Privacy Policy

Last updated: February 2026

1. Information we collect

When you use SpringCode, we collect information you provide directly: your name, email address, and any project details you share when requesting a service or purchasing a product.

Account creation: You can create an account using email and password, Google sign-in, or GitHub sign-in. When you sign in with Google, we receive your name, email address, and profile picture. When you sign in with GitHub, we receive your username, email address, and an access token to read repositories you explicitly authorize for audits.

Cookies and session data: We use HttpOnly session cookies for authentication (access tokens and refresh tokens) and CSRF tokens for security. We do not use third-party tracking cookies or advertising pixels.

2. How we use your information

  • Service delivery: To perform code audits, security scans, and development services you request.
  • Communication: To respond to your inquiries, send audit reports, and provide project updates.
  • Improvement: To improve our products, services, and website based on usage patterns.
  • Security: To protect against fraud, abuse, and unauthorized access.

3. Code and repository access

When you authorize GitHub access for a code audit, we clone your repository to perform the analysis. Your code is analyzed by a combination of AI tools (Anthropic Claude) and human expert review. The cloned repository is deleted after the audit is complete - we do not permanently store your source code.

Audit reports contain findings, recommendations, and short code snippets to illustrate specific issues, but not your full proprietary codebase. You can revoke our GitHub access at any time through your GitHub settings.

4. Data sharing

We do not sell your personal information. We share data only with service providers necessary to operate our business:

  • Stripe - payment processing. Card details are handled entirely by Stripe and never touch our servers.
  • Supabase - database hosting and data storage.
  • Render - application hosting and infrastructure.
  • Anthropic (Claude) - AI-powered code analysis. Your code is sent to Anthropic's API during audits to generate findings.
  • GitHub - OAuth authentication and repository access for audits.
  • Google - OAuth authentication.
  • Resend - transactional email delivery (audit reports, account notifications, payment receipts).
  • Cal.com - appointment scheduling for consultations.

Each provider is bound by their own privacy policies and data processing agreements.

5. Data retention

We retain your account information for as long as your account is active. Audit reports are retained for 12 months to allow re-access. You can request deletion of your data at any time by contacting us at admin@silexdev.com.

6. Security

We use industry-standard security measures to protect your data, including HTTPS encryption, HttpOnly session cookies, CSRF protection, encrypted storage of OAuth tokens, and bcrypt-hashed passwords. All payment information is processed by Stripe and never touches our servers.

7. Your rights

You have the right to access, correct, or delete your personal information. You can also request a copy of the data we hold about you. To exercise any of these rights, email admin@silexdev.com.

8. Changes to this policy

We may update this privacy policy from time to time. We will notify you of any material changes by updating the date at the top of this page.

9. Contact us

If you have questions about this privacy policy or how we handle your data, contact us at admin@silexdev.com.

← Back to home