Privacy Policy
Effective as of May 22, 2020.
This Privacy Policy describes the privacy practices of Code Climate Inc. and our subsidiaries and affiliates (collectively, "Code Climate", "we", "us", or "our"). This Privacy Policy describes how we collect, use, disclose and otherwise process personal information in connection with our websites, products and services, and explains the rights and choices available to individuals with respect to their information. For convenience, our websites are collectively referred to as the "Sites," and, together with our products and services, collectively referred to as the "Services." This Privacy Policy governs any of the Services on which the Privacy Policy is posted.
Code Climate provides engineering insights and automated code review for enterprise customers and for individual consumers. Code Climate's processing of personal information in connection with the Services is governed by this Privacy Policy. If you are a user of our enterprise customer, our processing of your information is also subject to the terms of our agreement with that customer.
We provide important information for individuals located in Europe below.
Table of Contents
- Personal Information We Collect
- Cookies and Similar Technologies
- How We Use Your Personal Information
- How We Share your Personal Information
- Your Choices
- Security
- Children
- International Transfer
- Other Websites and Services
- Changes to this Privacy Policy
- Contact us
- Notice to European Users
- Notice to California Residents
- Online Tracking Opt-Out Guide
Personal Information We Collect
Information you give us
Personal information that you may provide through the Services or otherwise communicate with us includes:
- Contact data, such as your first name, last name, postal address, email address, telephone number, and organization name;
- Profile data, such as your username, and password, and any additional information we collect from source code repositories as described below;
- Feedback, such as information you provide in your responses to surveys, when you participate in market research activities, report a problem with the Sites, receive customer support or otherwise correspond with us;
- Transaction data, such as details about purchases you make through the Sites, registrations you make through the Sites, and billing details;
- Usage data, such as information about how you use the Sites and interact with us;
- Marketing data, such as your preferences for receiving marketing communications and details about how you engage with them;
Information from Source Code Repositories. Our Services operate, in part, by connecting to your source code repository ("SCR") account (e.g., your GitHub account). When you login to the Services through your SCR account or connect your SCR account to the Services, you authorize us to access, use, and store information that you agreed that the SCR service provider could provide to us based on your SCR account settings and the permissions you grant. We will access, use, and store that information in accordance with this Privacy Policy. You may revoke our access or disconnect your SCR account at any time by following the instructions in the SCR. If you revoke our access or disconnect your SCR account, Code Climate will retain your email address, SCR username, and organization name, unless and until you close your Code Climate account by following the instructions available here (for Quality customers), or contacting our support team online or via email at support-velocity@codeclimate.com (for Velocity customers).
Information automatically collected. We, our service providers, and our business advertising partners may automatically log information about you, your computer or mobile device, and activity occurring on or through the Services. Our service providers and advertising partners may collect this type of information over time and across third-party websites. The information that may be collected automatically includes:
- Device data, such as your computer or mobile device operating system type and version number, manufacturer and model, device identifier (such as the Google Advertising ID or Apple ID for Advertising), browser type, screen resolution, IP address, and general location information such as city, state or geographic area; and
- Online activity data, such as the website you visited before browsing to our website, and information about your use of and actions on the Services, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access.
On our webpages, this information is collected using cookies, browser web storage (also known as locally stored objects, or "LSOs"), web beacons, and similar technologies, and our emails may also contain web beacons. Please refer to the Cookies and Similar Technologies section for more details.
Cookies and Similar Technologies
What are cookies?
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies serve different purposes, like helping us understand how a site is being used, letting you navigate between pages efficiently, remembering your preferences and generally improving your browsing experience.
Our Sites may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them).
We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which we use to recognize your computer or mobile device when it revisits our Sites; and (2) third party cookies, which are served by service providers or business partners on our Sites, and can be used by these parties to recognize your computer or mobile device when it visits other websites. Third party cookies can be used for a variety of purposes, including site analytics, advertising and social media features.
