{*}SecureCodeHQ

Privacy Policy

Last updated: March 2026

Introduction

SecureCodeHQ ("we", "us", "our") operates the securecodehq.com website and related services. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

Data We Collect

We collect the following types of information to provide and improve our service:

  • Account information: email address, display name, and authentication provider (Google or email/password).
  • Secrets metadata: secret names, tags, descriptions, and creation dates. Secret values are encrypted and stored separately.
  • Audit logs: access timestamps, IP addresses, AI model identifiers, and action types for security monitoring.
  • Device information: browser fingerprint data for device approval features. This does not include personal hardware identifiers.
  • Usage data: anonymous analytics via Umami (self-hosted), and essential cookies for authentication and preferences.

How We Protect Your Data

Secret values are encrypted using AES-256-GCM envelope encryption. Each secret has its own unique data encryption key (DEK), which is wrapped by Google Cloud KMS. We never store plaintext secret values, and secret values are never included in logs or error reports. All data is transmitted over HTTPS. Our architecture is designed so that even we cannot read your secret values without the KMS key hierarchy.

How We Use Your Data

We use your information for the following purposes:

  • To provide, maintain, and operate the SecureCodeHQ service.
  • To monitor and protect the security of your account and secrets.
  • To respond to your support requests via Crisp chat.
  • To improve the service based on anonymous, aggregated usage patterns.

Data Sharing

We do not sell, rent, or trade your personal information to third parties. We use the following third-party services to operate: Firebase (authentication and database), Google Cloud KMS (encryption key management), Vercel (hosting), Stripe (payment processing for paid plans), Crisp (live chat support), and Umami (privacy-focused analytics). Each provider only receives the minimum data necessary for their function.

Cookies

We use essential cookies for authentication and session management. We also use Umami analytics cookies, which are privacy-focused and do not track users across websites. You can decline non-essential cookies via the cookie banner. The service functions fully with only essential cookies enabled.

Your Rights (GDPR)

If you are in the European Economic Area, you have the following rights regarding your personal data:

  • Right to access: request a copy of your personal data.
  • Right to rectification: correct inaccurate personal data.
  • Right to erasure: request deletion of your account and associated data.
  • Right to data portability: export your secrets metadata in a standard format.
  • Right to withdraw consent: opt out of non-essential data processing at any time.

Data Retention

We retain your data for as long as your account is active. Audit logs are retained according to your plan (7 to 365 days). When you delete your account, all personal data, secrets, and associated metadata are permanently removed within 30 days. Encrypted secret values are deleted immediately upon account deletion.

Contact

For any privacy-related questions or to exercise your rights, contact us via the Crisp chat widget on securecodehq.com. We aim to respond to all requests within 30 days.