Privacy
Policy

Helm Labs Ltd ("we", "us") operates CodeCityScape — a developer tooling SaaS platform that visualises software codebases as navigable 3D cities. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

This Privacy Policy applies to: visitors to our website; users of the CodeCityScape platform; representatives of subscribing organisations; and users of the @codecityscape/cli command-line tool.

Helm Labs Ltd is the data controller for personal data processed in connection with CodeCityScape. We are registered with the Information Commissioner's Office (ICO).

For data protection enquiries: legal@codecityscape.com. You may also lodge a complaint with the ICO at ico.org.uk.

3.1 Account and Identity

Name, email, SCM username, and profile avatar — collected when you sign up via GitHub or GitLab OAuth. Used to create and manage your account. Lawful basis: performance of contract.

3.2 SCM OAuth Tokens

OAuth tokens are stored encrypted at rest using pgcrypto (AES-256). Used only for: reading file structure and metadata; registering webhooks; dependency analysis via tree-sitter static analysis. We do not read raw file content. Lawful basis: performance of contract.

3.3 Repository Metadata

File names, directory paths, import/dependency relationships, LOC counts, technology stack signatures, and commit metadata (author, timestamp, SHA — not commit message body). We do not store raw file content. Lawful basis: performance of contract.

3.4 Coverage Data (CLI)

When you use @codecityscape/cli in CI/CD, we receive test coverage reports (LCOV, Cobertura, JaCoCo, SimpleCov, Go coverage). We store coverage percentages mapped to file paths. Lawful basis: performance of contract.

3.5 Billing and Payment

Billing processed by Stripe. We store billing contact name, email, and Stripe customer reference. We do not store full card numbers. Lawful basis: performance of contract; legal obligation.

3.6 Usage and Audit Logs

Security-relevant actions (login events, repo connections, plan changes) including user ID, timestamp, action type, and IP address. Secrets are never logged. Lawful basis: legitimate interest (security, compliance).

We use personal data to: provide and operate CodeCityScape; manage accounts and enforce plan-based access; process payments; communicate about the Service; comply with legal obligations; protect the security of the platform; and improve our visualisation algorithms using aggregated anonymised data.

We do not share personal data with third parties for their own marketing purposes.

Data is primarily stored in the UK and EU. Where we transfer data outside the UK/EEA (Stripe, GitHub, GitLab in the USA), we ensure appropriate safeguards: UK adequacy decisions where applicable; Standard Contractual Clauses (UK IDTA); and Data Processing Agreements with each sub-processor.

Under the UK GDPR: access your data; rectification of inaccurate data; erasure in certain circumstances; restriction of processing; data portability; object to processing; withdraw consent where relied upon; and lodge a complaint with the ICO.

To exercise any right, contact legal@codecityscape.com. We will respond within one calendar month.

We implement: encryption of OAuth tokens (pgcrypto/AES-256); TLS in transit; row-level security on our PostgreSQL database; VPC network isolation on AWS; least-privilege IAM; and audit logging. See our Security Policy for full details.

CodeCityScape is not intended for individuals under 18. We do not knowingly collect data from children. If you believe we have, contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will post the updated policy on our website and notify you of material changes by email or in-product notice.

Privacy enquiries: legal@codecityscape.com
Company: Helm Labs Ltd, registered in England and Wales
Website: codecityscape.com
ICO: ico.org.uk