DocumentationSecurity & PrivacySecure Data Deletion

Secure Data Deletion

How CodeDD permanently deletes your source code after audits

Secure Data Deletion

CodeDD's commitment: zero source-code retention. When an audit completes (or fails), source files in the processing cache are securely wiped. Only findings, scores, and metadata persist.

Deletion triggers

TriggerBehavior
Successful audit completionResults saved → source cache wiped → environment destroyed
Audit failure / cancellationImmediate cleanup
Timeout / errorEmergency cleanup; periodic job catches orphaned caches

Typical cleanup completes within a minute after analysis finishes.

Deletion process

  1. Results persisted — findings, scores, recommendations, file paths, and LOC counts written to the database. No source code stored.
  2. Secure file wipe — each file overwritten with three passes (zeros, 0xFF, random bytes) before removal.
  3. Directory removal — audit cache directory deleted; processing environment destroyed.
  4. Audit trail — deletion logged with timestamp and scope. No source content in logs.

What is deleted

  • All source code in the audit cache
  • Encrypted file blobs and temporary processing artifacts
  • Ephemeral processing environment

What is retained

  • Audit findings (flags, vulnerabilities, recommendations)
  • Scores and KPIs
  • File paths and LOC metadata (not content)
  • Git statistics summaries
  • Deletion audit log entries

Encryption keys

Installation encryption keys are long-lived secrets with rotation support — they are not destroyed per audit. Deletion works by overwriting and removing file blobs, not by key destruction.

User-initiated deletion

Delete audits and organizations from the dashboard. Entity deletion removes associated findings and metadata per the Privacy Policy and DPA.

Next steps