the rights, property, or safety of CodeSec, our users, or the public
• In connection with a merger, acquisition, or sale of company assets (with notice)
• With your explicit consent

We retain your data as follows:

We implement industry-standard security measures to protect your data:

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for data at rest
• Row-level security policies on all database tables
• Regular security audits and dependency scanning (dogfooding CodeSec)
• Access controls with principle of least privilege
• Multi-factor authentication for internal systems

See our Security page for our full security practices and responsible disclosure program.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the data we hold about you
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Withdrawal of Consent: Opt out of non-essential communications

To exercise your rights, email [email protected]. For GDPR-specific rights, see our GDPR page.

CodeSec operates from and stores data in the United States and European Union. If you are located in the EEA, UK, or other regions with data transfer restrictions, your data may be transferred to the US under Standard Contractual Clauses (SCCs) or other applicable legal mechanisms.

CodeSec is not directed to individuals under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us at [email protected] and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or in-app notification at least 30 days before they take effect. Continued use of the Service after changes constitutes acceptance of the updated policy.