Watch our latest Product Showcase

Group 370

Meet us at WeAreDevelopers World Congress in Berlin

Group 370

Spotlight Whitepaper by IDC on Importance of Automated Code Review Technologies

Group 370

PRIVACY policy

Updated June 30, 2023


Codacy’s group companies (collectively, “Codacy”, “We” and “Us”) are dedicated to providing its Customers and Users the highest level of transparency and control over the use of their data when using our Services. This Policy details each type of personal data we collect, how we use it, and how you can control it. Any information processed by Codacy is treated as confidential, stored securely, and accessed by authorized personnel only. Codacy has implemented and maintains appropriate technical, security, and organizational measures to protect your personal data against unauthorized or unlawful processing and against any loss, destruction, damage, theft or disclosure. Also, Codacy security compliance portfolio includes adhering to key standards such as SOC 2 Type 2.

1. What personal data do we collect?

Accessing and browsing the Website, does not necessarily imply the provision of personal data. However, certain features require it, such as submitting a contact form to ask questions regarding Codacy’s Products. The remaining features available on the Website and associated with Codacy Products require prior registration on Codacy in agreement with the subscription of the respective Product.
Codacy currently collects the following personal data from Website Visitors and Customers or Users (hereinafter “Users”):
Upon sign up: When you sign up you give us certain information voluntarily. This includes your name and email address (inferred from the third-party application you selected to register on Codacy).
On Services Plan subscription: If you decide to subscribe to one of our Services Plans, we may request payment and billing details. Your payment information (credit or debit card details), although provided on our platform is only made available through a third-party payment platform. At any point Codacy does not have access to or stores data related to your card details. The information collected for billing purposes (such as: First name, Last name, Company name, email, phone, address, VAT number (when applicable)) is directly inserted by you in a third-party platform, and Codacy can access to issue invoices.
Other information submitted by you: Codacy may collect and process any personal data that you make voluntarily available by filling our Website’s forms, such as Demos or Free Trials requests, our Blog or Newsletters subscription, and/or by downloading our Ebooks. In all of these actions, you need to provide us voluntarily the required fields, which may vary depending on the action, such as name and e-mail address.
Cookies and similar technologies: Codacy uses cookies and similar technologies (like web beacons and pixels) to collect information about Users interactions with the Codacy Products, including identifiers, usage data, session information, links clicked, pages visited, and mouse movements. For more detailed information about how we use cookies, please review our Cookies Policy.
Please note that all data requested by Codacy is mandatory, and failure to provide this data may make it impossible for us to provide our Services. In cases where we specifically state that some of the data are not mandatory, Users are free not to communicate this data without any consequences on the availability or the functioning of the Services.

2. What we do with the information we collect?

We use personal information collected via our Website for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests, in order to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations. 
We use the information we collect to provide a better Service to you. In order to do that, it is necessary for us to use your information to:
To manage account creation. Do registration and authentication in the Codacy Products.
To post testimonials. We post testimonials on our Website that may contain personal information. Prior to posting a testimonial, we will obtain your consent to use your name, image, and the content of the testimonial.
To manage User account. Collect information from GitHub, GitLab, Bitbucket, and Jira to perform the Product
To send administrative information to you. We may use your personal information to send you product, service, and new feature information and/or information about changes to our terms, conditions, and policies.
To protect the Codacy Products. We may use your information as part of our efforts to keep our Website and Product safe and secure (for example, for fraud monitoring and prevention).
To respond to User inquiries/offer support to Users. We may use your information to respond to your inquiries and solve any potential issues you might have with the use of our Products.
To perform database management for Customers or Users.
To recruitment and job opportunities. We share job opportunities on our Careers Website, where you can fill in a form and apply for a specific role. We will only collect the necessary information to be able to duly manage the recruitment process.
To send you marketing and promotional communications (in accordance with your preferences). We will only use your information with your consent in order to send you marketing materials by email or push notification. Each time we send you marketing materials, we give you the option to unsubscribe/opt-out at any time. Content performance and features testing (A/B testing);
To respond to legal requests and law enforcement in keeping Codacy safe. We may get requests for account information from law enforcement authorities like the police or courts.

No sale or sharing of personal information. We do not share, sell, rent, or trade user information with third parties for their commercial purposes.

3. How you can control your data?

You have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to processing your personal information. Our goal is to give you simple and meaningful choices regarding your information. If you have a Codacy account, many of the choices you have on Codacy are built directly into Codacy or your settings.