Web beacons
We may also use web beacons (which are also known as pixel tags and clear GIFs) on our Sites and in our HTML formatted emails to track the actions of users on our Sites and interactions with our emails. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages or within HTML formatted emails. Pixel tags are used to demonstrate that a webpage was accessed or that certain content was viewed, typically to measure the success of our marketing campaigns or engagement with our emails and to compile statistics about usage of the Sites, so that we can manage our content more effectively.
Online Advertising and Opting Out
Some of the partners that collect information about users' activities on or through our Sites may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior for purposes of targeted advertising. Please visit our Online Tracking Opt-Out Guide for information about opting out of targeted advertisements, and for information about blocking cookies and similar technologies on our Sites. Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked to in our guide. If you choose to opt-out of targeted advertisements, you will still see advertisements online but they may not be relevant to you. Even if you do choose to opt out, not all companies that serve online behavioral advertising are included on those lists, so you may still receive some cookies and tailored advertisements from companies that are not listed.
Do Not Track Signals
Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not currently respond to do not track signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.
How We Use Your Personal Information
Operations. We use your personal information to:
- provide, operate and improve the Services
- provide information about our products and services
- communicate with you about the Services, including by sending you announcements, updates, security alerts, and support and administrative messages
- understand your needs and interests, and personalize your experience with the Services and our communications
- provide support and maintenance for the Service
- to respond to your requests, questions and feedback
Research and development. We analyze use of the Service to analyze and improve the Service and to develop new products and services, including by studying user demographics and use of the Service.
Marketing. We may send you Code Climate-related marketing communications as permitted by law. You will have the ability to opt-out of our marketing and promotional communications as described in the Opt out of marketing communications section below.
Advertising. We may also work with third party advertising partners who use cookies and similar technologies to deliver targeted advertising that is displayed on unaffiliated websites, to measure the effectiveness of advertising on behalf of our advertising partners, and to identify the audience most likely to respond to an advertisement. These advertisements are delivered by our advertising partners and may be targeted based on your use of the Sites or your activity elsewhere online. We believe that the use of such information is helpful to providing users with better services. However, if you would like to opt-out of these interest-based advertisements, please follow the opt-out process described in our Online Tracking Opt-out Guide.
To comply with law. We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
For compliance, fraud prevention and safety. We use your personal information as we believe necessary or appropriate to (a) enforce the terms and conditions that govern the Services; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
With your consent. In some cases we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.
To create anonymous, aggregated or de-identified data. We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes.
How We Share Your Personal Information
We do not share your personal information with third parties without your consent, except in the following circumstances or as otherwise described in this Privacy Policy:
Corporate Affiliates. We may disclose your personal information to our subsidiaries and corporate affiliates for purposes consistent with this Privacy Policy.
Service providers. We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate the Service (such as customer support, hosting, analytics, email delivery, marketing, and database management services). These third parties may use your personal information only as directed or authorized by us and in a manner consistent with this Privacy Policy, and are prohibited from using or disclosing your information for any other purpose.
Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
Advertising partners. We may enable third-party advertising partners to collect information directly from our Sites for advertising purposes.
Compliance. We may share your personal information to comply with law and for the compliance, fraud prevention and safety purposes described above.
Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.
Your Choices
Access, update, correct or delete your profile information. All Code Climate account holders may review, update, correct or delete the personal information in their registration profile by logging into their Code Climate account and/or updating the information in their linked SCR account.
Cookies and Targeted Advertising. For information on how you can disable or opt out of cookies and targeted advertising, visit our Online Tracking Opt-out Guide. Please note that if you set your browser to disable cookies, the Sites may not work properly.
If you choose to opt-out of targeted advertisements, you will still see advertisements online but they may not be relevant to you. Even if you do choose to opt out, not all companies that serve online behavioral advertising are included in this list, and so you may still receive some cookies and tailored advertisements from companies that are not listed.
Opt out of marketing communications. You may opt out of marketing-related emails by clicking on a link at the bottom of each such email. You may continue to receive service-related and other non-marketing emails.
Choosing not to share your personal information. Where we are required by law to collect your personal information, or where we need your personal information in order to provide the Service to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with our services. We will tell you what information you must provide to receive the Service by designating it as required at the time of collection or through other appropriate means.
Security
The security of your personal information important to us. We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.
