PRIVACY policy
Updated June 30, 2023
Codacy’s group companies (collectively, “Codacy”, “We” and “Us”) are dedicated to providing its Customers and Users the highest level of transparency and control over the use of their data when using our Services. This Policy details each type of personal data we collect, how we use it, and how you can control it. Any information processed by Codacy is treated as confidential, stored securely, and accessed by authorized personnel only. Codacy has implemented and maintains appropriate technical, security, and organizational measures to protect your personal data against unauthorized or unlawful processing and against any loss, destruction, damage, theft or disclosure. Also, Codacy security compliance portfolio includes adhering to key standards such as SOC 2 Type 2.
1. What personal data do we collect?
Accessing and browsing the Website, does not necessarily imply the provision of personal
data. However, certain features require it, such as submitting a contact form to ask questions regarding
Codacy’s Products. The remaining features available on the Website and associated with Codacy Products
require prior registration on Codacy in agreement with the subscription of the respective Product.
Codacy currently collects the following personal data from Website Visitors and Customers or Users
(hereinafter “Users”):
Upon sign up: When you sign up you give us certain information voluntarily. This
includes your name and email address (inferred from the third-party application you selected to register
on Codacy).
On Services Plan subscription: If you decide to subscribe to one of our Services Plans,
we may request payment and billing details. Your payment information (credit or debit card details),
although provided on our platform is only made available through a third-party payment platform. At any
point Codacy does not have access to or stores data related to your card details. The information
collected for billing purposes (such as: First name, Last name, Company name, email, phone, address, VAT
number (when applicable)) is directly inserted by you in a third-party platform, and Codacy can access
to issue invoices.
Other information submitted by you: Codacy may collect and process any personal data
that you make voluntarily available by filling our Website’s forms, such as Demos or Free Trials
requests, our Blog or Newsletters subscription, and/or by downloading our Ebooks. In all of these
actions, you need to provide us voluntarily the required fields, which may vary depending on the action,
such as name and e-mail address.
Cookies and similar technologies: Codacy uses cookies and similar technologies (like
web beacons and pixels) to collect information about Users interactions with the Codacy Products,
including identifiers, usage data, session information, links clicked, pages visited, and mouse
movements. For more detailed information about how we use cookies, please review our Cookies Policy.
Please note that all data requested by Codacy is mandatory, and failure to provide this data may make it
impossible for us to provide our Services. In cases where we specifically state that some of the data
are not mandatory, Users are free not to communicate this data without any consequences on the
availability or the functioning of the Services.
2. What we do with the information we collect?
We use personal information collected via our Website for a variety of business purposes
described below. We process your personal information for these purposes in reliance on our legitimate
business interests, in order to enter into or perform a contract with you, with your consent, and/or for
compliance with our legal obligations.
We use the information we collect to provide a better Service to you. In order to do that, it is
necessary for us to use your information to:
To manage account creation. Do registration and authentication in the Codacy Products.
To post testimonials. We post testimonials on our Website that may contain personal information. Prior
to posting a testimonial, we will obtain your consent to use your name, image, and the content of the
testimonial.
To manage User account. Collect information from GitHub, GitLab, Bitbucket, and Jira to perform the
Product
To send administrative information to you. We may use your personal information to send you product,
service, and new feature information and/or information about changes to our terms, conditions, and
policies.
To protect the Codacy Products. We may use your information as part of our efforts to keep our Website
and Product safe and secure (for example, for fraud monitoring and prevention).
To respond to User inquiries/offer support to Users. We may use your information to respond to your
inquiries and solve any potential issues you might have with the use of our Products.
To perform database management for Customers or Users.
To recruitment and job opportunities. We share job opportunities on our Careers Website, where you can
fill in a form and apply for a specific role. We will only collect the necessary information to be able
to duly manage the recruitment process.
To send you marketing and promotional communications (in accordance with your preferences). We will only
use your information with your consent in order to send you marketing materials by email or push
notification. Each time we send you marketing materials, we give you the option to unsubscribe/opt-out
at any time.
Content performance and features testing (A/B testing);
To respond to legal requests and law enforcement in keeping Codacy safe. We may get requests for account
information from law enforcement authorities like the police or courts.
No sale or sharing of personal information. We do not share, sell, rent, or trade user information with
third parties for their commercial purposes.
3. How you can control your data?
You have certain rights under applicable data protection laws. These may include the right
(i) to request access and obtain a copy of your personal information, (ii) to request rectification or
erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data
portability. In certain circumstances, you may also have the right to object to processing your personal
information. Our goal is to give you simple and meaningful choices regarding your information. If you
have a Codacy account, many of the choices you have on Codacy are built directly into Codacy or your
settings.
