Privacy Notice

Efective Date: March 29th, 2024
Version 1.0

CodeDefender (“CodeDefender”, “we” or “us”) respects your privacy. This Privacy Notice (this “Notice”) describes how we process Personal Data (as defined below) we gather through our website at (“Website”), when you interact with CodeDefender (including by downloading and using the CodeDefender Visual Studio 2022, Visual Studio Code extensions), or when you access the CodeDefender platform that we make available (“Platform”) (together, the “Services”). It also tells you about your rights and choices with respect to your Personal Data, and how you can contact us if you have any queries or concerns.

In addition to the activities described in this Notice, we may process Personal Data on behalf of our commercial customers when they use the Services. We may process such Personal Data as a data processor of our commercial customers, which are the entities responsible for the data processing. To understand how a commercial customer processes your Personal Data, please refer to that customer's privacy policy.

1. Personal Data We Collect

In this Notice, “Personal Data” means any information relating to an identified or identifiable natural person. We may collect and process Personal Data about you in the ways outlined below. Where applicable, we indicate whether and why you must provide us with your Personal Data, as well as the consequences of failing to do so. If you do not provide Personal Data when requested, you may not be able to benefit from our Services if that information is necessary to provide you with them or if we are legally required to collect it.

Information provided by you

- When an account is created. If you register for a CodeDefender account, we may ask you to provide us with Personal Data such as your name and contact details (including email address), a chosen username and the company you work for (if applicable). It is possible to download and use CodeDefender extensions without logging in.
- When you sign up for paid services. If you choose to pay for CodeDefender’s services, we will collect Personal Data that we require for billing and compliance purposes, which may include your address, tax details and the details of the transactions you enter into with us.
When you access our Platform. If you engage with our Platform, you may provide us with Personal Data.
- When you contact us. If you contact us using a contact form, via email, or by other means, you may provide us with Personal Data, such as your name and contact details (including email address), the company you work for, and the content, date and time of our communications.

Information collected via automated means

Cookies and similar technologies. We use cookies and similar technologies (collectively “cookies”) to ensure that our Services function properly, to improve our products and services and to assist with marketing campaigns. Cookies are small text files containing a string of alphanumeric characters. We and third-party partners collect information using cookies, pixel tags, or similar technologies. We and third-party service providers may use the following cookies:
- Functional cookies. Some cookies are strictly necessary to make our Services available to you. For example, to provide login functionality or to allow you to fill out forms. We cannot provide you with the Services without this type of cookie.
- Analytics cookies. We use cookies for website analytics purposes in order to operate, maintain and improve our Services, and to track whether you open emails that we send to you. We work with third parties such as Hotjar, Mixpanel and Brevo for these purposes. This includes Google Analytics, as explained in more detail in Section 4.
- Advertising cookies. We may work with third party advertising partners to show you ads that we think may interest you. These advertising partners may set and access their own cookies on our Services and they may otherwise collect or have access to information about you which they may collect over time and across different online services.
- The information collected via such cookies may include information such as your IP address, Visual Studio Code User ID, device ID, advertising ID, clicks, URLs visited and other interactions, inferred location data, and advertising interactions.
- Usage metrics. We collect certain information about the usage of CodeDefender, including the number of prompts created, the time spent using CodeDefender, and the number of tokens exchanged.

Information collected from other sources

Information from third parties. We may obtain Personal Data about you from third parties including Google, Github and Microsoft if you choose to sign in using their services. The information we receive from these third parties may include your name, nickname, email address, language preferences, address and profile picture. We may obtain Personal Data from third parties including providers of Large Language Models (“LLMs”) if you choose to connect with them through the Services.

2. How We Use Personal Data

We process the Personal Data listed above for the following purposes:

- Providing the Services. We use Personal Data about you to operate, maintain, and provide our Services, such as by building your profile, setting your language and allowing you to log in.
Communicating with you. We may use your contact details to contact you for administrative purposes (e.g., to provide services and information that you request) or to assist with customer support.
- Analytics and product development and improvement. We use Personal Data about you to analyze usage trends and preferences to improve our Services and marketing campaigns, as well as to develop and improve products, services, features, and functionalities.
- Billing. We may process Personal Data, such as details about your purchases and your tax ID, for billing purposes.
- Marketing. We may use your Personal Data to provide you with relevant marketing materials.
- Legal. We may use your Personal Data to enforce this Notice, our Terms of Service, to defend our legal rights and to comply with our legal obligations and internal policies.

