Privacy Policy

Last updated: March 23, 2026

Arrington Innovative Solutions, LLC ("AIS", "we", "our", or "us") operates CodeConfirmed ("the Service"). This Privacy Policy describes how we collect, use, and protect your information when you use our platform.

1. Information We Collect

Account Information

When you create an account, we collect your email address, display name, and organization name. If you sign in via Google OAuth, we receive your name and email from Google.

Project and Test Data

We store the projects, test cases, test plans, coverage scores, scan results, and other test management data you create within the platform. This data belongs to your organization.

Source Code (GitHub Integration)

When you connect a GitHub repository, we temporarily access your source code to perform AI analysis. Source code is sent to AI models (Anthropic Claude) for analysis and is not stored after the scan completes. File structure metadata (file names, paths, sizes) may be cached to improve scan performance.

Usage Data

We collect information about how you use the Service, including pages visited, features used, scan frequency, and session duration. This helps us improve the product.

Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers or bank account details. Stripe's privacy policy governs the handling of your payment information.

2. How We Use Your Information

Provide the Service: Process scans, generate tests, calculate coverage scores, and deliver features you use
AI Analysis: Send project data and source code to AI models to generate test recommendations
Communication: Send transactional emails (invitations, support replies, scan notifications) and occasional product updates
Improvement: Analyze usage patterns to improve features, fix bugs, and optimize performance
Support: Respond to your support tickets and help requests
Billing: Process subscriptions, credit purchases, and invoicing via Stripe

3. Data Sharing

We do not sell your personal information. We share data only with:

Anthropic (Claude AI): Source code and project data for AI analysis during scans. Data is processed in transit and not retained by Anthropic after analysis.
Stripe: Payment processing for subscriptions and credit purchases
Supabase: Database hosting and authentication services
Vercel: Application hosting and deployment
Resend: Transactional email delivery

4. Data Security

We implement industry-standard security measures including:

Encryption in transit (HTTPS/TLS) and at rest
Row-Level Security (RLS) policies ensuring organization data isolation
Role-based access control (owner, admin, member, editor)
Audit logging of all significant actions
GitHub integration uses read-only access tokens
Regular security reviews of API endpoints and database policies

5. Data Retention

Active accounts: Data is retained as long as your account is active
Cancelled subscriptions: Data is retained for 30 days after cancellation, then may be permanently deleted
Source code: Not stored after scan completion. Only generated test recommendations are retained
Audit logs: Retained for 12 months
Support tickets: Retained for the lifetime of the account

6. Your Rights

You have the right to:

Access: Request a copy of your personal data
Correction: Update inaccurate information via your account settings
Deletion: Request deletion of your account and associated data
Data Portability: Export your test data via CSV/PDF exports
Opt-out: Unsubscribe from marketing emails (transactional emails cannot be disabled)

7. Cookies and Tracking

We use essential cookies for authentication and session management. We use the active organization cookie to support multi-org switching. We do not use third-party advertising cookies. Analytics tracking, if implemented, will be disclosed here.

8. Children's Privacy

CodeConfirmed is not intended for users under 16 years of age. We do not knowingly collect information from children. If we become aware that we have collected data from a child, we will delete it promptly.

9. International Data Transfers

Our services are hosted in the United States. If you are accessing the Service from outside the US, your data may be transferred to and processed in the US. By using the Service, you consent to such transfers.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification. The "Last updated" date at the top indicates the most recent revision.

11. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

Arrington Innovative Solutions, LLC
Email: support@arringtonis.com