CodeCopCodeCopv2

Privacy Notice

Last updated: May 25, 2026

1. Who we are

CodeCop is operated by uniq Holding Inc ("CodeCop", "we", "us"). For personal data processed in connection with the Service, uniq Holding Inc is the data controller. You can reach us at privacy@codecop.io.

2. Personal data we collect

  • Account data: email address, login credentials (hashed), account creation date.
  • Profile data: scan count, role, plan/subscription status.
  • Submitted content: code snippets, uploaded files/archives, GitHub URLs you provide for scanning.
  • Scan output: AI-generated findings, risk scores, and metadata associated with your scans.
  • Support communications: messages you send to us.
  • Usage and device data: IP address, browser type, pages visited, referring URLs, error and performance telemetry.
  • Cookies and similar technologies: see Section 8.

Billing and payment information (card details, billing address, tax IDs) is collected and processed by our Merchant of Record, Stripe. We do not see or store full card numbers.

3. How we use personal data and our legal basis

  • Provide the Service (account creation, scan execution, history, report delivery) — performance of a contract with you.
  • Process payments and subscriptions via Stripe — performance of a contract.
  • Security, abuse prevention, and rate limiting — legitimate interests in protecting the Service and our users.
  • Customer support — performance of a contract / legitimate interests.
  • Service improvement, debugging, and analytics — legitimate interests (we use aggregated and minimised data where possible).
  • Compliance with legal obligations (tax, accounting, lawful requests) — legal obligation.
  • Marketing communications (if you opt in) — consent, which you can withdraw at any time.

4. AI processing of submitted code

Code you submit is sent to our AI provider for analysis solely to generate your scan results. We do not use your code to train foundation models. We retain submitted file names, scan metadata, and findings to power your scan history and to operate the Service. Treat any code you submit as you would code shared with a third-party processor — do not submit production secrets or content you are not permitted to share.

5. Who we share personal data with

  • Stripe — our Merchant of Record for selling the Service. Stripe handles payments, subscription management, taxes, invoicing, refunds, and customer service for billing questions.
  • Hosting and infrastructure providers — application hosting, database hosting, and edge delivery used to run the Service.
  • AI model provider(s) — to perform the security analysis you request.
  • Analytics and error-monitoring tools — to understand usage and debug issues, configured to avoid collecting unnecessary personal data.
  • Professional advisers (legal, accounting) where reasonably necessary.
  • Authorities, where required by law or to protect our rights.

We do not sell personal data.

6. International transfers

Some of our service providers are located outside your country, including in the United States and the European Economic Area. Where personal data is transferred outside the UK/EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or adequacy decisions.

7. Data retention

We keep personal data only as long as needed to provide the Service and meet legal, tax, and accounting obligations. Account and scan data is retained while your account is active. If you delete your account, we delete or anonymise personal data within a reasonable period unless retention is required by law (e.g. billing records held by Stripe for tax purposes).

8. Cookies

We use strictly necessary cookies for authentication and session management. We may use analytics cookies to measure usage in aggregate. You can control cookies through your browser settings; blocking essential cookies will break sign-in.

9. Your rights

Depending on where you live, you may have the right to access, rectify, erase, restrict, or port your personal data, to object to processing based on legitimate interests, and to withdraw consent. UK and EEA residents also have the right to lodge a complaint with their local supervisory authority. We respond to valid requests within one month. To exercise these rights, email privacy@codecop.io.

10. Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, role-based permissions, and row-level security on user data. No system is perfectly secure; please notify us immediately if you suspect a security issue.

11. Changes

We may update this Privacy Notice. Material changes will be announced in-product or by email. The "Last updated" date above reflects the most recent revision.