Last updated: February 11, 2026
1. Information We Collect
We collect the following types of information:
- Account Information: Name, email address, and password hash when you register.
- OAuth Data: When you connect via GitHub, Google, or Bitbucket, we receive your public profile information and repository access as authorized.
- Source Code: Temporarily accessed during scans. We do not permanently store your source code.
- Scan Results: Vulnerability findings, severity scores, and remediation suggestions are stored to provide the Service.
- Usage Data: Page views, feature usage, scan frequency, and performance metrics.
- Payment Information: Processed securely by Stripe or Razorpay. We do not store credit card numbers.
2. How We Use Your Information
- To provide, maintain, and improve the Service.
- To perform security analysis on your connected repositories.
- To send you scan results, alerts, and service notifications.
- To process payments and manage your subscription.
- To respond to support requests and communicate about your account.
- To detect and prevent fraud, abuse, or security incidents.
3. Data Storage & Security
We implement industry-standard security measures to protect your data:
- All data is encrypted in transit using TLS 1.2+.
- Sensitive credentials (API tokens, integration keys) are encrypted at rest.
- Source code is accessed temporarily and not persisted after scan completion.
- Database backups are encrypted and stored in secure, access-controlled environments.
- We conduct regular security audits of our own infrastructure.
4. Data Sharing
We do not sell your personal information. We may share data only in the following circumstances:
- Service Providers: Payment processors (Stripe, Razorpay), email delivery services, and infrastructure providers who need access to perform their functions.
- Legal Requirements: When required by law, regulation, or valid legal process.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections.
- With Your Consent: When you explicitly authorize sharing with third parties.
5. Multi-Tenant Isolation
CodeHawk operates as a multi-tenant SaaS platform. Your organization's data is logically isolated from other organizations. Team members within your organization can access shared scan results and repository data based on their assigned role permissions.
6. Third-Party Integrations
When you connect third-party services (GitHub, Bitbucket, Slack, Jira), we access only the data necessary to provide the Service. You can disconnect integrations at any time from your dashboard settings. Disconnecting removes our access to that service's data.
7. Your Rights
You have the right to:
- Access: Request a copy of your personal data.
- Correction: Update or correct inaccurate information.
- Deletion: Request deletion of your account and associated data.
- Export: Download your scan results and reports.
- Restrict Processing: Limit how we use your data.
To exercise these rights, contact us at privacy@codehawk.co.
8. Data Retention
We retain your account data for the duration of your active subscription. Scan results are retained for 12 months by default. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.
9. Cookies & Analytics
We use essential cookies for authentication and session management. We may use analytics tools to understand how the Service is used. You can control cookie preferences through your browser settings.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 30 days before they take effect.