CodeFactor Security

We take security very seriously and welcome any feedback or reporting of security issues. Responsible disclosure is always appreciated. This page describes select measures we employ to ensure your code is safe.

If you have any questions, please don't hesitate to email us at security@codefactor.io.

File systems and communication

All access to the CodeFactor website as well as source code retrieval for GitHub and Bitbucket is restricted to HTTPS encrypted connections.

CodeFactor never collects or stores passwords for external applications like GitHub, Bitbucket, Google, etc. Integration with third-party apps is done via either OAuth or API keys.

Repository data is stored on CodeFactor's production servers until deleted by the user. This can be done at anytime by deleting an individual repository or by deleting the account that owns a repository. We do not retroactively delete data from our backups, as we may need to restore data if it was removed accidentally.

Server location

All servers are hosted on Microsoft Azure within the region of United States.

Employee access

No CodeFactor staff will access private source code unless required for support reasons. In cases where staff must access source code in order to perform support, we will get your explicit consent each time, except when responding to a critical security issue or suspected abuse.

When working a support issue we do our best to respect your privacy as much as possible, we only access the minimum files and settings needed to resolve your issue. Staff does not have direct access to clone your repository.

Credit card safety

When you purchase a paid CodeFactor subscription, your credit card data is not transmitted through nor stored on our systems. Instead, we depend on 3rd party company - Stripe - to perform this task. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available. Stripe's security information is available online.

Reporting a security concern

Your input and feedback on our security as well as responsible disclosure is always appreciated. If you've discovered a security concern, please email us at security@codefactor.io. We'll work with you to make sure we understand the issue and address it. We consider security correspondence and vulnerabilities our highest priorities and will work to address any issues that arise ASAP.

Please act in good faith towards our users' privacy and data during this process. White hat researchers are always appreciated and we won't take legal action against you if act accordingly.

For sensitive communications, you may use the following PGP public key to encrypt your message:

796010BEAB0A981ED98485B40B1D04B57DE53C06
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2

mQENBFWnXRcBCADqjRQS+I1kcwZjR5ew2ogKBAy9WWBR84fJAMCpNWgSlcMLQmqi
74nMoAawlQPZ1doA8/cK3bJR0uSVdpqAdf4BCyKbXImUtRgEKR/vcvvBElIEEXZg
H4aTYKYzFYx3Jieq0dI6NliWzDOLKSIzQOxofBPHb2tcPNuwZ/GJKfwwExZAb0Rd
szFnfjRlb9EHTw/0AP2ZeHADhwbZ/2q8ag1QxqIJPgmXCyT+f6Z3vGOAHrfSGZ3f
EMdoarYIEHjtvxH75AGUH7P8bZvQ64TxFPaxuF/7MDRk5Tui/tdLo9dcTGxNHA6f
jN9km089pRDT3ziWZwsyVTn4HVtzUjmHowWXABEBAAG0LENvZGVmYWN0b3IgU2Vj
dXJpdHkgPHNlY3VyaXR5QGNvZGVmYWN0b3IuaW8+iQE5BBMBCAAjBQJVp10XAhsD
BwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQCx0EtX3lPAY/bQf/QMFFijCo
gKJvVwnHU1wpeaJfk/ZnYSpAHktdvq9MJ+1eEYYnRV5T8b3Y+LxOiCzENLVW/SfL
tocabOgL2Lsb2MDhHuqynE/ezsNn/acaNlcOCQFKY+QgDHvNCZvEI9B3r+UzD5kl
sesAnaoB5odpXpRp10CPAyp0giCcfpTjc3itHxkbMyp7J0PSbGJMQfFRdV4/XJsW
bMst7u7D3afPg1mx1skKHo+l5xZotWCgWWopTlBJrQQ/Ug3oOJN/5nj26Z4w8N6t
07eHmDeU3zTZCPVX1TK39qWteWOdaS8HqIUNf/OKUuVt/UM/uipDUtnEImMGH17Q
GbD+t7cxSbT6OLkBDQRVp10XAQgAvQQf82Rmx4WtXuOcDd4A5zkQ+kjot/w0AyPA
xNpAgYroCKcfW3+1ODrRBNomQl9SGzi8glTr+X1BLC5wdeJ6x9D8i9iKkwLMvNvK
EMPiuu5VwYVaQSVT0uqo7evfyWFZFqMj7Keutxs3l4GHK7AWzpSSl4V8tL8m7XbW
mjx5NLGsNxUYM2k6rhC/t00GsGk639iK5gom3ujj38eugsoCQ6RL1tZB8keWX5DR
lkWXRdoOHOKaodTxP5229O2YcVMyw3HjMB8qaf9fBtnzDI/ftiqF8GuwCt3cdcn9
BVxohuvMVHvq2i7zFRproBT3Nk63q4dwqXEQA2vOR0QM2VbM5QARAQABiQEfBBgB
CAAJBQJVp10XAhsMAAoJEAsdBLV95TwGvqUIAOCtCNPCS/DZ9jpTY0x2G/mdxP4m
Ocl+ZdZSqsTIjtOfrBdZd2AdQLJTs0C4OxE1eQH6sSOA+u7H+Rvxlecm2K69dqJk
4gOdxrUDKS/ZrKf6eLpKMtbsGp++gryr79dEWFRW9QZhYNmYdahzmvPZXb60dgv7
0xxQq4U34fVyeFsEGUTTxKbMIWiftVqlS8yyYwhA7PY26sVdQdMyoHnoKoj7htRd
ztAv1hP2NTr8ytDWO647LHJCwHqJqfucPUXygFmMj7WSyRslAOSExQqeIO9FVqsu
S+sXWnjwNWglPhOmiX7dGkhdxV3wPAg2jx5HUF18zLNvhAPacXUZ1oXtuWc=
=V0MP
-----END PGP PUBLIC KEY BLOCK-----