Coveralls logob

Privacy

We will never sell your private data or information. We don't give out your private info to organizations that may sell it. We do though disclose some customer information to SAAS providers that we use in order to make the Coveralls service functional. Those third party companies include Google Mail for any communication with us, Travis CI for continuous integration testing, Amazon AWS for hosting, Amazon S3 for storage, Cloud66 for orchestration - each of these has their own privacy policies.

Your Code

Coveralls accesses your code using the OAuth access token provided by your SCM, and no private code is stored or cached on our servers. The Coveralls service operates on a read only basis and does not write any information into your code - we are only access code in order to read it and determine your testing coverage.

No human ever reads your code in the normal order of business operations, and we only have access to your code with your express permission and through you signing up via OAuth.

Only the founders and background-checked employees have access to your code, and we will only look at it in response to support requests with your explicit permission. In the future, customer support level people may also be given access to customer source code, but your code will never be shared with third party contractors.

Security

All access to account information and repository data is conducted over SSL connection, and all passwords are 1-way encrypted, never plaintext. Coverall admins will never access your sensitive data unless you specifically authorize us to do so, and Coveralls admins have no access to your password.

GitHub and Bitbucket

Coveralls accesses your Github or Bitbucket repository only to comment / annotate on pull requests. The Coveralls badge for your repository has to be placed into the “read me” by the user, the Coveralls application does not access or change that file. When you sign up for Coveralls you are explicitly allowing Coveralls to access your repositories on Github or Bitbucket, revoking this access is easy, just click the revoke button any time through your GitHub or Bitbucket application settings page. Of course doing this will stop Coveralls from having access to your private repositories.

Canceling

If you wish to remove a repository, click the delete repository button. The builds and the repository data are all removed from the Coveralls server by this action.

If you would like to delete your account click the delete account button on your account page. This action will delete your account information, delete build and source code information stored on our servers, and stop any further billing.

To remove access to your GitHub or Bitbucket account, you can remove it via your GitHub or Bitbucket application settings page.

Partners

Coveralls is hosted on Amazon Web Services and orchestrated via Cloud66. If the EC2 service becomes vulnerable, your source code may also become vulnerable to accidental disclosure. Amazon's Security Center discusses their security in great detail.

Feedback

We take security incredibly seriously. If you have any suggestions for how we could improve our security, or improve this policy, please contact us at security@coveralls.io. We will act immediately to deal with the issue.

Acceptable Use Policy

Users of the Coveralls service must abide by this policy.

  1. You must not submit any content to Coveralls that is illegal, offensive, or otherwise harmful. You must not submit any content to Coveralls in violation of law, infringing the intellectual property rights of others, violating the privacy or other rights of others, or in violation of any agreement with a third party.

  2. You must not disclose information via Coveralls that you do not have the right to disclose, such as confidential information of others.

  3. You must not copy or share any personally identifiable information of any other person through Coveralls without their specific permission.

  4. You must not violate any applicable law in using Coveralls.

  5. You must not use or attempt to use another person's Coveralls account without their specific permission.

  6. You must not send advertisements, chain letters, or other solicitations via Coveralls.

  7. You must not automate access to, use, or monitor the Coveralls website, such as with a web crawler, browser plug-in or add-on, or other computer program that is not a web browser.

  8. You must not use Coveralls to send e-mail to distribution lists, newsgroups, or group mail aliases.

  9. You must not falsely imply that you are affiliated with or endorsed by Lemur Heavy Industries LLC.

  10. You must not operate illegal schemes, such as pyramid schemes, via Coveralls.

  11. You must not remove any marking indicating proprietary ownership from any material received from Coveralls.

  12. You must not display any portion of the Coveralls website via an HTML IFRAME.

  13. You must not disable, avoid, or circumvent any security or access restrictions of Coveralls, or access parts of Coveralls not intended for access by you.

  14. You must not strain infrastructure of Coveralls with an unreasonable volume of requests, or requests designed to impose an unreasonable load on IT systems underlying Coveralls.

  15. You must not encourage or assist any other person in violation of this acceptable use policy.