Privacy Policy
Last updated: 12 February 2026
CodeShield AI is operated by Lydia Morgan, trading as CodeShield AI, based in Ireland. We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and Irish data protection law. This policy explains how we collect, use, and protect your information.
1. Who We Are
CodeShield AI is a software security scanning service operated by Lydia Morgan, based in Ireland. We are the data controller for personal information collected through our website at codeshield.ie and our GitHub Action available on the GitHub Marketplace.
If you have any questions about this privacy policy or our data practices, you can contact us at:
- Email: lydiamorgan85@gmail.com
- Website: https://codeshield.ie
2. What Information We Collect
2.1 Information You Provide Directly
- Name and email address when you purchase a licence
- Payment information (processed securely by LemonSqueezy - we do not store card details)
- Communications you send to us via email or support channels
2.2 Information Collected Automatically
- IP address and browser type when you visit codeshield.ie
- Pages visited and time spent on our website
- Referring website or search terms
- Device and operating system information
2.3 Information from GitHub Action Usage
- Licence key validation requests (we log that a key was validated, not what code was scanned)
- We do NOT access, store, or transmit your source code
- We do NOT scan your repositories on our servers
- All scanning happens locally in your GitHub Actions environment
3. How We Use Your Information
We use your personal information for the following purposes:
- To process your licence purchase and deliver your licence key
- To validate your licence when CodeShield runs in your GitHub Actions
- To provide customer support and respond to your enquiries
- To send important service updates and security notifications
- To improve our product based on usage patterns
- To comply with our legal obligations
4. Legal Basis for Processing (GDPR)
Under GDPR, we process your data on the following legal bases:
- Contract performance: Processing necessary to deliver your licence and provide our service
- Legitimate interests: Improving our product, preventing fraud, and ensuring security
- Legal obligation: Complying with Irish and EU law
- Consent: Where you have explicitly agreed to marketing communications
5. Your Source Code Privacy
This is the most important section for developers. CodeShield AI runs entirely within your own GitHub Actions environment. Your source code never leaves your infrastructure and is never transmitted to our servers. We only receive licence validation requests confirming a valid key is being used.
6. Data Sharing and Third Parties
We do not sell your personal data. We share data only with trusted third parties necessary to operate our service:
- LemonSqueezy: Payment processing and licence management (their privacy policy applies)
- GitHub: Marketplace listing and action distribution
- Google Analytics: Website analytics (anonymised)
7. Data Retention
We retain your personal data for the following periods:
- Account and licence data: Duration of your subscription plus 2 years
- Purchase records: 7 years (required by Irish tax law)
- Support communications: 2 years from last contact
- Website analytics: 26 months
8. Your Rights Under GDPR
As a resident of the EU or Ireland, you have the following rights regarding your personal data:
- Right of access: Request a copy of your personal data
- Right to rectification: Correct inaccurate or incomplete data
- Right to erasure: Request deletion of your personal data
- Right to restrict processing: Limit how we use your data
- Right to data portability: Receive your data in a portable format
- Right to object: Object to processing based on legitimate interests
- Right to withdraw consent: Withdraw consent at any time
To exercise any of these rights, contact us at lydiamorgan85@gmail.com. We will respond within 30 days.
9. Cookies
Our website uses cookies to improve your experience. For full details, see our Cookie Policy.
10. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:
- HTTPS encryption for all data transmission
- Secure payment processing via LemonSqueezy
- Regular security reviews
- Limited access to personal data on a need-to-know basis
11. International Transfers
Your data may be processed outside Ireland or the EU by our service providers (including LemonSqueezy and GitHub). Where this occurs, we ensure appropriate safeguards are in place in accordance with GDPR requirements.
12. Children's Privacy
CodeShield AI is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.
13. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. Your continued use of our service after changes are posted constitutes acceptance of the updated policy.
14. Contact and Complaints
For privacy-related queries, contact us at lydiamorgan85@gmail.com.
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Irish Data Protection Commission:
- Website: https://www.dataprotection.ie
- Phone: +353 57 868 4800