We will never sell your private data or information. We don't give out your private info to organizations that may sell it. We do though disclose some customer information to SAAS providers that we use in order to make the Coveralls service functional. Those third party companies include Google Mail for any communication with us, Travis CI for continuous integration testing, Heroku for hosting, Amazon S3 for storage - each of these has their own privacy policies.
Coveralls accesses your code through the Coveralls gem, and our business rests on ensuring that any code that is stored with us is protected and safe. The Coveralls service operates on a read only basis and does not write any information into your code - we are only access code in order to read it and determine your testing coverage.
No human ever reads your code in the normal order of business operations, and we only have access to your code with your express permission and through you installing and configuring the Coveralls gem. Automated analysis are run in order to gauge coverage levels.
Only the founders have access to your code, and we will only look at it in response to support requests with your explicit permission. In the future, customer support level people may also be given access to customer source code, but your code will never be shared with third party contractors.
All access to account information and repository data is conducted over SSL connection, and all passwords are 1-way encrypted, never plaintext. Coverall admins will never access your sensitive data unless you specifically authorize us to do so, and Coveralls admins have no access to your password.
Coveralls accesses your Github or Bitbucket repository only to comment / annotate on pull requests. The Coveralls badge for your repository has to be placed into the “read me” by the user, the Coveralls application does not access or change that file. When you sign up for Coveralls you are explicitly allowing Coveralls to access your repositories on Github or Bitbucket, revoking this access is easy, just click the revoke button any time through your GitHub or Bitbucket application settings page. Of course doing this will stop Coveralls from having access to your private repositories.
If you wish to remove a repository, click the delete repository button. The builds and the repository data are all removed from the Coveralls server by this action.
If you would like to delete your account click the delete account button on your account page. This action will delete your account information, delete build and source code information stored on our servers, and stop any further billing.
To remove access to your GitHub or Bitbucket account, you can remove it via your GitHub or Bitbucket application settings page.
Coveralls is built on Amazon EC2 and Amazon S3 through Heroku. If the EC2 service becomes vulnerable, your source code may also become vulnerable to accidental disclosure. Amazon's Security Center discusses their security in great detail.
We take security incredibly seriously. If you have any suggestions for how we could improve our security, or improve this policy, please contact us at email@example.com. We will act immediately to deal with the issue.