Legal

Privacy Policy

Effective May 5, 2026

This Privacy Policy explains what personal data Bathyk (a product of dock30) collects when you use bathyk.com (“the Site”) or submit a project for review, why we collect it, how we use it, and the rights you have. We aim to collect as little personal data as we can, and to be specific about what we do with it.

1. Who is the controller

Bathyk, operated by dock30, is the data controller for personal data processed via the Site. Contact us at crew@dock30.com for any privacy question or to exercise your rights.

2. What we collect

a. Information you give us via the audit form

  • Your name and work email address.
  • The service you select (e.g. smart contract, web app, etc.).
  • A repository URL and/or a zipped archive of your codebase that you choose to upload.
  • Anything else you write in free-text fields when contacting us.

b. Information collected automatically

  • Standard server logs (IP address, user agent, request timestamp, referring page) kept for security and abuse prevention.
  • Anonymous product analytics from Microsoft Clarity (page views, clicks, scroll depth, session replay) — only loaded after you accept analytics in our cookie banner. See our Cookie Policy for the specific cookies set.
  • Anti-abuse signals from Cloudflare Turnstile, used to protect the audit form from automated submissions. Cloudflare assesses the request and returns a pass/fail — no behavioural biometric profile is built or shared back to us.

c. Code you submit

Source code uploaded via the form is not, by itself, personal data, but may incidentally contain it. We treat all submitted code as confidential, store it in a private S3-compatible bucket on Railway, restrict access to one or two senior engineers actively working on your audit, and delete it within 30 days of audit delivery.

3. Why we use it

  • To deliver the audit you requested and follow up by email (legitimate interest / performance of contract).
  • To send you the findings report and, if you opt in, occasional updates about your audit (legitimate interest / consent).
  • To run, secure, and improve the Site and protect it from abuse (legitimate interest).
  • To meet our legal obligations, including responding to lawful requests from authorities.

4. Who we share it with

We do not sell your data and we do not use it for advertising. We share data only with the following processors, strictly to operate the service:

  • Railway — hosts our application and S3 bucket where uploaded code is stored.
  • Microsoft Clarity — collects anonymous product analytics. Only after you opt in.
  • Cloudflare Turnstile — abuse protection on the audit form.
  • Our email and authentication providers, used to deliver findings and to log into the admin panel.

We may also disclose information when required by law or to protect our rights.

5. International transfers

Some processors above are located outside your country. Where data leaves the EU/EEA, we rely on Standard Contractual Clauses or equivalent safeguards published by the relevant providers.

6. How long we keep it

  • Submitted code and zipped archives: up to 30 days after the audit is delivered, then deleted.
  • Submission metadata (name, email, project name, audit outcome): kept for as long as needed to honour the engagement and for our statutory record-keeping.
  • Server and security logs: short-lived rolling retention (typically 30–90 days).
  • Analytics events: as configured by Microsoft Clarity.

7. Your rights

Depending on where you live, you may have the right to access, rectify, erase, restrict, or port your personal data, and to object to processing. To exercise any of these, email crew@dock30.com. You can also lodge a complaint with your local data protection authority.

8. Security

We use TLS in transit, encrypted storage at rest, restricted bucket access, and access controls in our admin panel. No system is perfectly secure; if you believe your data has been compromised, please tell us immediately.

9. Children

The Site is not intended for use by children under 16, and we do not knowingly collect personal data from them.

10. Changes to this Policy

We may update this Policy. The current version is always at this URL with an updated effective date. Material changes will be highlighted on the Site.

11. Contact

Questions about your data or this Policy? Email crew@dock30.com. See also our Terms & Conditions and Cookie Policy.

Privacy Policy — Bathyk | Bathyk