CodeVF Privacy Policy

This Privacy Policy explains how CodeVF, LLC (“CodeVF,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards information in connection with the CodeVF platform, APIs, browser extensions, and related services (collectively, the “Services”).

By accessing or using the Services, you consent to the data practices described here. If you do not agree, do not use the Services.

Account Data: name, email, password hashes, profile photo, organization details, and team membership metadata.

Repository & Scan Data: source code snippets, file metadata, security scan output, git history, pull request metadata, commit authorship information, and repository-level analytics that you authorize us to ingest from GitHub or other integrations.

Usage Data: device information, IP address, browser type, referring URLs, feature usage, telemetry events, and diagnostic logs.

Payment Data: billing contact, subscription tier, and payment tokens handled by our processors (e.g., Stripe). We do not store full credit card numbers.

Support & Communications: questions, bug reports, survey responses, and any content you submit to support channels.

Deliver and improve the Services, including authenticating users, processing repository analyses, and sending transactional communications.

Detect, investigate, and prevent security incidents, abuse, or violations of our Terms of Service.

Develop new features—especially AI-assisted review tooling—by training, tuning, and validating machine learning models using de-identified and aggregated Customer Data.

Understand usage trends and performance to inform product decisions, capacity planning, and roadmap prioritization.

Comply with legal obligations, enforce agreements, and protect the rights, property, or safety of CodeVF, our users, or the public.

Send marketing or product updates where permitted; you may opt out of non-essential emails by using unsubscribe links or contacting codevfbusiness@gmail.com.

Service Providers: trusted vendors that deliver hosting, data storage, compute, email delivery, analytics, customer support, payment processing, or security services. These providers access data only to perform work on our behalf and must maintain confidentiality.

AI & Infrastructure Partners: cloud providers (e.g., AWS) and AI platforms (e.g., Bedrock) that process code snippets or metadata solely to return requested inferences. We apply technical controls to avoid storing long-term model training data with third parties unless explicitly disclosed.

Team Members & Collaborators: when you belong to a shared workspace, authorized teammates may view code reviews, scan output, and activity logs according to your role and permission settings.

Legal & Compliance: we may disclose data when required by law, subpoena, or other legal process, or when we believe disclosure is necessary to enforce our agreements or protect rights.

Business Transfers: if we merge, sell assets, finance, or acquire another organization, data may be transferred subject to the commitments in this Policy.

Aggregated or De-Identified Data: we may publish or share statistics that do not identify you (for example, average remediation time or aggregated vulnerability counts).

We retain personal data for as long as your account is active or as needed to provide the Services. We also keep certain logs for security, billing, and compliance purposes.

Upon request or account deletion, we will delete or anonymize Customer Data within a reasonable timeframe, except where retention is necessary to comply with law, resolve disputes, or enforce agreements.

Aggregated, irreversible analytics derived from Customer Data may be retained indefinitely.

You may access, update, or delete certain profile data in the dashboard. For additional requests, email codevfbusiness@gmail.com.

Depending on your jurisdiction (for example, EEA/UK/Switzerland/California), you may have rights to request access, correction, deletion, portability, or restriction of processing. We will respond consistent with applicable laws.

You can disconnect GitHub or other integrations at any time. Doing so stops future ingestion but does not automatically delete previously processed data.

CodeVF is headquartered in the United States and stores data primarily in U.S.-based data centers.

When transferring personal data from the European Economic Area, the United Kingdom, or Switzerland to the United States, we rely on approved transfer mechanisms such as Standard Contractual Clauses or other lawful safeguards.

We use encryption in transit, network segmentation, role-based access controls, and automated monitoring to protect Customer Data.

No security practice is perfect; you agree to use the Services at your own risk and to notify us promptly at codevfbusiness@gmail.com if you believe your account has been compromised.

The Services are not directed to children under 16. We do not knowingly collect personal data from children. If you learn that a child has provided personal data, please contact us so we can delete it.

We may update this Privacy Policy from time to time. Material changes will be communicated via email, dashboard notice, or other appropriate channels.

Continued use of the Services after a change becomes effective signifies consent to the updated Policy.

For privacy questions or data-subject requests, email codevfbusiness@gmail.com or write to CodeVF, LLC, Attn: Privacy. We aim to respond within 30 days.