Privacy Policy

Last Updated: October 31, 2024

Previous Version

This Privacy Policy sets out how Codecov, operated by Functional Software, Inc. dba Sentry, collects, discloses, and uses personal information about you and how you can exercise your privacy rights. This Privacy Policy applies to personal information that we collect when you visit our website at https://about.codecov.io (“Site”), use our products and services (“Service”), or otherwise interact with us (e.g., by attending an event or communicating with us). If you do not agree with this policy, please do not access or use our Site or Service or interact with any other aspect of our business.

This Privacy Policy does not apply to data submitted to the Service (“Service Data”). A separate agreement (“Customer Agreement”) governs delivery, access, and use of the Service, including the processing of Service Data. With respect to any personal information included in Service Data, the organization (e.g., your employer or another entity or person) that entered into the Customer Agreement (“Customer”) controls its instance of the Service and any associated Service Data. If you have any questions about a Customer’s instance of the Service and any associated Service Data, please contact the Customer.

We recommend that you read this Privacy Policy in full to ensure you are fully informed.

Codecov offers a code coverage reporting solution designed to help developers test, strengthen, and improve their software code.

For more information about Codecov, please see the main page of our Site.

The personal information that we may collect about you broadly falls into the following categories:

• Information that you provide

  We collect information about you when you input it into our Site or the Service or otherwise provide it directly to us.

  Account and profile creation

  We collect information about you when you register for an account, create or modify your profile, and set preferences for the Service. For example, you may provide your contact information, including your first and last name, email address, and password when you register for the Service. We keep track of your preferences when you select settings within the Service.

  Sign in via other platforms

  As part of registration, you may authenticate via your separate account with a third-party software development platform such as Github, GitLab, and Bitbucket. We will not collect the password that you use for the relevant platform, but we may collect details from your account with the platform, such as username or ID, email address, and organization and team associations.

  Requests and inquiries

  You may choose to provide us with information when you contact us about our Service or otherwise interact with us. For example, you may choose to submit information regarding a problem you are experiencing with our Service and send us screenshots to help in resolving the problem. You may submit your contact information to register for our events, to subscribe to receive marketing communications from us, or to make an inquiry through our Site. You may also provide content to us when you participate in a survey, contest, promotion, sweepstake, activity, or event, including via social media and other content platforms.

  Purchases

  If you register for a paid Service, we will collect purchase information, such as the Service plan that you purchase and information related to refunds, credits, and cancellations, and your billing address and payment information. Please note that any payment information you provide is sent directly to a third-party payment processor. We have no access to and do not store your payment information.

• Information that we collect from your device and usage

  We collect certain information about your device and how you and your device interact with us and our Site or Service.

  Specifically, the information we collect will include information such as your IP address, device type, unique device identification numbers, browser-type, operating system, software installed on your device, product keys, general location information (such as inferred from an IP address), and referring URL. We also collect information about how you and your device have interacted with our Site or Service or with us via email, including the pages you accessed, features you used, Service you purchased, links you clicked, and when you accessed and for how long.

  Some of this information is collected using cookies and similar tracking technology, as explained further under the heading “Cookies and similar tracking technology” below.

• Information that we obtain from third-party sources

  From time to time, we receive personal information about you from third-party sources (including social media and other content platforms, public databases, and from our business and channel partners and vendors).

  The types of information we collect from third parties include name, email addresses, job titles, and social media profiles. We may combine this information with information we collect through other means described above. This helps us to maintain and improve the accuracy of our records, identify new customers, deliver personalized communications, and suggest services that may be of interest to you.

We use your information for business and commercial purposes, such as to:

• Provide, maintain, and improve the Site and Service, including system administration, system security, and adding new features or capabilities;
• Manage your account and send you related information, including confirmations, updates, technical notices, security alerts, and support and administrative messages;
• Respond to your comments, questions, and requests, and provide customer care and support services;
• Communicate with you about the Service, products, offers, surveys, events, content, and other news and information we think may be of interest to you;
• Monitor and analyse trends, usage, and activities in connection with the Site and Service and our communications to you;
• Detect, investigate, and prevent fraudulent transactions and other illegal activities, protect the rights and property of Codecov and others, enforce our Terms of Service or other agreements with you, and comply with legal requirements;
• Personalize and improve the Site and Service and provide advertisements, content, and features that match your profile and interests, and remember information about your preferences for the Site and Service;
• Administer surveys, contests, promotions, sweepstakes, and other activities; and
• Carry out any other purpose disclosed to you at the time we collect your information.

