Privacy policy

Last updated 2026-05-07. Operator: CodeAudit (the "Service").

This policy describes what data we collect, how we use it, and how long we keep it. It is written to be read, not to be impossibly long. We will get this lawyer-reviewed before our launch; the substance below reflects what the system actually does today.

What we collect

• Your email address, via Firebase Authentication, when you sign in. We use it to send transactional emails about your audits and (rarely) operational notices.
• The GitHub URL you submit. We clone the repo, analyse it, write a report, and delete the clone (see retention below).
• Your payment is processed by Stripe. We never see your card number; we store only the Stripe customer id, payment intent id, amount, and status.
• Server logs with timestamps, request paths, and error messages. Logs are kept for at most 30 days.
• Email events (which kind of email, sent or failed) for the lifetime of your account.

What we do with the cloned source code

• We send (parts of) it to Anthropic's API for analysis. Our API key is configured against a Console project with data retention disabled where the platform permits it. We do not send your code to any other third party.
• We run a secret-scrubber over the model's findings before rendering the HTML report; matches are replaced with <REDACTED-SECRET>. Scrubbing is conservative and may flag some non-secrets — that's intentional.
• We delete the cloned source within 60 minutes of audit completion. A signed deletion receipt is emailed to you. You can verify the signature at /verify.
• A sweeper cron runs hourly to garbage-collect any orphaned clone (e.g. after a kernel OOM kill). No clone older than ~1 hour survives on our infrastructure.

What we keep

• The rendered HTML report: kept while your account is active, so you can come back and read it. Source code is NOT stored alongside the report — only file:line citations.
• Audit metadata: id, repo URL, commit SHA, status, timestamps, and the deletion-receipt signature.
• Payment records: as required by tax / accounting law (currently 7 years).

Account deletion

Email privacy@codeaudit.dev to request deletion of your account and all reports. We respond within 30 days. Payment records may be retained as required by law.

Cookies

We set a single first-party session cookie after sign-in. We do not run advertising or analytics cookies.

Data location

Our servers are in the EU (Hetzner). Anthropic's API is hosted in the United States. By submitting a repo you consent to the cross-border transfer required to call the model.

Changes

Material changes will be announced on the dashboard at least 14 days before they take effect.

Contact

privacy@codeaudit.dev.