Secure Data Deletion
How CodeDD permanently deletes your source code after audits
Secure Data Deletion
CodeDD's commitment: zero source-code retention. When an audit completes (or fails), source files in the processing cache are securely wiped. Only findings, scores, and metadata persist.
Deletion triggers
| Trigger | Behavior |
|---|---|
| Successful audit completion | Results saved → source cache wiped → environment destroyed |
| Audit failure / cancellation | Immediate cleanup |
| Timeout / error | Emergency cleanup; periodic job catches orphaned caches |
Typical cleanup completes within a minute after analysis finishes.
Deletion process
- Results persisted — findings, scores, recommendations, file paths, and LOC counts written to the database. No source code stored.
- Secure file wipe — each file overwritten with three passes (zeros, 0xFF, random bytes) before removal.
- Directory removal — audit cache directory deleted; processing environment destroyed.
- Audit trail — deletion logged with timestamp and scope. No source content in logs.
What is deleted
- All source code in the audit cache
- Encrypted file blobs and temporary processing artifacts
- Ephemeral processing environment
What is retained
- Audit findings (flags, vulnerabilities, recommendations)
- Scores and KPIs
- File paths and LOC metadata (not content)
- Git statistics summaries
- Deletion audit log entries
Encryption keys
Installation encryption keys are long-lived secrets with rotation support — they are not destroyed per audit. Deletion works by overwriting and removing file blobs, not by key destruction.
User-initiated deletion
Delete audits and organizations from the dashboard. Entity deletion removes associated findings and metadata per the Privacy Policy and DPA.

