Privacy

Code privacy commitments

CodeFix uses temporary source access to analyze submitted repositories. We do not train models on customer code. Projects can be deleted after report generation, and deeper proof can be attached when selected.

Access

GitHub access is used only to inspect repository contents for launch-readiness analysis. ZIP uploads are treated as temporary analysis inputs.

• GitHub access is read-only for repository analysis.
• Private repos and ZIP uploads are supported without requiring a public repo.
• Customer code is not used for model training.
• Stabilization, rescue, and hardening scope use live repo evidence when selected.
• Secrets should be redacted from report UI and logs.
• Delete-after-report and access revocation are part of the operating model.

Deletion

CodeFix is built around delete-after-report workflows and revocable access so customer code does not need to sit in the system after the report is delivered.

Deep Review

Automated report generation runs without manual code review. Stabilization, rescue, and hardening scope run broader live analysis before the project is scoped into a fixed-scope recommendation.