Privacy Policy.
How we handle wallet data, source code, audit reports, and personal information.
LAST UPDATED · MARCH 30, 2026
What We Collect
When you submit an audit request, we collect: your Solana wallet address, email address, project details (name, website, contract address, source code if provided), and payment transaction data. We do not collect passwords or private keys.
Wallet Authentication
We use Solana wallet signature verification for authentication. We never have access to your private keys. Authentication works by signing a message with your wallet — no seed phrases or private keys are transmitted.
How We Use Your Data
Your data is used to: perform the requested audit, communicate audit progress and results, process payments, and display published audit reports. Email addresses are used solely for audit-related notifications.
Source Code
Source code submitted for Code Audit and Full Stack Audit is used exclusively for the audit. We do not share, sell, or publish your source code. Source code is stored securely in encrypted storage and can be deleted upon request after the audit is complete.
Public Reports
Audit reports are published publicly on opcode.run. Published reports contain: project name, audit findings, severity ratings, score, and verdict. Source code snippets may be included in findings only with relevance to security issues.
Data Storage
Data is stored on Supabase (hosted on AWS). Source code uploads are stored in encrypted Supabase Storage buckets. We retain audit data indefinitely as published reports are a permanent public record.
Third Parties
We use: Supabase (database and auth), Helius (Solana RPC and monitoring webhooks), Vercel (hosting), and Jupiter (price data). We do not sell or share personal data with third parties for marketing purposes.
Cookies
We use essential cookies for wallet session management. We do not use tracking cookies or analytics pixels.
Your Rights
You may request deletion of your personal data (email, contact info) by contacting us. Published audit reports are public records and cannot be deleted, but your personal contact information can be removed from our database.