Your privacy is important to us. This Privacy Policy explains how Codectopus collects, uses, and protects your information.
• Email address
• Name (if provided by you or via OAuth)
• Authentication provider (GitHub, Google, or email/password)
• Metadata (repo name, branch, path, file stats)
• Source code (temporarily processed for analysis, not shared with third parties)
• Log data (e.g., IP address, browser type, usage timestamps)
• In-app interactions (e.g., when you run an analysis or request AI review)
We use your data to:
• Provide and improve the Codectopus service
• Analyze code and generate insights/documentation
• Authenticate and secure user accounts
• Communicate with you about updates or issues
• Monitor system performance and prevent abuse
• Data is stored securely in our database and hosting provider
• Transport Layer Security (TLS) protects data in transit
• Encryption-at-rest for sensitive data including GitHub and Slack tokens
• Role-based access controls limit staff access to user data
• We do not sell your data
• Repository content: Deleted immediately after analysis completion (not stored permanently)
• Analysis results & metrics: Retained for the lifetime of your account
• Usage logs: Retained for 90 days for security and debugging purposes
• Account data: Retained until account deletion is requested
We do not share your personal data with third parties except:
• Service providers (e.g., cloud hosting, email services) needed to run Codectopus
• Payment processors (e.g., Stripe) for billing and subscription management
• AI providers (OpenAI, Anthropic, Google) for code analysis and review generation
• Legal compliance if required by law
We will never sell your data to advertisers.
• We do not store your full credit card details on our servers
• Payment processing is handled securely by Stripe, a PCI-compliant payment processor
• We retain only limited billing information (last 4 digits, billing address) for receipts and compliance
• Subscription and billing history is maintained for accounting and tax purposes
• Codectopus analyzes repository content to generate results.
• Code is not stored permanently unless necessary for analysis results (e.g., metrics, summaries).
• You can revoke GitHub access at any time.
AI Providers: We use Google AI services for code analysis and review generation
Data Minimization: We send only the minimum necessary code snippets required for analysis
Training Opt-out: Your code is not used to train AI models unless you explicitly opt-in
Processing Purpose: Code is processed solely to generate your requested analysis and reviews
Temporary Processing: Code sent to AI providers is not stored by them beyond the processing session
Depending on your location (e.g., GDPR, CCPA), you have rights to:
• Access the data we store about you
• Request correction or deletion
• Revoke permissions (e.g., GitHub access)
• Export your data
How to Request: Delete your account by contacting our support team
What Gets Deleted: Account data, repository metadata, analysis results, and usage logs
Timeline: Complete deletion within 30 days of request
Exceptions: Some data may be retained for legal compliance or fraud prevention as required by law
• Data may be processed and stored in the United States and other countries where our service providers operate
• For EU users, we ensure adequate protection through Standard Contractual Clauses (SCCs) and GDPR-compliant providers
• All international transfers maintain the same level of protection as outlined in this policy
Codectopus may use cookies or local storage for authentication and user experience.
Codectopus is not intended for children under 13 (or 16 in the EU).
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
How we notify you:
• Email notification for significant changes
• Dashboard notification when you next log in (when implemented)
• Updated effective date at the top of this policy
If you have questions about this Privacy Policy, contact our support team
We're committed to protecting your data and being transparent about our practices.