Privacy Policy

Martkos IT Ltd ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect personal information in connection with the perf-lint dashboard at perflint.martkos-it.co.uk (the "Service").

Martkos IT Ltd is registered in England and Wales (company number 10082667), registered office at Apollo House, Hallam Way, Whitehills Business Park, Blackpool, FY4 5FS. We are registered with the Information Commissioner's Office (ICO) — registration reference ZB046078.

1. Information We Collect

Account registration

When you create an account we collect your email address and a hashed password. We never store your password in plain text.

Scan results

When you configure an API key, the perf-lint CLI sends scan metadata to the Service. This includes:

• Violation counts, rule IDs, severity levels, and quality scores per file.
• Framework type (JMeter, k6, or Gatling) and file path basename.
• Timestamp and API key identifier.

We never receive the contents of your performance test scripts. The CLI analyses files locally and transmits only the results.

API keys

API keys you create are stored as cryptographic hashes. The plain-text key is shown only once at creation time and is not recoverable from our systems.

Authentication tokens

We issue short-lived JWT access tokens and longer-lived refresh tokens to maintain your session. Refresh tokens are stored as hashes and can be revoked at any time.

Server logs

Our web server records standard access logs (IP address, request path, response code, timestamp) for security monitoring and error diagnosis. Logs are retained for a short period (typically 30 days) and are not used for profiling or marketing.

2. How We Use Your Information

We use the information we collect solely to:

• Authenticate you and maintain your session.
• Display your scan history, violation trends, and quality scores in the dashboard.
• Send transactional emails (e.g., email verification, password reset). We do not send marketing emails.
• Manage your subscription status via Lemon Squeezy webhook events.
• Monitor service health and investigate security incidents.
• Comply with legal obligations.

We do not use your information for profiling, automated decision-making, or advertising.

3. Legal Basis for Processing

Under UK GDPR, our processing is based on:

• Contract performance — processing your account data and scan results to deliver the Service you have signed up for.
• Legitimate interests — server log retention for security and fraud prevention; aggregated, anonymised analytics to improve the Service.
• Legal obligation — where required by law.

4. Sharing of Information

We do not sell, rent, or share your personal information with third parties except:

• Lemon Squeezy — processes subscription payments. We receive webhook confirmations (customer ID, subscription status) but do not share your scan data with them. See their Privacy Policy.
• Hosting infrastructure — the Service runs on a VPS. The hosting provider has access to encrypted server data as part of providing infrastructure services.
• Law enforcement — where required by applicable law or to protect the rights, property, or safety of Martkos IT Ltd, our users, or others.

5. Data Retention

• Account data: retained for the lifetime of your account and deleted within 30 days of account deletion.
• Scan results: retained while your account is active. You may delete individual scans or all data at any time from the dashboard.
• Refresh tokens: expire automatically; revoked tokens are purged on the next cleanup cycle.
• Server logs: retained for up to 30 days.
• Email verification / password-reset tokens: expire within 24 hours and are deleted after use.

6. Data Security

We implement reasonable technical and organisational measures to protect your data, including:

• Passwords stored using bcrypt hashing.
• API keys and refresh tokens stored as SHA-256 hashes.
• All traffic encrypted in transit via HTTPS (TLS).
• Database stored on encrypted storage.

No method of transmission over the internet is 100% secure. We will notify you and relevant authorities of any data breach as required by law.

7. Cookies

The Service uses a single strictly necessary cookie (access_token) to maintain your authenticated session. No third-party cookies, tracking pixels, or advertising technologies are used.

8. Your Rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Rectification of inaccurate data.
• Erasure ("right to be forgotten") — you may delete your account and all associated data at any time.
• Restriction of processing in certain circumstances.
• Object to processing based on legitimate interests.
• Data portability — request a machine-readable copy of your scan data.

To exercise any of these rights, contact us at support@martkos-it.co.uk. We will respond within one month.

You also have the right to lodge a complaint with the ICO at ico.org.uk.

9. Children

The Service is not directed at anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or a prominent notice on the Service, with a revised "Last updated" date. Continued use of the Service after changes take effect constitutes acceptance.

11. Contact

For questions about this Privacy Policy or to exercise your rights, contact: