Will this affect how my platform works?

No, our security audit is non-invasive and does not affect your platform's functionality.

Will this affect my database(s) and existing data?

No, we only review your codebase and do not access or modify your databases or data.

Do I have to do the job?

No, you can choose to implement the recommendations yourself or hire us to do it for you.

Will you use AI or will it be real experienced professionals doing the job?

Real person with 15+ years of experience in web and internet security conducts the audit.

Can you copy my code or logic?

No, all code reviews are conducted under NDA with strict intellectual property protection protocols.

Security & Confidentiality Statement

Version 1.0.0 · Effective date: 10 March 2026 · AuditCode

1. Our Commitment

At AuditCode, we understand that your source code and technical infrastructure represent your most valuable intellectual property. We are committed to maintaining the highest standards of security and confidentiality in handling all client information. This statement explains exactly how we protect what you share with us.

2. Confidentiality Principles

All client information is treated as strictly confidential, including:

Source code and technical documentation
Business logic and proprietary algorithms
Infrastructure configurations and credentials
Security vulnerabilities discovered during the audit
Project scope and the existence of the business relationship
Financial information and pricing
Any other information marked confidential or reasonably understood to be confidential

3. Non-Disclosure Agreement (NDA)

3.1 Standard NDA

All engagements include a mutual NDA as standard. This legally binding agreement ensures:

No disclosure of confidential information to third parties
Use of information solely for audit purposes
Return or secure destruction of materials after project completion
Confidentiality obligations extending beyond engagement termination

3.2 Custom NDAs

We are happy to sign your organisation's NDA template if preferred. We review and typically accept reasonable confidentiality terms. Contact us at contact@auditcode.co.uk to discuss.

4. Technical Security Measures

4.1 Secure Code Access

Read-only access: We request only the minimum permissions necessary to perform the audit
Dedicated repositories: Isolated access per project — we do not combine client codebases
Temporary access: Repository access is revoked immediately upon project close
No local persistence: Code is not stored on personal devices; we work in secure, access-controlled environments

4.2 Credential Handling

Credentials shared for audit access are stored only in secure, encrypted credential vaults
Credentials are used exclusively for the agreed audit scope
We recommend rotating credentials after the engagement concludes
We will notify you immediately if credentials are suspected to have been compromised

4.3 Data Transmission

All data is transmitted over encrypted channels (TLS/HTTPS or SSH)
Audit reports and deliverables are shared via encrypted, access-controlled methods
We do not send sensitive findings over unencrypted email without explicit agreement

4.4 Data Retention and Deletion

Source code and technical materials are deleted within 30 days of project close
Audit reports are retained for 7 years for legal and professional compliance
Credentials are deleted immediately upon project close
You may request early deletion of any materials at any time

5. Personnel and Access Controls

Only the specific team members assigned to your project have access to your code and materials
All personnel involved in audit work are bound by confidentiality agreements
We do not use subcontractors without your prior written consent
Access is immediately revoked for any personnel no longer working on the project

6. Vulnerability Disclosure

Vulnerabilities discovered during an audit are disclosed only to you. We do not publicly disclose vulnerability details, share them with third parties, or use them for any purpose other than delivering your audit report. We follow responsible disclosure principles: findings are communicated directly to you in the private audit report before any other action.

We will never exploit, publicise, or weaponise vulnerabilities we discover in client systems. If we inadvertently discover a vulnerability that presents an immediate, serious risk, we will notify you immediately via secure communication.

7. References and Testimonials

We will never disclose that you are a client, reference your organisation publicly, or use your name or brand in any marketing material without your explicit written consent. Even with consent, we will never reveal the content of audit findings.

8. Security Incident Response

In the unlikely event of a security incident affecting your data or materials in our custody, we will:

Notify you within 24 hours of becoming aware of the incident
Provide a full account of what happened, what data was affected, and what steps we have taken
Cooperate fully with any investigation or regulatory notification requirement

9. Contact

Email: contact@auditcode.co.uk