100% free for Open Source, forever. Get another set of eyes on your code.

Privacy Policy

Effective as of May 22, 2020.

This Privacy Policy describes the privacy practices of Code Climate Inc. and our subsidiaries and affiliates (collectively, "Code Climate", "we", "us", or "our"). This Privacy Policy describes how we collect, use, disclose and otherwise process personal information in connection with our websites, products and services, and explains the rights and choices available to individuals with respect to their information. For convenience, our websites are collectively referred to as the "Sites," and, together with our products and services, collectively referred to as the "Services." This Privacy Policy governs any of the Services on which the Privacy Policy is posted.

Code Climate provides engineering insights and automated code review for enterprise customers and for individual consumers. Code Climate's processing of personal information in connection with the Services is governed by this Privacy Policy. If you are a user of our enterprise customer, our processing of your information is also subject to the terms of our agreement with that customer.

We provide important information for individuals located in Europe below.

Table of Contents

Personal Information We Collect

Information you give us

Personal information that you may provide through the Services or otherwise communicate with us includes:

Information from Source Code Repositories. Our Services operate, in part, by connecting to your source code repository ("SCR") account (e.g., your GitHub account). When you login to the Services through your SCR account or connect your SCR account to the Services, you authorize us to access, use, and store information that you agreed that the SCR service provider could provide to us based on your SCR account settings and the permissions you grant. We will access, use, and store that information in accordance with this Privacy Policy. You may revoke our access or disconnect your SCR account at any time by following the instructions in the SCR. If you revoke our access or disconnect your SCR account, Code Climate will retain your email address, SCR username, and organization name, unless and until you close your Code Climate account by following the instructions available here (for Quality customers), or contacting our support team online or via email at hello@codeclimate.com (for Velocity customers).

Information automatically collected. We, our service providers, and our business advertising partners may automatically log information about you, your computer or mobile device, and activity occurring on or through the Services. Our service providers and advertising partners may collect this type of information over time and across third-party websites. The information that may be collected automatically includes:

On our webpages, this information is collected using cookies, browser web storage (also known as locally stored objects, or "LSOs"), web beacons, and similar technologies, and our emails may also contain web beacons. Please refer to the Cookies and Similar Technologies section for more details.

Cookies and Similar Technologies

What are cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies serve different purposes, like helping us understand how a site is being used, letting you navigate between pages efficiently, remembering your preferences and generally improving your browsing experience.

Our Sites may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them).

We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which we use to recognize your computer or mobile device when it revisits our Sites; and (2) third party cookies, which are served by service providers or business partners on our Sites, and can be used by these parties to recognize your computer or mobile device when it visits other websites. Third party cookies can be used for a variety of purposes, including site analytics, advertising and social media features.

Web beacons

We may also use web beacons (which are also known as pixel tags and clear GIFs) on our Sites and in our HTML formatted emails to track the actions of users on our Sites and interactions with our emails. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages or within HTML formatted emails. Pixel tags are used to demonstrate that a webpage was accessed or that certain content was viewed, typically to measure the success of our marketing campaigns or engagement with our emails and to compile statistics about usage of the Sites, so that we can manage our content more effectively.

Online Advertising and Opting Out

Some of the partners that collect information about users' activities on or through our Sites may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior for purposes of targeted advertising. Please visit our Online Tracking Opt-Out Guide for information about opting out of targeted advertisements, and for information about blocking cookies and similar technologies on our Sites. Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked to in our guide. If you choose to opt-out of targeted advertisements, you will still see advertisements online but they may not be relevant to you. Even if you do choose to opt out, not all companies that serve online behavioral advertising are included on those lists, so you may still receive some cookies and tailored advertisements from companies that are not listed.

Do Not Track Signals

Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not currently respond to do not track signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.

How We Use Your Personal Information

Operations. We use your personal information to:

Research and development. We analyze use of the Service to analyze and improve the Service and to develop new products and services, including by studying user demographics and use of the Service.

Marketing. We may send you Code Climate-related marketing communications as permitted by law. You will have the ability to opt-out of our marketing and promotional communications as described in the Opt out of marketing communications section below.