For example, you can:
Access the information we hold about you at any time - which can be done directly on our Platform; Edit your account information at any time - this does not include your email, since any change needs to be done directly in the third-party platform you selected on sign up;
Remove credit or debit card details at any time - if you decide to downgrade your Service Plan, you can remove your payment details through our Platform;
Delete your account at any time - when you decide to do so, all your personal information will be deleted, except for any information required to comply with our legal obligations, to resolve disputes, and enforce our agreements; Unsubscribe from Marketing or Services related communications - you can unsubscribe directly on the emails you receive from Codacy, related to Newsletters, Blog updates, and others or define your notification preferences on the Platform; Complain to a regulator. If you are based in the EU/EEA and suspect that we have not complied with data protection laws, you have a right to lodge a complaint before the Portuguese Data Protection Supervisory Authority or with other competent supervisory authority.
You can exercise your rights at any time. To do so, send a communication to the following e-mail address: privacy@codacy.com, which will be executed within a period of 30 days following the date of your request (except in cases of special complexity, in which this period may be extended to two months upon due justification).

4. How and when we share information?

Some of the ways we use your information requires us to share information with third parties, so we can provide you with the best experience, make sure our customization is effective and comply with laws that apply to us. 

We may share your information as follows:
Service providers. We use third-party service providers who work on our behalf, including to provide hosting services, authentication services, cybersecurity and anti-fraud services, and advertising, which may require us to share your personal information. 
Affiliates. We may share your personal information with our affiliate companies who may act for us for any of the purposes set out in this Privacy Policy, including our current and future parents, affiliates, subsidiaries, and other companies under common control and ownership. 
Marketing and analytics. We may share your personal information with analytics and search-engine providers that assist us in improving and optimizing our Website, subject to our Cookie Policy.
Processors. Third-party companies or individuals that we employ to process information on our behalf based on our instructions and in compliance with this Privacy Policy. Codacy undertakes the commitment to hire only processors who provide sufficient guarantees of implementation of appropriate technical and organizational measures to ensure the protection of the User's rights.
Consent. We may share your personal information with your consent or at your direction. 
Law enforcement agencies or government agencies. We only share information if we believe that disclosure is reasonably necessary to comply with a law, regulation, or legal request; to protect the safety, rights, or property of the public, any person, or Codacy; or to detect, prevent, or otherwise address fraud, security or technical issues.

5. How long we keep your information?

We keep your information only so long as we need it to provide Services to you and fulfill the purposes described in this Policy. This is also the case for anyone that we share your information with and who carries out services on our behalf. When we no longer need to use your information, and there is no need for us to keep it to comply with our legal or regulatory obligations, we’ll either remove it from our systems or depersonalize it so that we can't identify you.

To determine the appropriate retention period for personal information, we consider several factors, including:
the terms of our agreements with you;
our legitimate interests (as outlined in this Privacy Policy);
our legal obligations; and
the amount and nature of your personal information.

6. Our policy on childrens’ information

Children under 13 are not allowed to sign up for our Services and use Codacy Products. Codacy does not knowingly collect information from or direct any of our content specifically to children under 13. If we learn or have reason to suspect that you are a user who is under the age of 13, we will close your account. If you are based in the EU/EEA, you may only use Codacy if you are over the age at which you can provide consent to data processing under the laws of your country or if verifiable parental consent for your use of Codacy has been provided to us. If you are a parent and you learn that your child is using Codacy and you don't want them to, please contact us at privacy@codacy.com.

7. Transferring your information

Codacy is a global service platform. Due to its worldwide market approach, to the extent applicable, your personal information may be collected in, transferred to, accessed from, or stored in a country other than the one you are in, which may have data protection rules that are different from those of your country.

By principle, all data is stored in AWS servers located in Ireland. Your personal information is only transferred out of your country in accordance with applicable data protection law, including, for example, to third countries that adequately safeguard personal data (Commission Adequacy Decision), or under the European Commission-approved Standard Contractual Clauses.

8. Security

At Codacy, we take the protection of User/Customer Data extremely seriously. Codacy implements platform-wide designed to prevent unauthorized access, use, alteration or disclosure of personal data. 

Codacy is SOC 2 compliant and have an attested SOC 2 Type II report.

For further information please consult Codacy’s Security page. 

9. Cookies

Codacy may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how Codacy uses such technologies and how you can refuse certain cookies is set out in the Cookies Policy.

10. Applicable Data Protection Law

This Privacy Policy, as well as the processing of personal data by Codacy, are governed by the provisions of Regulation (EU) 2016/679, of the European Parliament and of the Council, of 27 April 2016 ("GDPR"). GDPR is hailed as the gold standard for the protection of Users as Data Subjects. 

11. Changes to this Privacy Policy

Codacy reserves the right to make changes to this Privacy Policy at any time by giving notice to its Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. If a User objects to any of the changes to the Policy, the User must cease using Codacy’s Services.



If you have any questions or concerns about this Privacy Policy, please contact us at privacy@codacy.com.