We may aggregate or de-identify information collected through the Service. We may use aggregated or de-identified data for any purpose, including without limitation for research and marketing purposes, and may also disclose such data to any third parties, including without limitation, advertisers, promotional partners, sponsors, event promoters, and others.

If you are based in Europe, we collect and process information about you only where we have a legal basis for doing so under applicable European laws. This means we collect and process your information only where:

• We need it to provide the Site or Service, including to register you as a new user, operate the Site or Service, provide technical support, and to protect the safety and security of the Site or Service pursuant to our agreement with you;
• It satisfies our legitimate interests, such as to market and promote the Service and to protect our legal rights and interests, which are not overridden by your own interests, rights, and freedoms;
• It is necessary to comply with a legal obligation or in connection with a legal claim, such as to respond to judicial orders or subpoenas; or
• You provide consent for a specific purpose, such as for marketing communications (where consent is required under applicable marketing laws).

The legal bases depend on the type of information and the purpose for our processing. In some contexts, more than one legal basis applies. When we process your information based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on such consent before it is withdrawn. To exercise your rights, see “Your data protection rights” below. Where we are using your information because we or a third party (e.g., your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Service.

We disclose your personal information to the following categories of recipients:

• Affiliate companies who help operate and improve our Site and Service (including to support the delivery of, provide functionality on, or help to enhance the security of our Site and Service), offer other Codecov affiliated services to you, or who otherwise process personal information for the purposes described in this policy. The protections of this policy apply to the information we disclose in these circumstances.
• Third-party vendors who provide hosting, storage, support, payment processing, billing, communication, analysis, and other services to us, which may require them to access or use information about you.
• Third-party go-to-market partners who provide referral, sale, resale, or similar go-to-market services. We may disclose your information, like your name, email address, and job title, in connection with their services. We may also disclose information to these third parties where you have agreed to that disclosure.
• Third-party advertising and analytics partners to serve advertisements on our behalf across the internet and to provide analytics services. These entities may use Cookies in the same way we do, to among other things, track and analyze data, determine the popularity of certain content, deliver advertising and content targeted to your interests, and better understand your online activity. For more information about how to manage having your web browsing information used for advertising purposes, please see further details under the heading “Your data protection rights” below.
• Third-party platforms when you, your administrator or other Service users choose to install or enable third-party apps, add-ons or other platforms for use with the Service. Doing so may give the providers of those platforms access to your account and information about you, like your name and email address, and any content you choose to connect with those platforms. Please note that when you use third-party platforms, your use will be governed by their own terms and privacy policies.
• Any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.
• An actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger, or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this policy.
• Any other person with your consent to the disclosure.

We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal information about you, including to understand and save your preferences and to compile aggregate data about Site and Service interaction.

We may also allow certain third parties (e.g., vendors and advertising partners) to provide functionality, serve tailored marketing to you, and to access their own cookies or other tracking technologies on your computer, mobile phone, or other device you use to access the Site or Service. Cookies may be associated with de-identified data linked to or derived from data you voluntarily have submitted to us (e.g., your email address) that we may disclose to third parties in hashed, non-human-readable form.

You may refuse to accept Cookies by activating the setting on your browser that allows you to refuse the setting of Cookies . You can find information on popular browsers and how to adjust your Cookie preferences at the browser provider’s websites. Depending on where you live, you may also have the right to opt out of targeted advertising (as defined in applicable law) and/or certain third-party cookies, as described under the heading “Your data protection rights” below. If you choose to disable Cookies, your ability to use or access certain parts of our Site and Service may be affected. We or our vendors may also use Cookies to track your interaction with our emails or other communications (e.g., whether you open or forward emails).

We use appropriate technical and organizational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. However, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that information, during transmission through the Internet, or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. In particular, email sent to or from Codecov may not be secure, and you should therefore take special care in deciding what information you send to us via email.

In some cases your personal information is transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective).

