Good Ventures Lab Inc. operates the managed plane of CodeRadar. This policy describes what data the managed plane collects, the lawful bases for processing, retention, and your rights. Self-host deployments collect nothing on their own.
Good Ventures Lab Inc. (Canada) is the data controller for the managed plane of CodeRadar. Subprocessors (cloud, KMS, observability, support) act as processors under data-processing agreements that mirror our obligations.
Account data. For each member: name, email (Clerk-managed), org affiliation. We use this to authenticate and to send you alerts you've subscribed to.
Operational data. Events captured by your SDK (errors, traces, breadcrumbs, tags, user context as you set it). The data you ship is the data we store; we don't add to it. We strongly recommend hashing email addresses on the SDK side; the default beforeSend hook does this for you.
Telemetry. Per-project ingest volume, latency histograms, error rates of the ingest API itself. Aggregated; used to operate the service. Not sold, not shared with third parties for advertising.
Marketing site. Standard server-side request logs (IP, user agent, requested URL) retained for 30 days. We do not run third-party analytics scripts on coderadar.app.
We do not collect the contents of your application's request bodies (unless you explicitly ship them in tags or breadcrumbs — your call). We do not run third-party advertising trackers. We do not sell or rent any user data. We do not collect biometric, health, or payment-card data.
Events. 30 days by default; configurable per project up to 1 year for the managed plane.
Traces. 90 days by default; configurable up to 1 year.
Aggregates. 1 year (count-per-minute series, used for charts and baseline alerts).
Source maps. 30 days by default; configurable up to 1 year.
Audit log. 1 year.
Account data. Duration of org membership plus 12 months for tax/audit. Earlier deletion on request where permitted.
We share with: cloud infrastructure providers (currently Google Cloud Platform), email delivery providers (Resend), and government bodies where required by lawful process. We do not sell. We do not share with marketing third parties.
Channel egress. When an alert fires, we POST/email/Slack the configured channel — that's egress to wherever you sent us. We hash secrets on the way in (HMAC for webhooks, no plaintext). Channel destinations operate under their own data-handling policies, which the customer is responsible for evaluating.
Cross-border. Managed plane data is processed in the United States and Canada by default. EU customer data, when the external tier lands, will be processed under standard contractual clauses where applicable. The Enterprise tier offers sovereign BC-Canadian tenancy via the Heroa substrate (roadmap).
You may access, correct, export, or delete your personal data by writing to [email protected]. We respond within 30 days. EU residents have additional rights under GDPR; California residents under CCPA/CPRA; Canadian residents under PIPEDA. We honor all of them.
If your data was processed on behalf of a CodeRadar customer (i.e., we are a processor and they are the controller), please contact the controller directly. We will assist them in fulfilling their obligations to you.
Material changes to this policy are announced on the changelog and emailed to org admins at least 30 days in advance. The current revision date is at the bottom of this page.
For questions: [email protected].
Last updated 2026-04-26.