Privacy Policy

Last updated: March 26, 2026

EvalLab ("we", "us", "our") operates Open Code Review (codes.evallab.ai). This Privacy Policy explains how we collect, use, and protect your information when you use our services.

1. Information We Collect

Account Information

When you register for an account, we collect:

  • Email address
  • Password (hashed, never stored in plaintext)
  • Company name (optional)

Usage Data

We automatically collect anonymized usage data to improve our services:

  • Pages visited and feature usage (via Umami, a privacy-first analytics tool)
  • Scan count, scan level, and language statistics (aggregated)
  • Browser type, device type, and approximate location (country-level)

2. How We Use Your Information

  • Provide and maintain the Open Code Review service
  • Generate and manage your license keys
  • Send service-related notifications (e.g., license expiry)
  • Improve product features based on aggregated usage patterns
  • Respond to support requests

3. Code & Scan Data

Your code privacy is our top priority:

  • CLI scans (L1/L2) run entirely on your machine — no code leaves your environment
  • L3 deep scans send code snippets to your chosen LLM provider (not to us)
  • Cloud API scans process code server-side but never store source code after analysis
  • Scan results and scores may be stored in your dashboard for your reference
  • We never sell, share, or train models on your code

4. Data Sharing

We do not sell your personal information. We share data only in these cases:

  • Payment processors (PayPal) — to process transactions
  • LLM providers (when you choose L3 scan) — code snippets sent directly to your configured provider
  • Legal requirements — if required by law or to protect our rights

5. Data Retention

Account data is retained while your account is active. You can request deletion at any time by contacting us at [email protected]. Scan results in your dashboard are retained for 90 days. Anonymized, aggregated analytics data may be retained indefinitely.

6. Security

We implement industry-standard security measures including HTTPS encryption, hashed passwords, and access controls. However, no method of transmission over the Internet is 100% secure.

7. Your Rights

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your scan history
  • Opt out of non-essential communications

8. Cookies & Analytics

We use Umami Analytics, a privacy-first, cookie-free analytics tool. It does not use cookies, does not track users across websites, and is fully GDPR-compliant. We store a locale preference in localStorage (not a cookie) to remember your language choice.

9. Contact Us

For privacy-related questions or data requests, contact us at [email protected].