Specifically, our Site and Service are hosted in the United States and Germany, and our affiliate companies and third-party vendors operate around the world, including in the United States, Canada and Europe. This means that when we collect your personal information, we may process it in any of these countries.

Where we transfer your personal information to countries and territories outside of Europe (including the United Kingdom) and Switzerland that have been formally recognised as providing an adequate level of protection for personal information, we rely on the relevant “adequacy decisions” from the European Commission and Swiss Federal Administration, and “adequacy regulations” from the Secretary of State in the United Kingdom.

Where the transfer is not subject to an adequacy decision or regulations, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this policy. The safeguards we use are the European Commission-approved standard contractual clauses, the UK International Data Transfer Agreement, and other appropriate legal mechanisms. This is how transfers of personal information between our group companies and with our third-party vendors will be safeguarded.

Data Privacy Framework Notice

Functional Software, Inc. (our registered company name) participates in and complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce (collectively, the “Data Privacy Framework”) regarding the collection, use, and retention of personal information about you that is transferred from the European Union, United Kingdom, and Switzerland to the U.S. We have self-certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles for all information about you that is received from the European Union and the United Kingdom in reliance on the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework. We have also self-certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (together with the EU-U.S. Data Privacy Framework Principles, the “Data Privacy Framework Principles”) for all information about you that is received from Switzerland in reliance on the Swiss-U.S. Data Privacy Framework. If there is any conflict between the terms in this Privacy Policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles will govern.

As required under the Data Privacy Framework, when we receive information under the Data Privacy Framework and then transfer it to a third party acting as an agent on our behalf, we have certain liability under the Data Privacy Framework if the agent processes the information in a manner inconsistent with the Data Privacy Framework and we are responsible for the event giving rise to the damage. We may be required to disclose information about you under the Data Privacy Framework in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

To learn more about the Data Privacy Framework program, and to view Codecov’s certification, please see the Data Privacy Framework website.

We encourage you to contact us as provided below should you have a Data Privacy Framework-related (or general privacy-related) complaint and we commit to resolve any such complaint. We have further committed to refer unresolved complaints concerning our handling of personal data received in reliance on the Data Privacy Framework to JAMS, a U.S.-based alternative dispute resolution provider. If you do not receive timely acknowledgement of your Data Privacy Framework-related complaint from us, or if you are not satisfied with our response to your Data Privacy Framework-related complaint, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Under certain conditions, more fully described on the Data Privacy Framework website, including when other dispute resolution procedures have been exhausted, you may invoke binding arbitration.

We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

We retain the personal information we collect from you where we have an ongoing legitimate business need to do so (e.g., to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements). In certain circumstances, we will need to keep your information for legal reasons after our relationship has ended. For example, we may retain your data for longer than the usual retention period when we have a legal obligation to do such, to deal with and resolve requests and complaints, to protect an individual’s rights and property, and for litigation and regulatory matters. The specific retention periods depend on the nature of the information and why it is collected and processed and the nature of any legal requirement. The criteria we use to determine the retention period include:

• How long is the personal information needed to provide the Service or operate our business? This includes such things as maintaining and improving the performance of the Service, keeping our systems secure, and maintaining appropriate business and financial records. This is the general rule that establishes the baseline for most data retention periods.
• Is the personal information of a sensitive type? If so, a shortened retention time would generally be appropriate.
• Has consent been provided for a longer retention period? If so, we will retain the data in accordance with your consent.
• Is Codecov subject to a legal, contractual, or similar obligation to retain the data? Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation.

When we have no ongoing legitimate business need or legal reason to process your personal information, we will either delete or anonymise it or, if this is not possible (e.g., because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Depending on your location, you may have the following data protection rights. To exercise any of them, see the specific instructions below or contact us using the contact details provided under the “How to contact us” heading below. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

