Privacy Policy

Last Updated: November 2, 2025

Summary of Your Privacy

  • Your source code is never stored - processed in-memory only
  • We use encryption for all data transmission
  • You can delete your account and data anytime
  • We never sell your personal information
  • OAuth via GitHub/Google - we don't store your passwords
  • Stripe handles payments - we don't store credit card numbers
  • GDPR and CCPA compliant

1. Introduction

CODEVANISH ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our code obfuscation service ("Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

  • Account Information: Name, email address, profile picture (via GitHub or Google OAuth)
  • Authentication Data: OAuth tokens from GitHub and Google for authentication purposes
  • Payment Information: Billing details processed by Stripe (we do not store credit card numbers)
  • GitHub Repository Data: Repository names, branch information, and file metadata (when you use GitHub integration)

2.2 Usage Information

We automatically collect:

  • Service Usage: Number of obfuscations, obfuscation settings, file types, upload timestamps
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access times, pages viewed, clicks, errors, and performance metrics
  • Cookies: Session cookies, authentication cookies, and preference cookies

2.3 Source Code

We process your source code to provide obfuscation services. Your source code is processed in-memory only and is immediately deleted after obfuscation. We do not store, log, or retain your unobfuscated source code on our servers.

Obfuscated output files are stored temporarily (30 days) for download purposes, then permanently deleted.

2.4 Information We Do NOT Collect

  • Credit card numbers or payment card data (handled by Stripe)
  • Social Security numbers or government IDs
  • Health or medical information
  • Biometric data
  • Your unobfuscated source code (beyond temporary processing)

3. How We Use Your Information

We use your information to:

  • Provide the Service: Process code obfuscation requests and deliver results
  • Account Management: Create and manage your account, authenticate your identity
  • Payment Processing: Process subscriptions and handle billing (via Stripe)
  • Service Improvement: Analyze usage patterns to improve performance and features
  • Customer Support: Respond to your questions, requests, and issues
  • Security: Detect, prevent, and address fraud, abuse, and security issues
  • Legal Compliance: Comply with legal obligations and enforce our Terms of Service
  • Communications: Send service updates, security alerts, and administrative messages
  • Marketing: Send promotional emails about new features (you can opt-out anytime)

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), our legal basis for collecting and using your information depends on the data and the context:

  • Contractual Necessity: Processing is necessary to provide the Service you requested
  • Legitimate Interests: We have a legitimate interest in operating and improving our Service
  • Consent: You have given explicit consent for marketing communications
  • Legal Obligation: We must comply with legal requirements (e.g., tax, financial regulations)

5. Information Sharing and Disclosure

5.1 Third-Party Service Providers

We share information with trusted third parties who help us operate:

  • GitHub: OAuth authentication and repository access (subject to GitHub's privacy policy)
  • Google: OAuth authentication (subject to Google's privacy policy)
  • Stripe: Payment processing and subscription management (subject to Stripe's privacy policy)
  • Cloud Hosting: Infrastructure providers for hosting and data storage
  • Analytics: Service analytics and performance monitoring (if implemented)

These providers have access only to the information necessary to perform their functions and are obligated to protect your information.

5.2 Business Transfers

If CODEVANISH is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose your information if required by law or if we believe such action is necessary to:

  • Comply with legal obligations, court orders, or government requests
  • Enforce our Terms of Service
  • Protect our rights, property, or safety, or that of others
  • Prevent fraud, security breaches, or illegal activity

5.4 With Your Consent

We may share your information with other parties when you explicitly consent to such sharing.

5.5 Aggregated Data

We may share aggregated, anonymized data that does not personally identify you for research, marketing, or analytics purposes.

6. Cookies and Tracking Technologies

6.1 What We Use

  • Essential Cookies: Required for authentication and basic functionality (cannot be disabled)
  • Preference Cookies: Remember your settings and preferences
  • Session Cookies: Maintain your logged-in state (deleted when you close your browser)
  • Analytics Cookies: Help us understand how you use the Service (if implemented)

6.2 Your Choices

You can set your browser to refuse cookies or alert you when cookies are being sent. However, some features of the Service may not function properly without cookies. You can manage cookie preferences in your browser settings.

7. Data Security

We implement industry-standard security measures including:

  • Encryption: All data in transit is encrypted using TLS/SSL
  • Access Controls: Limited employee access to personal information on a need-to-know basis
  • Secure Infrastructure: Regular security audits and monitoring
  • Source Code Protection: Your code is processed in-memory only and immediately deleted
  • Database Security: Encrypted at rest, regular backups, access logging
  • Authentication: OAuth 2.0 for secure authentication via GitHub and Google

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Data Retention

We retain your information for the following periods:

  • Account Data: As long as your account is active, plus 90 days after deletion
  • Source Code: Immediately deleted after obfuscation (processed in-memory only)
  • Obfuscated Output: 30 days for download purposes, then permanently deleted
  • Usage Logs: 90 days for security and troubleshooting purposes
  • Payment Records: 7 years for tax and legal compliance (via Stripe)
  • Backup Data: Up to 30 days in encrypted backups, then permanently deleted

You can request deletion of your data at any time by contacting us or deleting your account. Some information may be retained as required by law or for legitimate business purposes.

9. Your Privacy Rights

9.1 All Users

You have the right to:

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and personal data
  • Export: Download your data in a portable format
  • Opt-Out: Unsubscribe from marketing emails

9.2 GDPR Rights (EEA Residents)

If you are in the EEA, you have additional rights:

  • Right to Object: Object to processing based on legitimate interests
  • Right to Restriction: Request limitation of processing
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Withdraw Consent: Withdraw consent for processing at any time
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

9.3 CCPA Rights (California Residents)

If you are a California resident, you have:

  • Right to Know: What personal information we collect and how we use it
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale of personal information (we do not sell your data)
  • Right to Non-Discrimination: Equal service regardless of exercising privacy rights

9.4 How to Exercise Your Rights

To exercise any of these rights, email us at privacy@codevanish.com or use your account settings. We will respond to verified requests within 30 days (45 days for CCPA requests).

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your country.

If you are in the EEA, we ensure that data transfers comply with GDPR requirements through appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions.

11. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us, and we will delete such information.

12. Do Not Track Signals

Some browsers have a "Do Not Track" feature that signals websites you visit that you do not want your online activity tracked. We currently do not respond to Do Not Track signals because there is no standard for how such signals should be interpreted.

13. Third-Party Links

Our Service may contain links to third-party websites (GitHub, Google, Stripe, etc.). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing them with any information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending you an email notification (for material changes)

Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

CODEVANISH Privacy Team

Email: privacy@codevanish.com

Support: support@codevanish.com

Website: https://codevanish.com

For GDPR-related requests: privacy@codevanish.com

For CCPA-related requests: privacy@codevanish.com