Privacy Policy

Last updated: May 2026

Information We Collect

When you submit an audit request, we collect: company name, contact name, email address, website URL, repository URL, project type, scope description, timeline preference, and any additional message you provide. We also store a hash of your IP address and user agent for abuse prevention.

How We Use Your Information

We use your information solely to: respond to your audit request, scope and deliver audit services, issue attestation certificates, and send service-related communications. We do not sell, rent, or share your information with third parties for marketing purposes.

Data Storage

Form submissions are stored in Cloudflare D1 (Cloudflare's serverless database). Certificate verification data is stored separately and only public fields (status, dates, fingerprint) are accessible through the verification API. Private project details are never exposed publicly.

Code Access

Source code access for audits is handled through secure channels (GitHub/GitLab invitations, NDA-protected access) agreed upon after initial contact. We do not retain copies of your source code after the audit engagement concludes unless separately agreed in writing.

Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting audit@codegrc.com. We will respond within 30 days.

Contact

For privacy-related inquiries: audit@codegrc.com