CodeDD Logo
Book a demo

CodeDD

Privacy Policy

Last updated August 26, 2024

1. Introduction

At CodeDD, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our software-as-a-service application, related applications, software, products, and services (collectively, the "Service").

This Privacy Policy is designed to help you understand our practices regarding your personal data in line with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Data Controller Information

CodeDD Limited (hereinafter "CodeDD", "we", "us", or "our") is the data controller responsible for your personal data.

Contact information:

  • Legal entity: CodeDD Limited
  • Address: 128, City Road, London, EC1V 2NX, United Kingdom
  • Email: info@codedd.ai

3. What Information We Collect

3.1. Personal Data

We may collect the following categories of personal data from you:

  • Account Information: When you register for an Account, we collect your name, email address, and other contact information.
  • Billing Information: If you purchase a paid Organization, we collect payment information, billing address, and transaction details.
  • Profile Information: Information you provide in your user profile, such as profile picture, job title, or organization.
  • User Content: Information you submit to our Service, including source code for analysis, comments, and feedback.
  • Communication Data: Records of your interactions with us, including support requests and feedback.

3.2. Usage Data

We automatically collect certain information when you visit, use, or navigate our Service. This information does not reveal your specific identity but may include:

  • Device and connection information (such as IP address, browser type, operating system)
  • Usage details (such as pages visited, features used, time spent on the Service)
  • Performance and error data
  • Referral sources

3.3. Technical Data About Your Projects

When you use our Service for code analysis, we collect:

  • Source code you submit for analysis
  • Code repositories structure
  • Programming languages and frameworks used
  • Meta-information about your projects

4. How We Collect Information

We collect information through:

  • Direct Interactions: Information you provide when creating an account, submitting code for analysis, contacting support, or using our Service.
  • Automated Technologies: As you navigate through our Service, we may use cookies, server logs, and similar technologies to collect usage data.
  • Third Parties: We may receive information about you from third parties such as payment processors or authentication services.

5. How We Use Your Information

We use the information we collect for various purposes, including:

5.1. Provision of Service

  • To provide and maintain our Service
  • To process transactions and manage your Account
  • To perform code analysis and generate reports
  • To respond to your inquiries and provide customer support

5.2. Improvement and Development

  • To improve and optimize our Service
  • To develop new products, services, and features
  • To understand how users interact with our Service

5.3. Communication

  • To communicate with you about updates, security alerts, and support
  • To provide news and information about our Service that may be of interest to you

5.4. Legal Compliance and Protection

  • To comply with applicable laws and regulations
  • To enforce our terms and policies
  • To protect our rights, privacy, safety, or property
  • To protect against legal liability

6. Legal Basis for Processing

Under the GDPR, we process your personal data based on the following legal grounds:

  • Performance of Contract: Processing necessary for the performance of our contract with you to provide the Service.
  • Legitimate Interests: Processing necessary for our legitimate interests, such as improving our Service, preventing fraud, and ensuring network security.
  • Legal Obligation: Processing necessary to comply with our legal obligations.
  • Consent: Where you have given consent for specific processing activities.

7. How We Share Your Information

We may share your information with the following categories of third parties:

7.1. Service Providers

We may share your information with third-party vendors, service providers, and contractors who perform services on our behalf, such as:

  • Payment processors
  • Cloud hosting providers
  • Analytics providers
  • Customer support services
  • Large Language Model providers (such as OpenAI or Anthropic) under commercial agreements

7.2. Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

7.3. Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.

7.4. With Your Consent

We may share your information with third parties when you have given us your consent to do so.

8. International Transfers

Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

When we transfer personal data outside the European Economic Area (EEA), we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards, such as:

  • Using EU Commission-approved standard contractual clauses
  • Transferring to countries with an adequacy decision from the EU Commission
  • Implementing additional technical and organizational measures as necessary

9. Data Security

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • End-to-end encryption of source code
  • Storage exclusively on European servers (IONOS)
  • Access controls and authentication procedures
  • Regular security assessments
  • Permanent deletion of source code upon audit completion

Despite our efforts, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

10. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Specific retention periods:

  • Account information: For the duration of your account and a reasonable period thereafter
  • Source code: Temporarily stored only for the duration of the audit process and deleted upon completion
  • Usage data: Up to 36 months for analytical purposes
  • Billing information: As required by applicable tax and accounting laws

11. Your Data Protection Rights

Under the GDPR and other applicable data protection laws, you have certain rights regarding your personal data:

  • Right of Access: You have the right to request a copy of your personal data.
  • Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.
  • Right to Erasure: You have the right to request the deletion of your personal data under certain conditions.
  • Right to Restrict Processing: You have the right to request restriction of processing of your personal data under certain conditions.
  • Right to Data Portability: You have the right to request the transfer of your personal data to another organization or directly to you.
  • Right to Object: You have the right to object to the processing of your personal data under certain conditions.
  • Right to Withdraw Consent: You have the right to withdraw consent where we rely on consent to process your personal data.

To exercise these rights, please contact us at contact@codedd.ai. We will respond to your request within one month. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information.

Types of cookies we use:

  • Essential Cookies: Necessary for the operation of our Service.
  • Analytical/Performance Cookies: Allow us to recognize and count the number of visitors and see how visitors move around our Service.
  • Functionality Cookies: Enable us to personalize content and remember your preferences.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

13. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to remove that information from our servers.

14. Third-Party Links

Our Service may contain links to third-party websites or services that are not owned or controlled by CodeDD. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We strongly advise you to review the privacy policy of every site you visit.

15. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this Privacy Policy.

We will notify you of material changes to this Privacy Policy at least 30 days before the change takes effect by posting a notice on our website or sending an email to the primary email address specified in your Account. Your continued use of our Service after such notice constitutes your acceptance of the changes.

We encourage you to review this Privacy Policy periodically for any changes.

16. Data Protection Authority

If you have a concern about our privacy practices, including the way we handle your personal data, you can report it to the United Kingdom Information Commissioner's Office (ICO):

  • Website: https://ico.org.uk/
  • Address: 3rd Floor, 107 Cheapside, London, EC2V 6DN, United Kingdom
  • Phone: +44 303 123 1113
  • Email: enquiries@ico.org.uk

17. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

  • Email: contact@codedd.ai
  • Mail: CodeDD Limited, 128, City Road, London, EC1V 2NX, United Kingdom

18. Processing of Source Code

When you submit source code for analysis through our Service, please note the following specific provisions:

  • Your source code is temporarily stored and processed solely for the purpose of providing you with analysis and audit results.
  • Source code is permanently deleted upon completion of the analysis process.
  • Access to source code is limited to essential CodeDD systems and processes, as well as licensed Large Language Model providers under commercial agreements.
  • We implement robust technical measures to secure your source code, including end-to-end encryption and temporary storage on European servers only.
  • We do not use your source code to train our models or for any purpose other than providing you with the requested Service.

19. Specific Provisions for Enterprise Customers

For customers on an Enterprise Plan, additional privacy and security provisions may apply as specified in your service agreement. These may include:

  • Customized data retention policies
  • Enhanced security measures
  • Dedicated data storage
  • Tailored processing limitations
  • Custom reporting and compliance documentation

Enterprise customers should refer to their specific service agreement for details on these additional provisions.