Skip to main content
CodeRocket

CodeRocket legal

Privacy policy

This policy explains what CodeRocket needs to run website checks, protect accounts, provide fix guidance, and manage subscriptions.

Last updated: July 17, 2026

1. Who is responsible

The operator of CodeRocket is responsible for personal data processed through coderocket.app. Privacy requests can be sent to contact@coderocket.app.

2. Data we process

  • Account identity, email address, authentication provider, and profile preferences.
  • Website names, URLs, selected pages, access mode, and project settings.
  • Check results, technical evidence, rule identifiers, history, and shared reports.
  • AI requests, generated fix guidance, model metadata, and usage records.
  • Plan, Stripe customer and subscription identifiers, invoices, and payment status.
  • Security, delivery, error, support, and operational logs.
  • Optional analytics data, such as visited pages, navigation events, browser and device information, and approximate location, only after consent.

CodeRocket does not ask for payment card details directly. Stripe collects and processes payment information on its hosted pages.

3. Why we use it

We use this data to provide and secure the service, run requested and scheduled checks, compare results, send important alerts, answer support requests, prevent abuse, administer subscriptions, and comply with legal obligations. Where consent is required, it can be withdrawn without affecting earlier lawful processing.

4. Website content and AI guidance

Public checks retrieve only configured HTTPS pages and save the evidence needed to explain a result. When a user explicitly requests an AI explanation, bounded finding evidence and the relevant rule context are sent to the configured AI provider. Common credential patterns are removed first. Passwords, CI access tokens, cookies, and secret headers must not be included in support or AI requests.

5. Service providers

CodeRocket relies on service providers for hosting and networking, Supabase authentication and database services, Stripe billing, OpenAI-powered fix guidance, Google Analytics where consent is given, and transactional email. They process data only for the service they provide and under their own security and privacy commitments. International transfers may occur with appropriate contractual safeguards.

6. Retention

Website check history follows the active plan: normally 30 days on Free, 90 days on Personal, and 365 days on Agency. Account, billing, security, and legal records may be kept longer when required for fraud prevention, dispute handling, tax, or legal compliance. Revoked share links stop providing access immediately.

7. Security

CodeRocket uses tenant isolation, row-level database policies, encrypted HTTPS transport, hashed access tokens, signed billing webhooks, restricted service credentials, and safe URL validation. No internet service can guarantee absolute security, so suspected incidents should be reported promptly.

8. Your choices and rights

Depending on applicable law, you may request access, correction, deletion, restriction, portability, or objection. You may also withdraw consent and complain to the competent data protection authority. Optional analytics can be turned off at any time from Cookie settings. We may need to verify other requests before acting on them.

9. Changes

Material changes will be reflected on this page with a new update date. If a change materially affects existing account data, CodeRocket may also notify account holders by email or inside the product.