Advertising. We may also work with third party advertising partners who use cookies and similar technologies to deliver targeted advertising that is displayed on unaffiliated websites, to measure the effectiveness of advertising on behalf of our advertising partners, and to identify the audience most likely to respond to an advertisement. These advertisements are delivered by our advertising partners and may be targeted based on your use of the Sites or your activity elsewhere online. We believe that the use of such information is helpful to providing users with better services. However, if you would like to opt-out of these interest-based advertisements, please follow the opt-out process described in our Online Tracking Opt-out Guide.

To comply with law. We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.

For compliance, fraud prevention and safety. We use your personal information as we believe necessary or appropriate to (a) enforce the terms and conditions that govern the Services; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

With your consent. In some cases we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.

To create anonymous, aggregated or de-identified data. We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes.

How We Share Your Personal Information

We do not share your personal information with third parties without your consent, except in the following circumstances or as otherwise described in this Privacy Policy:

Corporate Affiliates. We may disclose your personal information to our subsidiaries and corporate affiliates for purposes consistent with this Privacy Policy.

Service providers. We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate the Service (such as customer support, hosting, analytics, email delivery, marketing, and database management services). These third parties may use your personal information only as directed or authorized by us and in a manner consistent with this Privacy Policy, and are prohibited from using or disclosing your information for any other purpose.

Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

Advertising partners. We may enable third-party advertising partners to collect information directly from our Sites for advertising purposes.

Compliance. We may share your personal information to comply with law and for the compliance, fraud prevention and safety purposes described above.

Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

Your Choices

Access, update, correct or delete your profile information. All Code Climate account holders may review, update, correct or delete the personal information in their registration profile by logging into their Code Climate account and/or updating the information in their linked SCR account.

Cookies and Targeted Advertising. For information on how you can disable or opt out of cookies and targeted advertising, visit our Online Tracking Opt-out Guide. Please note that if you set your browser to disable cookies, the Sites may not work properly.

If you choose to opt-out of targeted advertisements, you will still see advertisements online but they may not be relevant to you. Even if you do choose to opt out, not all companies that serve online behavioral advertising are included in this list, and so you may still receive some cookies and tailored advertisements from companies that are not listed.

Opt out of marketing communications. You may opt out of marketing-related emails by clicking on a link at the bottom of each such email. You may continue to receive service-related and other non-marketing emails.

Choosing not to share your personal information. Where we are required by law to collect your personal information, or where we need your personal information in order to provide the Service to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with our services. We will tell you what information you must provide to receive the Service by designating it as required at the time of collection or through other appropriate means.

Security

The security of your personal information important to us. We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

Children

Our Sites are not directed to children under 16. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us. We will delete such information from our files as soon as reasonably practicable.

International Transfer

Code Climate is headquartered in the United States and has service providers in other countries, and your personal information may be transferred to and accessed from the United States or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction.

European Union users should read the important information provided below about transfer of personal information outside of the European Union.

Other Websites and Services

The Sites may contain links to other websites and services. These links are not an endorsement, authorization or representation that we are affiliated with that third party. We do not exercise control over third party websites or services, and are not responsible for their actions. Other websites and services follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies of the other websites you visit and services you use.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Sites. We may, and if required by law will, also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner through the Services.

Any modifications to this Privacy Policy will be effective upon our posting the new terms and/or upon implementation of the new changes on the Services (or as otherwise indicated at the time of posting). In all cases, your continued use of the Services after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.

Contact Us

If you have any questions or concerns at all about our Privacy Policy, please feel free to email us at hello@codeclimate.com, or write to us at:

Code Climate Inc.

Attn: Privacy Rights

155 W. 23rd Street, 5th Floor

New York, NY 10011

Notice to European Users

The information provided in this "Notice to European Users" section applies only to individuals in Europe.

Personal information. References to "personal information" in this Privacy Policy are equivalent to "personal data" governed by European data protection legislation.

Controller. If you are an individual user of the Services, Code Climate Inc. is the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation. If you are an enterprise user of the Services, Code Climate is the data processor of your personal information, and your employer is the controller of your personal information.

Legal bases for processing

We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this Privacy Policy are described in the table below.

Details regarding each processing purpose and its legal basis listed below are provided in the section above titled "How we use your personal information".

Operations. Processing is necessary to perform the contract governing our provision of the Services or to take steps that you request prior to signing up for the Services. We also process your personal information based on our legitimate interest in providing the Services you access and request.

Research and development. These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Marketing. These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

For compliance, fraud prevention and safety. These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

To create anonymous, aggregated or de-identified data. These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

To comply with law. Processing is necessary to comply with our legal obligations.

