Skip to main content
This agreement explains how Codepure (the “Processor”) handles data for you (the “Client” / “Controller”)[cite: 55].

1. Compliance

This agreement ensures we comply with local privacy laws, including the Personal Data Protection Law (PDPL) in Saudi Arabia[cite: 59].

2. What Data We Process

  • Purpose: Scanning your software for security vulnerabilities[cite: 62].
  • What we scan: Code metadata and user account details[cite: 63].
  • Whose data: Your developers and admin users[cite: 64].
  • Data types: Names, email addresses, IP addresses, and login credentials[cite: 65].

3. Security Protections

We protect your data using strict security rules:
  • Encryption: Data is encrypted while stored (AES-256) and while moving across the internet (TLS 1.2+)[cite: 70].
  • Access Control: We use Multi-Factor Authentication (MFA) and strict role-based access limits[cite: 71].

4. Data Residency (Where Your Data Lives)

For our GCC clients (Saudi Arabia, UAE, Qatar, etc.), Codepure guarantees that your core data is stored and processed locally within the Google Cloud Dammam Region[cite: 73]. This satisfies local data residency and NCA requirements[cite: 73].

5. User Rights

If one of your employees asks to see or delete their personal data, we will assist you in fulfilling that legal request[cite: 79].