Children
Our Sites are not directed to children under 16. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us. We will delete such information from our files as soon as reasonably practicable.
International Transfer
Code Climate is headquartered in the United States and has service providers in other countries, and your personal information may be transferred to and accessed from the United States or other locations outside of your state, province, country or other governmental jurisdiction where privacy laws may not be as protective as those in your jurisdiction.
European Union users should read the important information provided below about transfer of personal information outside of the European Union.
Other Websites and Services
The Sites may contain links to other websites and services. These links are not an endorsement, authorization or representation that we are affiliated with that third party. We do not exercise control over third party websites or services, and are not responsible for their actions. Other websites and services follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies of the other websites you visit and services you use.
Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Sites. We may, and if required by law will, also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner through the Services.
Any modifications to this Privacy Policy will be effective upon our posting the new terms and/or upon implementation of the new changes on the Services (or as otherwise indicated at the time of posting). In all cases, your continued use of the Services after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.
Contact Us
If you have any questions or concerns at all about our Privacy Policy, please feel free to email us at hello@codeclimate.com, or write to us at:
Code Climate Inc. Attn: Privacy Rights 195 Broadway, FL 20 New York, NY 10007
Notice to European Users
The information provided in this "Notice to European Users" section applies only to individuals in Europe.
Personal information. References to "personal information" in this Privacy Policy are equivalent to "personal data" governed by European data protection legislation.
Controller. If you are an individual user of the Services, Code Climate Inc. is the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation. If you are an enterprise user of the Services, Code Climate is the data processor of your personal information, and your employer is the controller of your personal information.
Legal bases for processing
We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this Privacy Policy are described in the table below.
Details regarding each processing purpose and its legal basis listed below are provided in the section above titled "How we use your personal information".
Operations. Processing is necessary to perform the contract governing our provision of the Services or to take steps that you request prior to signing up for the Services. We also process your personal information based on our legitimate interest in providing the Services you access and request.
Research and development. These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Marketing. These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
For compliance, fraud prevention and safety. These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
To create anonymous, aggregated or de-identified data. These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
To comply with law. Processing is necessary to comply with our legal obligations.
With your consent. Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Services.
Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.
Sensitive personal information. We ask that you not provide us with any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services, or otherwise to us.
If you provide us with any sensitive personal information to us when you use the Service, you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal information, you must not submit such sensitive personal information through our Service.
Retention
Generally, we retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.
Your rights
European data protection laws give you certain rights regarding your personal information. If you are an individual user of the Services located within the European Union, you may ask us to take the following actions in relation to your personal information that we hold:
- Access. Provide you with information about our processing of your personal information and give you access to your personal information.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Restrict. Restrict the processing of your personal information.
- Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information.
You can submit these requests by email to hello@codeclimate.com or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us as described above or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
If you are an enterprise user of the Services, your employer is the data controller of your personal information. As the data controller, your employer is responsible for receiving and responding to your requests to exercise any rights afforded to you under applicable data protection law. Code Climate will assist our customers in responding to such requests as set forth in the customer contract.
Cross-Border Data Transfer
Whenever we transfer your personal information out of Europe to a country not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on safeguards that allow us to conduct the transfer in accordance with European data protection laws.
Notice to California Residents
We are required by the California Consumer Privacy Act of 2018 ("CCPA") to provide to California residents an explanation of how we collect, use and share their personal Information, and of the rights and choices we offer California residents regarding our handling of the personal information. This notice does not apply to information related to our business contacts, or to enterprise users of our Services. Code Climate is a service provider under the CCPA in relation to our enterprise Services, and our business customers are responsible for addressing CCPA compliance with respect to enterprise users of our Services.
We do not sell personal information. As we explain in this Privacy Policy, we use cookies and other tracking technologies to analyze website traffic and facilitate advertising. If you would like to opt out of our (and our third party advertising partners') use of cookies and other tracking technologies, please review the instructions provided in the Online Tracking Opt-out Guide.