• You may access, correct, update or request deletion of your personal information by submitting a request at https://sentry.io/contact/gdpr/.
• You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information by submitting a request at https://sentry.io/contact/gdpr/.
• If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time by submitting a request at https://sentry.io/contact/gdpr/. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
• You have the right to complain to a supervisory authority about our collection and use of your personal information. For more information, please contact your local supervisory authority. (Contact details for supervisory authorities in Europe are available here.) Certain supervisory authorities may require that you exhaust our own internal complaints process before looking into your complaint.
• You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you or otherwise following the directions in the emails.
• Where applicable under local law, you may have the right to opt out of targeted advertising (as defined in applicable law) by clicking to our Preference Center and following the instructions. You may also be able to opt out of receiving personalized advertisements from other companies who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising. For more information about this practice and to understand your options, please visit: http://www.aboutads.info, http://optout.networkadvertising.org/ and http://www.youronlinechoices.eu. To customize Google Display Network ads, you can visit the Google Ads Settings page.
• Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Our Site may not respond to all browser-based DNT signals; however, our Site does respond to DNT signals sent through the Global Privacy Control (“GPC”) to opt-out of “sales” or “sharing” of personal information and targeted advertising (as those terms are defined in applicable law) in certain locales. Any opt-out preferences you have exercised through this method will only apply to the specific device-browser on which you made them. For more information on the GPC and how to use the GPC signal, see https://globalprivacycontrol.org/.

Codecov’s Site and Service are not directed to children under 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information without parental consent, please contact us using the contact details provided under the “How to contact us” heading below. If we become aware that a child under 16 has provided us with personal information without parental consent, we will take steps to remove such information and terminate the child’s account.

If you are 16 or older, but have not reached your jurisdiction’s age of majority (such that you are able to enter a contract), you should only use the Service with permission from your parent or guardian.

The Site and Service may link to third-party websites or platforms from companies other than Codecov, such as to relevant online resources, social media platforms, our partners’ websites, payment processors, and other third-party websites. We are not responsible for the privacy practices or content of such other websites. If you have any questions about how these other websites use your information, you should review their policies and contact them directly. We are not responsible for the actions of third parties.

We may update this policy from time to time in response to changing legal, regulatory, technical, or business developments. When we update this policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

You can see when this policy was last updated by checking the date displayed at the top of this policy.

If you have any questions or concerns about our use of your personal information, please contact by sending us an email at hello-codecov@sentry.io.

The data controller of your personal information is Functional Software, Inc. d/b/a Sentry. Our address is Functional Software, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105.

1. Who and what this notice applies to. This Supplemental Notice supplements the information in our Privacy Policy, and except as provided herein, applies solely to California residents. It applies to personal information we collect on or through the Site or Service and through other means (such as information collected offline, in person, and over video calls). It does not apply to personal information we collect from our employees and job applicants in their capacity as employees and job applicants. It also does not apply to personal information we process as a service provider. Any capitalized terms used but not defined in this Supplemental Notice have the meanings set forth in our Privacy Policy.
2. What the CCPA requires us to tell you. If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and disclose your “personal information” and “sensitive personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).
3. What’s included in our Privacy Policy. Throughout our Privacy Policy, we describe the specific pieces of personal information and sensitive personal information we collect, the sources of that information, and how we disclose it.
4. Categories of personal information we collect. Under the CCPA, we are also required to provide you with the “categories” of personal information we collect and disclose. Those categories of personal information are as set forth in the table below. We collect and disclose those categories of personal information for the purposes described in our Privacy Policy, including for the business or commercial purposes (as those terms are defined in applicable law) set forth in the table below.
   

   Categories of Personal Information

   Business or Commercial Purposes

   Identifiers (such as name, address, email address, phone number, other account information, and cookies) Commercial information (such as transaction data) Financial data (such as credit card information) Internet or other network or device activity (such as IP address or service usage) Geolocation information (general location) Inference data about you Sensory information (such as audio recordings if you chat with our sales team) Professional or employment related data Other information that identifies or can be reasonably associated with you Sensitive personal information (account log-in, financial data, and password or other credentials allowing access to your account)

   Operate and provide our Site or Service Audit interactions on our Site or Service Prevent fraud Enhance security Detect bugs and errors Analyze use of, or improve, the Site or Service Customize displayed content Comply with laws; defend our legal rights Other uses that advance our commercial or economic interests Other uses about which we notify you

