Will this affect how my platform works?

No, our security audit is non-invasive and does not affect your platform's functionality.

Will this affect my database(s) and existing data?

No, we only review your codebase and do not access or modify your databases or data.

Do I have to do the job?

No, you can choose to implement the recommendations yourself or hire us to do it for you.

Will you use AI or will it be real experienced professionals doing the job?

Real person with 15+ years of experience in web and internet security conducts the audit.

Can you copy my code or logic?

No, all code reviews are conducted under NDA with strict intellectual property protection protocols.

Privacy Policy

Version 1.0.0 · Effective date: 10 March 2026 · AuditCode

MARVIN LUMIC LIMITED (“we”, “us”, “our”) is the data controller for personal data collected through https://auditcode.co.uk. We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights in relation to it.

1. Who We Are

For the purposes of UK GDPR, MARVIN LUMIC LIMITED is the Data Controller. If you have any questions about how we use your personal data, please contact us at contact@auditcode.co.uk.

2. Personal Data We Collect

2.1 Contact & Enquiry Information

Name and email address (provided when you contact us or request an audit)
Company name and job title (provided voluntarily)
Phone number (if provided)
Message content and project description submitted via contact forms

2.2 Project & Technical Data

Source code and technical documentation shared for audit purposes
Repository access credentials (used temporarily for the engagement; never stored beyond project close)
System architecture, infrastructure diagrams, and related materials
Audit scope documents and correspondence related to the engagement

2.3 Technical Data

IP address (for security and spam prevention)
Browser type and device information (via user-agent string)
Pages visited and time spent on pages
Referring website addresses

3. How We Use Your Personal Data

We process your personal data for the following purposes and under the following lawful bases:

Purpose	Lawful Basis
Respond to enquiries and quote requests	Legitimate interests / Pre-contract steps
Deliver security audit and code review services	Contract performance
Process payments and issue invoices	Contract performance / Legal obligation
Maintain financial and project records	Legal obligation
Secure the website and prevent fraud	Legitimate interests
Improve our services (anonymised analytics)	Legitimate interests
Comply with legal and regulatory obligations	Legal obligation

4. Source Code and Client Data

Source code, credentials, and technical materials shared with us for audit purposes are processed solely to deliver the agreed audit. We treat all such materials as strictly confidential. See our Security & Confidentiality Statement for full details.

We do not retain source code or credentials beyond the period necessary to complete the engagement. Code materials are securely deleted or returned within 30 days of project close unless otherwise agreed in writing.

5. Data Sharing and Third Parties

We share your personal data only where necessary and only with:

Cloud infrastructure providers: We use reputable cloud providers for email, file storage, and website hosting. All providers are contractually bound to process data only on our instructions.
Analytics providers: We use Vercel Analytics (privacy-first, no cookies, no fingerprinting, aggregated only) and optionally Google Analytics 4 (IP anonymisation enabled) to understand website usage.
Legal authorities: We may disclose data if required by law, court order, or regulatory authority.

We do not sell your personal data or share it with advertisers.

6. International Transfers

Some of our service providers may be based outside the UK. Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place (such as standard contractual clauses approved by the UK ICO or adequacy decisions).

7. Data Retention

Contact & enquiry data: 3 years from last contact, or until you request deletion.
Project & engagement records: 7 years from project close (UK tax law).
Audit reports and deliverables: 7 years from delivery.
Source code and technical materials: Deleted within 30 days of project close.
Log and security data: 90 days.
Analytics data: As per provider settings (aggregated only).

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of access: Request a copy of your personal data.
Right to rectification: Request correction of inaccurate data.
Right to erasure: Request deletion of your personal data, subject to legal obligations.
Right to restriction: Request we limit how we use your data.
Right to data portability: Receive your data in a structured, machine-readable format.
Right to object: Object to processing based on legitimate interests.

To exercise any of these rights, contact us at contact@auditcode.co.uk. We will respond within one calendar month.

You have the right to lodge a complaint with the Information Commissioner's Office (ICO): www.ico.org.uk or 0303 123 1113.

9. Cookies and Tracking

For detailed information, please see our Cookie Policy.

10. Security

Encryption of data in transit (TLS/HTTPS)
Secure storage with access controls and audit logging
Confidentiality agreements with all personnel
Secure, isolated repositories for client code access
Regular internal security reviews

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted here with a revised effective date. For material changes we will notify you directly where we hold contact details for you.

12. Contact

Email: contact@auditcode.co.uk