In addition to the information in our Privacy Policy, the following list further describes our privacy practices with respect to individuals whose information is governed by this notice:
- Contact data, Feedback, Transaction data:
- CCPA-defined categories (click here for details). Identifiers, Online Identifiers, Commercial Information
- Sources of personal information. You
- Purposes for which we may collect and use the personal information. Operations, Research and Development, Marketing
- Data sharing. None
- Profile data:
- CCPA-defined categories (click here for details). Identifiers, Online Identifiers
- Sources of personal information. You, Source Code Repositories
- Purposes for which we may collect and use the personal information. Operations, Research and Development, Marketing
- Data sharing. None
- Usage Data, Marketing Data, Device Data, Online Activity Data:
- CCPA-defined categories (click here for details). Identifiers, Online Identifiers, Inferences, Internet or other network activity information
- Sources of personal information. You, Automatic Collection
- Purposes for which we may collect and use the personal information. Operations, Research and Development, Marketing, Advertising
- Data sharing. Collected directly by advertising partners
Please note that we may also disclose all personal information to corporate affiliates, service providers and professional advisors; for compliance purposes; or in connection with a business transfer. For additional information, visit the "How We Share Your Personal Information" section of our Privacy Policy.
California Residents' Privacy Rights
Except as excluded from the scope of this notice above, the CCPA grants California residents the following rights.
- Information. You can request information about how we have collected, used and shared and used your personal information during the past 12 months. We have made this this information available to California residents without having to request it by including it in this notice, in the above chart.
- Access. You can request a copy of the personal information that we maintain about you.
- Deletion. You can ask us to delete the personal information that we maintain about you.
Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you.
You are entitled to exercise the rights described above free from discrimination.
How to Submit a Request
To request access to or deletion of personal information:
- Email: hello@codeclimate.com
- Visit: Contact us
Identity verification. The CCPA requires us to verify the identity of the individual submitting a request to access or delete personal information before providing a substantive response to the request. We may attempt to verify your identify by asking you to confirm information that we have on file about you or your interactions with us, or by asking you to submit the request through your Code Climate account. Where we ask for additional personal information to verify your identity, we will only use it to verify your identity or your authority to make the request on behalf of another consumer.
Authorized agents. California residents can empower an "authorized agent" to submit requests on their behalf. We will require the authorized agent to have written authorization confirming such authority.
Glossary
Below a list of statutory categories and the data element within each category:
- Commercial Information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Identifiers. Real name, alias, postal address, unique personal identifier, customer number, email address, account name, social security number, driver's license number, passport number, or other similar identifiers.
- Inferences. The derivation of information, data, assumptions, or conclusions from any other category of Personal Information to create a profile about a person reflecting the person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.
- Internet or Network Information. Browsing history, search history, and information regarding a person's interaction with an Internet website, application, or advertisement.
- Online Identifiers. An online identifier or other persistent identifier that can be used to recognize a person, family or device, over time and across different services, including but not limited to, a device identifier; an Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers (i.e., the identification of a person or a device to a degree of certainty of more probable than not) that can be used to identify a particular person or device.
Online Tracking Opt-Out Guide
Like many companies online, we may use services provided by Google, Facebook and other companies that use tracking technology. These services rely on tracking technologies – such as cookies and web beacons – to collect directly from your device information about your browsing activities, your interactions with websites, and the device you are using to connect to the Internet. There are a number of ways to opt out of having your online activity and device data collected through these services, which we have summarized below:
- Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org. In addition, we use Google Analytics for analytics purposes. You can find out more information about Google Analytics cookies here and about how Google protects your data here. You can prevent the use of Google Analytics relating to your use of our Sites by downloading and installing a browser plugin available here.
- Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
- Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery or uBlock Origin, and configuring them to block third party cookies/trackers.
- Platform opt-outs. The following advertising partners offer opt-out features that let you opt-out of use of your information for interest-based advertising:
- Google: https://adssettings.google.com
- Twitter: https://twitter.com/settings/a...
- FullStory: https://www.fullstory.com/optout/
- Advertising industry opt-out tools. You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:
- Digital advertising Alliance: http://optout.aboutads.info
- Network Advertising Initiative: http://optout.networkadvertising.org/?c=1
Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt-out on every browser and device that you use.