← Back to CodeHeal

Privacy Policy

Last updated: March 3, 2026

1. Information We Collect

1.1 Account Information

When you sign in via GitHub OAuth, we receive your GitHub username, email address, and profile avatar. We do not access your repositories or source code stored on GitHub.

1.2 Code You Submit for Scanning

Code submitted through the scan interface is processed in memory for analysis. We store scan results (findings, risk scores) in our database for your dashboard history. The raw source code you submit is not permanently stored on our servers after the scan completes.

1.3 Payment Information

Payment is processed by Stripe. We do not store your credit card number, CVC, or full billing details. Stripe provides us with a customer ID, subscription status, and transaction metadata. See Stripe's Privacy Policy for details on how Stripe handles your data.

1.4 Usage Data

We collect basic usage data including scan frequency, feature usage, and page visits to improve the Service. We use UTM parameters and analytics to understand traffic sources.

2. How We Use Your Information

  • Provide and maintain the security scanning service
  • Display your scan history on the dashboard
  • Process subscription payments via Stripe
  • Enforce rate limits and prevent abuse
  • Improve the Service based on usage patterns
  • Communicate important service updates (e.g., terms changes)

3. Data Sharing

We do not sell your personal information. We share data only with:

  • Stripe — for payment processing
  • Vercel — for hosting (server logs)
  • Supabase — for database storage (scan history)

We may disclose information if required by law or to protect our rights.

4. Cookies

We use essential cookies for authentication session management (NextAuth.js). We do not use third-party tracking cookies or advertising cookies.

5. Data Retention

Account data is retained as long as your account is active. Scan history is retained for 12 months. You may request deletion of your data at any time by contacting us (see Section 8).

6. Data Security

We use HTTPS encryption for all data in transit. Database access is restricted with row-level security. Authentication tokens are managed by NextAuth.js with secure cookie settings.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent at any time

To exercise these rights, email us at the address below.

8. Contact

For privacy-related inquiries, contact us at: galmorl@yahoo.co.jp

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Material changes will be communicated via email.