We take security very seriously and welcome any feedback or reporting of security issues. Responsible disclosure is always appreciated. This page describes select measures we employ to ensure your code is safe.
If you have any questions, please don't hesitate to email us at email@example.com.
File systems and communication
All access to the CodeFactor website as well as source code retrieval for GitHub and Bitbucket is restricted to HTTPS encrypted connections.
CodeFactor never collects or stores passwords for external applications like GitHub, Bitbucket, Google, etc. Integration with third-party apps is done via either OAuth or API keys.
Repository data is stored on CodeFactor's production servers until deleted by the user. This can be done at anytime by deleting an individual repository or by deleting the account that owns a repository. We do not retroactively delete data from our backups, as we may need to restore data if it was removed accidentally.
All servers are hosted on Microsoft Azure within the region of United States.
No CodeFactor staff will access private source code unless required for support reasons. In cases where staff must access source code in order to perform support, we will get your explicit consent each time, except when responding to a critical security issue or suspected abuse.
When working a support issue we do our best to respect your privacy as much as possible, we only access the minimum files and settings needed to resolve your issue. Staff does not have direct access to clone your repository.
Credit card safety
When you purchase a paid CodeFactor subscription, your credit card data is not transmitted through nor stored on our systems. Instead, we depend on 3rd party company - Stripe - to perform this task. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available. Stripe's security information is available online.
Reporting a security concern
Your input and feedback on our security as well as responsible disclosure is always appreciated. If you've discovered a security concern, please email us at firstname.lastname@example.org. We'll work with you to make sure we understand the issue and address it. We consider security correspondence and vulnerabilities our highest priorities and will work to address any issues that arise ASAP.
Please act in good faith towards our users' privacy and data during this process. White hat researchers are always appreciated and we won't take legal action against you if act accordingly.
For sensitive communications, you may use the following PGP public key to encrypt your message:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2
-----END PGP PUBLIC KEY BLOCK-----