5. Our sources of personal information. We collect the categories of personal information identified above from the following sources: (1) directly from you; (2) through your use of the Site or Service; (3) affiliates; (4) third parties such as Github, GitLab, and BitBucket (when you log in using one of those accounts); (5) social media and other content platforms; (6) public databases; (7) business and channel partners; and (8) third-party vendors.
6. Aggregation and de-identification. We may combine the information we collect (“aggregate”) or remove pieces of information (“de-identify”) to limit or prevent identification of any particular user or device.
7. Our information disclosure practices. We describe our information disclosure practices in our Privacy Policy. We may disclose certain categories of personal information with third parties (as defined by the CCPA) for the business purposes described above. For example, we may disclose identifiers and professional or employment related data with our partners who provide referral, sale, resale, or similar go-to-market services. If you, your administrator, or other Service users choose to install or enable third-party apps, add-ons, or other platforms, we may also disclose identifiers and any content you choose to connect with those apps. If you interact with social media plugins or links on the Site, we may share identifiers, commercial information, internet or other network or device activity, geolocation information (general location), or inference data about you with those social media services.
8. “Selling” or “Sharing” personal information. Codecov may disclose personal information to third parties that may be considered “sales” of personal information or “sharing” of personal information for the purposes of targeted advertising (as those terms are defined in the CCPA). The categories of personal information we may disclose are identifiers, commercial information, internet or other network or device activity, geolocation information (general location), and inference data about you. The third parties are advertising partners. You may opt out of “sales” of personal information and “sharing” of personal information by clicking to our Preference Center and following the instructions. Where required, we also honor requests to opt out submitted via privacy preference signals recognized under applicable law, such as the Global Privacy Control (“GPC”). For more information on the GPC and how to use the GPC signal, see https://globalprivacycontrol.org/. We do not knowingly “sell” or “share” the personal information of consumers under 16 years of age.
9. Your rights under California law. If you are a California resident, you may have certain rights. California law may permit you to request that we:
   • Provide you the categories of personal information we have collected or disclosed about you; the categories of sources of such information; the business or commercial purpose for collecting, “selling,” or “sharing” your personal information; the categories of third parties to whom we disclose or “sell,” or with whom we “share,” personal information; and the categories of personal information we “sell.”
   • Provide access to and/or a copy of certain information we hold about you.
   • Delete certain information we have about you.
   • Correct inaccurate personal information that we maintain about you.

   You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. Certain information may be exempt from such requests under applicable law. We need certain types of information so that we can provide the Site or Service to you. If you ask us to delete it, you may no longer be able to access or use the Site or Service.

10. Information collected on behalf of our customers. In instances where we process personal information on behalf of our customer, rights requests should be directed to the relevant customer. Any request sent directly to us that pertains to information collected on behalf of a customer will be forwarded on to that customer.
11. How to exercise your rights. If you would like to exercise any of these rights, you can submit a request at sentry.io/contact/gdpr/. You will be required to verify your identity before we fulfill your request. To do so, you will need to provide information to match with our existing records to verify your identity depending on the nature of the request and the sensitivity of the information sought (e.g., provide your email address). You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.
12. Sensitive personal information. The CCPA also allows you to limit the use or disclosure of your “sensitive personal information” (as defined in the CCPA) if your sensitive personal information is used for certain purposes. Please note that we do not use or disclose sensitive personal information other than for purposes for which you cannot opt out under the CCPA.
13. Financial Incentive. We occasionally run giveaways, sweepstakes, and contests where participants may provide personal information in return for a chance to win certain prizes. You can opt into the giveaway, sweepstakes, or contest by taking the requested action. Your participation is completely voluntary, and you have a right to withdraw from these incentives at any time. If you decide you don’t want to participate in these financial incentives, you can refrain from taking the requested actions.

    The specific reward or incentive offered, if any, is made available to you when you take the action specified in the particular giveaway, sweepstakes, or contest. The monetary value of the reward or incentive is a reasonable approximation of the monetary value of the information you provide us. We have arrived at this estimate based on consideration of multiple factors, including the following: (1) revenue we generate in developing insights on our Customers; (2) expenses we incur in operating the giveaway, sweepstakes, or contest; and (3) our reasonable assessment of revenue we may generate as a result of the referrals provided to us by our Customers.

14. Data retention. Please see the “Data retention” section of our Privacy Policy for information about our data retention practices.