CodeSlick Logo

Privacy Policy

Last Updated: January 17, 2026

1. Introduction

CodeSlick ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, and protect your information in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

CodeSlick is the data controller for personal data collected through our Service.

  • Contact: codeslick@codeslick.dev
  • Website: https://codeslick.dev

3. Information We Collect

3.1 Account Information

When you sign in with GitHub, we collect:

  • GitHub username and user ID
  • Email address
  • Profile picture
  • Organization memberships

3.2 Code Analysis Data

When you analyze code, we temporarily process:

  • Source code (analyzed in memory, not permanently stored)
  • Repository names and file paths
  • Pull request metadata
  • Analysis results and security findings (vulnerabilities, severity levels, line numbers)
  • AI-generated code detection metadata (confidence scores, hallucination patterns identified)
  • Hardcoded secrets detection findings (pattern types, locations - actual secret values are never stored)
  • SBOM data (Software Bill of Materials: dependency inventory, package versions, licenses, CVE/CPE references)
  • SARIF export data (security findings formatted for GitHub Security tab upload)
  • CLI usage telemetry (scan frequency, file types analyzed - if CLI is used)

3.3 Usage Data

We automatically collect:

  • IP address and location (country/city level)
  • Browser type and version
  • Pages visited and features used
  • Date and time of access
  • Number of analyses performed

3.4 Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers. Stripe collects and processes payment information according to their Privacy Policy.

4. How We Use Your Information

We use your personal data for the following purposes:

  • Service Delivery: To provide code analysis and security reports
  • Account Management: To create and manage your account
  • Billing: To process payments and manage subscriptions
  • Communication: To send service updates and respond to inquiries
  • Analytics: To improve our Service and user experience
  • Security: To protect against fraud and unauthorized access
  • Compliance: To comply with legal obligations

5. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract Performance: To provide the Service you subscribed to
  • Legitimate Interests: To improve our Service and prevent fraud
  • Legal Obligation: To comply with tax and legal requirements
  • Consent: For marketing communications (where required)

6. Data Sharing and Disclosure

We share your data only in the following circumstances:

6.1 Service Providers

We share your data with the following third-party service providers who assist in delivering our Service:

  • Stripe: Payment processing (PCI-DSS compliant)
  • Vercel: Hosting and infrastructure (global CDN)
  • PostHog: Analytics (EU servers only)
  • Neon: Database hosting (EU region)
  • GitHub: Authentication (OAuth), SARIF upload to Security tab, PR analysis
  • OpenRouter: AI proxy for fix generation (when using server API keys or credit packs)
  • Third-Party AI Providers: Your code may be sent to AI providers (Anthropic, OpenAI, Together.ai, Groq, Google Gemini, DeepSeek) for fix generation when you:
    • Use CodeSlick server credits/unlimited AI
    • Provide your own API key for these providers
    Each provider has their own privacy policy and data retention practices. We recommend reviewing their policies before use.

6.2 Legal Requirements

We may disclose your data if required by law, court order, or governmental regulation.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

7. Data Retention

We retain your data for the following periods:

  • Source Code: Analyzed in memory only, not stored permanently (deleted immediately after analysis)
  • Analysis Results: Retained for 30 days (shareable reports including security findings, SBOM data, AI detection metadata)
  • SARIF Uploads: Stored on GitHub servers (not CodeSlick), subject to GitHub's retention policies
  • Secrets Detection Findings: Retained for 30 days as part of analysis results (actual secret values are never stored)
  • SBOM Exports: Retained for 30 days (downloadable in SPDX/CycloneDX formats)
  • Account Data: Retained while your account is active and for 30 days after deletion
  • Usage Analytics: Retained for 90 days
  • CLI Telemetry: Retained for 90 days (if applicable)
  • Billing Records: Retained for 7 years (legal requirement for tax compliance)

Data Deletion: You can request deletion of your data at any time by contacting codeslick@codeslick.dev. We will delete your personal data within 30 days, except for billing records which must be retained for legal compliance.

8. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit (TLS/HTTPS)
  • Encryption at rest for databases
  • Secure authentication via GitHub OAuth
  • Regular security audits and updates
  • Access controls and logging
  • Isolated analysis environments

9. Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Restriction: Limit how we process your data
  • Right to Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, email us at: codeslick@codeslick.dev

10. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and security
  • Analytics Cookies: PostHog analytics (EU servers)
  • Session Management: To maintain your logged-in state

You can control cookies through your browser settings, but disabling essential cookies may affect Service functionality.

11. International Data Transfers

Your data is primarily stored in EU data centers (Neon Postgres - EU Central, PostHog - EU). Some service providers (Vercel, GitHub) may process data in the United States under Standard Contractual Clauses (SCCs) approved by the European Commission.

12. Children's Privacy

CodeSlick is not intended for users under 18 years old. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on our Service. The "Last Updated" date will be revised accordingly.

14. Supervisory Authority

If you are located in the EU/EEA, you have the right to lodge a complaint with your national data protection authority if you believe we have not complied with GDPR.

15. Contact Us

For questions about this Privacy Policy or to exercise your rights:

  • Email: codeslick@codeslick.dev
  • Website: https://codeslick.dev
← Back to Home