With your consent. Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Services.

Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Sensitive personal information. We ask that you not provide us with any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services, or otherwise to us.

If you provide us with any sensitive personal information to us when you use the Service, you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal information, you must not submit such sensitive personal information through our Service.

Retention

Generally, we retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.

Your rights

European data protection laws give you certain rights regarding your personal information. If you are an individual user of the Services located within the European Union, you may ask us to take the following actions in relation to your personal information that we hold:

You can submit these requests by email to hello@codeclimate.com or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us as described above or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.

If you are an enterprise user of the Services, your employer is the data controller of your personal information. As the data controller, your employer is responsible for receiving and responding to your requests to exercise any rights afforded to you under applicable data protection law. Code Climate will assist our customers in responding to such requests as set forth in the customer contract.

Cross-Border Data Transfer

Whenever we transfer your personal information out of Europe to a country not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on safeguards that allow us to conduct the transfer in accordance with European data protection laws.

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield

Code Climate complies with the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Code Climate has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Code Climate may transfer your personal information to third parties as described in this Privacy Policy. Code Climate maintains contracts with its third-party service providers restricting their access, use and disclosure of personal information in compliance with our Privacy Shield obligations. Code Climate may be liable if these third parties fail to meet those obligations and we are responsible for the event giving rise to the damage.

In compliance with the Privacy Shield Principles, Code Climate commits to resolve complaints about our collection or use of your personal information. European Union and Swiss individuals with inquiries or complaints regarding our Privacy Policy should first contact Code Climate at hello@codeclimate.com. Code Climate has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. If neither Code Climate nor JAMS resolves your complaint, you may have the ability to engage in binding arbitration through the Privacy Shield Panel. Additional information on the arbitration process is available on the Privacy Shield website at www.privacyshield.gov.

Code Climate may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. The Federal Trade Commission has jurisdiction over Code Climate’s compliance with the Privacy Shield. Code Climate’s commitments under the Privacy Principles are subject to the investigatory and enforcement powers of the Federal Trade Commission.

Notice to California Residents

We are required by the California Consumer Privacy Act of 2018 ("CCPA") to provide to California residents an explanation of how we collect, use and share their personal Information, and of the rights and choices we offer California residents regarding our handling of the personal information. This notice does not apply to information related to our business contacts, or to enterprise users of our Services. Code Climate is a service provider under the CCPA in relation to our enterprise Services, and our business customers are responsible for addressing CCPA compliance with respect to enterprise users of our Services.

We do not sell personal information. As we explain in this Privacy Policy, we use cookies and other tracking technologies to analyze website traffic and facilitate advertising. If you would like to opt out of our (and our third party advertising partners') use of cookies and other tracking technologies, please review the instructions provided in the Online Tracking Opt-out Guide.

In addition to the information in our Privacy Policy, the following list further describes our privacy practices with respect to individuals whose information is governed by this notice:

Please note that we may also disclose all personal information to corporate affiliates, service providers and professional advisors; for compliance purposes; or in connection with a business transfer. For additional information, visit the "How We Share Your Personal Information" section of our Privacy Policy.

California Residents' Privacy Rights

Except as excluded from the scope of this notice above, the CCPA grants California residents the following rights.

Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you.

You are entitled to exercise the rights described above free from discrimination.

How to Submit a Request

To request access to or deletion of personal information:

Identity verification. The CCPA requires us to verify the identity of the individual submitting a request to access or delete personal information before providing a substantive response to the request. We may attempt to verify your identify by asking you to confirm information that we have on file about you or your interactions with us, or by asking you to submit the request through your Code Climate account. Where we ask for additional personal information to verify your identity, we will only use it to verify your identity or your authority to make the request on behalf of another consumer.

Authorized agents. California residents can empower an "authorized agent" to submit requests on their behalf. We will require the authorized agent to have written authorization confirming such authority.

Glossary

Below a list of statutory categories and the data element within each category:

Online Tracking Opt-Out Guide

Like many companies online, we may use services provided by Google, Facebook and other companies that use tracking technology. These services rely on tracking technologies – such as cookies and web beacons – to collect directly from your device information about your browsing activities, your interactions with websites, and the device you are using to connect to the Internet. There are a number of ways to opt out of having your online activity and device data collected through these services, which we have summarized below:

Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt-out on every browser and device that you use.