Privacy Policy
This policy describes how inkode ("we", "us", "our") processes personal data when you use our website and code quality scanning service. It is written in accordance with Regulation (EU) 2016/679 (GDPR) and Hungarian data protection law (Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, as applicable).
1. Data Controller
The data controller responsible for your personal data is:
inkode
Email: hello@inkode.co
Website: https://inkode.co
For any privacy-related questions or requests please contact us at hello@inkode.co.
2. Personal Data We Process
We process the following categories of personal data:
| Data category | Examples | Legal basis (GDPR Art. 6) | Retention |
|---|---|---|---|
| Contact email | Email address provided in your .ik.yaml configuration file and submitted with a scan | Art. 6(1)(b) — performance of contract / pre-contractual steps | For the lifetime of your project data; deleted on request |
| Git metadata | Contributor email addresses extracted from your repository's git log for contributor-count and activity metrics | Art. 6(1)(b) — performance of contract | Stored as part of the scan report; deleted on request or scan deletion |
| IP addresses | IP address of the client making API requests, recorded in server access logs | Art. 6(1)(f) — legitimate interest (security, abuse prevention) | Up to 90 days in server logs |
| Session data (admin) | A short-lived authentication cookie (ik_admin_session) used only for the internal admin panel | Art. 6(1)(f) — strictly necessary for providing a secure admin interface | Expires when the browser session ends or after a short fixed period |
We do not collect or store the actual source code files you scan. Only derived metrics and metadata are stored.
3. How We Use Your Data
- Providing the scan service — your contact email and git metadata are used to generate your code quality report and to communicate results to you.
- Service security — IP addresses in server logs help us detect abuse, diagnose errors, and protect the integrity of the service.
- Admin authentication — the session cookie allows authorised operators to access the internal dashboard securely.
We do not use your data for marketing, profiling, or automated decision-making that produces legal effects.
4. Cookies
The inkode public website (inkode.co) uses no advertising or cross-site tracking cookies.
We use Umami, a privacy-friendly, cookieless analytics tool, to measure aggregate visitor numbers and page views. Umami does not set cookies, does not store IP addresses, and does not collect any personal or cross-site identifying data. Because no personal data is processed and no non-essential cookies are set, this requires no consent under GDPR / ePrivacy Directive Art. 5(3).
The only cookie set is ik_admin_session, which is a strictly necessary authentication token used exclusively by internal administrators. It is not set on any public-facing page and requires no consent under GDPR Recital 47 / ePrivacy Directive Art. 5(3).
Because we deploy no non-essential cookies, no cookie consent banner is required.
5. Third Parties and Data Sharing
We do not sell, rent, or share your personal data with third parties for their own purposes.
We may share data only in the following limited circumstances:
- Infrastructure providers — hosting and compute providers who process data on our behalf under a data processing agreement (DPA) and are bound by GDPR obligations.
- Analytics — Umami Software, Inc., providing our cookieless website analytics. Only aggregate, non-identifying usage statistics are processed.
- Legal obligation — if required by applicable law, court order, or lawful request from a Hungarian or EU authority.
6. International Data Transfers
We aim to store and process data within the European Economic Area (EEA). Where any processing occurs outside the EEA we ensure adequate safeguards are in place (e.g. Standard Contractual Clauses as per GDPR Art. 46).
7. Your Rights
Under GDPR Chapter III you have the following rights regarding your personal data:
| Right | What it means |
|---|---|
| Right of access (Art. 15) | Request a copy of the personal data we hold about you. |
| Right to rectification (Art. 16) | Request correction of inaccurate or incomplete data. |
| Right to erasure (Art. 17) | Request deletion of your personal data where there is no overriding legal reason to retain it. |
| Right to restriction (Art. 18) | Request that we limit how we process your data in certain circumstances. |
| Right to data portability (Art. 20) | Receive your data in a structured, machine-readable format where processing is based on consent or contract. |
| Right to object (Art. 21) | Object to processing based on legitimate interests; we will cease unless we can demonstrate compelling legitimate grounds. |
| Right to withdraw consent (Art. 7(3)) | Where processing is based on consent, withdraw it at any time without affecting lawfulness of prior processing. |
| Right not to be subject to automated decisions (Art. 22) | Not applicable — we do not carry out automated decision-making with legal or similarly significant effects. |
To exercise any of these rights, contact us at hello@inkode.co. We will respond within 30 days as required by GDPR Art. 12(3). We do not charge a fee for reasonable requests.
8. Right to Lodge a Complaint
If you believe we have handled your personal data in breach of GDPR you have the right to lodge a complaint with the competent supervisory authority. The Hungarian supervisory authority is:
Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
Address: 1055 Budapest, Falk Miksa utca 9–11., Hungary
Phone: +36 (1) 391-1400
Email: ugyfelszolgalat@naih.hu
Website: https://naih.hu
You may also lodge a complaint with the supervisory authority in the EU member state of your habitual residence or place of work.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include encrypted communication (HTTPS/TLS), access controls, and regular security reviews.
10. Children's Privacy
Our service is not directed at persons under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us at hello@inkode.co.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes we will update the "Last updated" date at the top of this page. Where required by law we will notify you more directly (e.g. by email).
We encourage you to review this policy periodically.
12. Contact Us
For any questions about this Privacy Policy or your personal data, please contact us: