CodeTitanLegal/Privacy Policy
§ LEGALPrivacy

Privacy Policy

Effective·2026-06-12

At CodeTitan, privacy is a core design principle, not an afterthought. This policy explains what we collect, why we collect it, and how we protect it.

1. What we collect

Account data: When you sign up, we collect your name, email address, and billing information (processed via Stripe — we never see your raw card details).

Usage data: We capture a small set of product events (account signup, login, report upload, subscription changes) through PostHog, configured without cookies, with IP collection disabled, and pinned to the EU region. Application errors are reported to Sentry. This helps us improve the product.

Your code: The analysis engine runs on your own machine or CI runner. Your source code is not transmitted to our servers — there is no cloud analysis surface receiving it. If you opt into a cloud feature (uploading or sharing a report), what we receive is a findings report: severities, messages, and the flagged lines (e.g., "SQL injection on line 42") — not your repository.

2. How we use your data

  • To provide, maintain, and improve the CodeTitan service
  • To process payments and send billing-related communications
  • To send product updates, security notices, and support responses
  • To detect and prevent abuse, fraud, and security incidents
  • To comply with legal obligations

We do not sell your data to third parties. We never see your source code, and findings reports are not used to train models.

3. Data sharing

We share data with a limited set of sub-processors (hosting, database, payments, email, analytics, error monitoring) under their published data processing terms. The full list is on our Compliance page. We will never share your data with third parties for marketing purposes.

4. Data retention

Account data is retained for the duration of your subscription and deleted within 30 days of account closure upon request. Findings reports you upload are retained to power your dashboard and run history; deleting a project from the dashboard permanently deletes its runs, findings, and fix summaries, and you can request deletion of anything else by email.

5. Your rights

Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data. To exercise any of these rights, email privacy@codetitan.dev. We will respond within 30 days.

6. Security

Data in transit is protected with TLS. Data at rest is encrypted by our hosting and database providers (Vercel, Supabase); we do not yet operate our own key management. For the full picture, see our Security page.

7. Changes to this policy

We will notify you by email and post a notice on this page at least 14 days before any material changes take effect.

8. Contact

Questions about this policy? Email privacy@codetitan.dev.

Questions?·legal@codetitan.dev