3. Our Legal Basis for Processing Personal Data

If you are located in the European Economic Area, Switzerland or the United Kingdom (“Europe”), we only process your Personal Data where we have a legal basis to do so. The legal bases we rely on include:

- Necessary to perform a contract. We will process your Personal Data where it is necessary to give effect to a contract between you and us, for example when you subscribe to our services, or otherwise accept our Terms of Service.
- Necessary for compliance with a legal obligation to which we are subject. We may process your Personal Data where we are required to do so to comply with our legal obligations, for example to comply with tax and accounting obligations or to comply with a search warrant or court order.
- Necessary for a legitimate interest that we pursue. Where we or a third party have a legitimate interest in processing your Personal Data, we may do so provided that our interest is not overridden by your rights and interests. We may rely on this legal basis to, for example, keep business records, respond to unsolicited communications from you, assert our legal rights and obtain professional advice.
- Consent. We may also process your Personal Data on the basis of consent in some circumstances. For example, we may ask you to consent to our use of cookies and similar technologies or to sign up to direct marketing. You may withdraw your consent at any time by contacting us.

4. How We Share Your Personal Data

We may share your Personal Data with third parties in the following circumstances:

- Service providers. We work with third party service providers to operate our Services, including for billing, payment processing, invoicing and tax calculation, analyzing data, providing IT-hosting and maintenance, and other services. These third parties may have access to or process your Personal Data as part of providing those services to us.
- Partners. We may share Personal Data with partners such as LLMs to connect with them for the purposes of using the Services.
- Analytics Partners. We use analytics services such as Google Analytics to collect and process certain analytics data. You can learn more about Google’s practices by visiting, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at
- Legal. We may disclose your Personal Data to third parties if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies. We also reserve the right to disclose your Personal Data that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of our Services and any facilities or equipment used to make our Services available, or (v) protect our property or other legal rights, including to enforce our agreements, or the rights, property, or safety of others.
- Merger or corporate event. We may disclose or otherwise transfer Personal Data to an acquirer, investor, successor or assignee as part of any merger, acquisition, debt financing, investment, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
- Consent. We may also disclose your Personal Data with your permission.

5. Data Retention

We take measures to delete your Personal Data or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we need to retain certain information as required by law, including to comply with tax requirements, or for as long as is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse or enforce our terms and conditions. When determining the specific retention period, we take into account various criteria, such as the type of service provided to you, the nature and length of our relationship with you, and mandatory retention periods provided by law and the relevant statute of limitations. We will retain information associated with your CodeDefender account for twelve months after you cease to be an active user of the Services (unless applicable laws require us to retain this data for a longer period).

6. Your Rights in Relation to Your Personal Data

You can update your account and profile information through your profile settings.

Depending on where you reside, you may also have the following legal rights:

- Access and Portability. You may ask us to provide you with a copy of the Personal Data we maintain about you, including a machine-readable copy of the Personal Data that you have provided to us, and request information about its processing.
- Rectification and Deletion. You may ask us to update and correct inaccuracies in your Personal Data, or to have the information anonymized or deleted, as appropriate.
Restriction and Objection. You may ask us to restrict the processing of your Personal Data, or object to such processing.
- Consent Withdrawal. You may withdraw any consent you previously provided to us regarding the processing of your Personal Data, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdrew your consent.
- Complaint. You may lodge a complaint with a supervisory authority, including in your country of residence, place of work, or where an incident took place. We would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance.

You may exercise these rights by contacting us using the contact details at the end of this Notice. Please note that there are exceptions and limitations to each of these rights.

7. Third Parties

Our Services may contain links to other websites, products, or services that we do not own or operate. We are not responsible for the privacy practices of these third parties. Please be aware that this Notice does not apply to your activities on these third-party services or any information you disclose to these third parties. We encourage you to read their privacy policies before providing any information to them.

8. Security

We make reasonable efforts to protect your Personal Data by using physical and electronic safeguards designed to improve the security of the information we maintain. However, because no electronic transmission or storage of information can be entirely secure, we can make no guarantees as to the security or privacy of your information, to the extent permitted by applicable law.

9. Children’s Privacy

We do not knowingly collect, maintain, or use Personal Data from children under 13 years of age, and no part of our Services are directed to children. If you learn that a child has provided us with Personal Data in violation of this Notice, then you may alert us by contacting us using the contact details at the end of this Notice.

10. Cross-Border Data Transfers

We may use outsourced services in countries outside Europe from time to time in order to support our business. If we need to transfer your Personal Data to a country outside of Europe where the level of protection of Personal Data may be different than in your country, we will comply with applicable data protection laws. In particular we will rely on (i) an EU Commission, UK or Swiss government adequacy decision, (ii) contractual protections for the transfer of your Personal Data, or (iii) another valid data transfer mechanism. If you are located in Europe, you may contact us as specified below for more information about the safeguards we use to transfer Personal Data outside of Europe.

11. Changes to this Notice

We may update this Notice from time to time to reflect changes in our privacy practices. If we modify this Notice, we will indicate the date of the latest revision at the top of this Notice.

12. Our contact information

Should you have any queries regarding this Notice, about CodeDefender's processing of your Personal Data or if you wish to exercise your rights with respect to your Personal Data, you can contact CodeDefender by writing to us at: on our "Contact Us" button.