For example, you can:
Access the information we hold about you at any time - which can be done directly on our Platform;
Edit your account information at any time - this does not include your email, since any change needs to
be done directly in the third-party platform you selected on sign up;
Remove credit or debit card details at any time - if you decide to downgrade your Service Plan, you can
remove your payment details through our Platform;
Delete your account at any time - when you decide to do so, all your personal information will be
deleted, except for any information required to comply with our legal obligations, to resolve disputes,
and enforce our agreements;
Unsubscribe from Marketing or Services related communications - you can unsubscribe directly on the
emails you receive from Codacy, related to Newsletters, Blog updates, and others or define your
notification preferences on the Platform;
Complain to a regulator. If you are based in the EU/EEA and suspect that we have not complied with data
protection laws, you have a right to lodge a complaint before the Portuguese Data Protection Supervisory
Authority or with other competent supervisory authority.
You can exercise your rights at any time. To do so, send a communication to the following e-mail
address: privacy@codacy.com, which will be executed within a
period of 30 days following the date of your request (except in cases of special complexity, in which
this period may be extended to two months upon due justification).
4. How and when we share information?
Some of the ways we use your information requires us to share information with third parties, so we can
provide you with the best experience, make sure our customization is effective and comply with laws that
apply to us.
We may share your information as follows:
Service providers. We use third-party service providers who work on our behalf, including to provide
hosting services, authentication services, cybersecurity and anti-fraud services, and advertising, which
may require us to share your personal information.
Affiliates. We may share your personal information with our affiliate companies who may act for us for
any of the purposes set out in this Privacy Policy, including our current and future parents,
affiliates, subsidiaries, and other companies under common control and ownership.
Marketing and analytics. We may share your personal information with analytics and search-engine
providers that assist us in improving and optimizing our Website, subject to our Cookie Policy.
Processors. Third-party companies or individuals that we employ to process information on our behalf
based on our instructions and in compliance with this Privacy Policy. Codacy undertakes the commitment
to hire only processors who provide sufficient guarantees of implementation of appropriate technical and
organizational measures to ensure the protection of the User's rights.
Consent. We may share your personal information with your consent or at your direction.
Law enforcement agencies or government agencies. We only share information if we believe that disclosure
is reasonably necessary to comply with a law, regulation, or legal request; to protect the safety,
rights, or property of the public, any person, or Codacy; or to detect, prevent, or otherwise address
fraud, security or technical issues.
5. How long we keep your information?
We keep your information only so long as we need it to provide Services to you and fulfill the purposes
described in this Policy. This is also the case for anyone that we share your information with and who
carries out services on our behalf. When we no longer need to use your information, and there is no need
for us to keep it to comply with our legal or regulatory obligations, we’ll either remove it from our
systems or depersonalize it so that we can't identify you.
To determine the appropriate retention period for personal information, we consider several factors,
including:
the terms of our agreements with you;
our legitimate interests (as outlined in this Privacy Policy);
our legal obligations; and
the amount and nature of your personal information.
6. Our policy on childrens’ information
Children under 13 are not allowed to sign up for our Services and use Codacy Products. Codacy does not knowingly collect information from or direct any of our content specifically to children under 13. If we learn or have reason to suspect that you are a user who is under the age of 13, we will close your account. If you are based in the EU/EEA, you may only use Codacy if you are over the age at which you can provide consent to data processing under the laws of your country or if verifiable parental consent for your use of Codacy has been provided to us. If you are a parent and you learn that your child is using Codacy and you don't want them to, please contact us at privacy@codacy.com.
7. Transferring your information
Codacy is a global service platform. Due to its worldwide market approach, to the extent applicable,
your personal information may be collected in, transferred to, accessed from, or stored in a country
other than the one you are in, which may have data protection rules that are different from those of
your country.
By principle, all data is stored in AWS servers located in Ireland. Your personal information is only
transferred out of your country in accordance with applicable data protection law, including, for
example, to third countries that adequately safeguard personal data (Commission Adequacy Decision), or
under the European Commission-approved Standard Contractual Clauses.
8. Security
At Codacy, we take the protection of User/Customer Data extremely seriously. Codacy implements
platform-wide designed to prevent unauthorized access, use, alteration or disclosure of personal data.
Codact is SOC 2 compliant and have an attested SOC 2 Type II report.
For further information please consult Codacy’s Security page.
9. Cookies
Codacy may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how Codacy uses such technologies and how you can refuse certain cookies is set out in the Cookies Policy.
10. Applicable Data Protection Law
This Privacy Policy, as well as the processing of personal data by Codacy, are governed by the provisions of Regulation (EU) 2016/679, of the European Parliament and of the Council, of 27 April 2016 ("GDPR"). GDPR is hailed as the gold standard for the protection of Users as Data Subjects.
11. Changes to this Privacy Policy
Codacy reserves the right to make changes to this Privacy Policy at any time by giving notice to its Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. If a User objects to any of the changes to the Policy, the User must cease using Codacy’s Services.
Questions?
If you have any questions or concerns about this Privacy Policy, please contact us at privacy@codacy.com.