← Back to Get Started

Terms of Service

GoodToShip Code + UX Audit — Last updated: April 4, 2026

By purchasing an audit from Alanna Scott Studio (“we”, “us”), you agree to the following terms.

What You're Getting

A source code review of your codebase at a point in time. We read your code, identify issues, and deliver a written report with findings, evidence, and recommendations.

We do not install, run, or test your application on a device or server. All findings are based on reading the source code directly. Issues that would only be visible at runtime (performance under real load, specific UI rendering, live network behavior) may not be captured.

What This Is Not

This audit is not a guarantee that your codebase is free of bugs, security vulnerabilities, or other issues. It is a best-effort review by an experienced engineer using professional tools and judgment. No audit, regardless of depth, can catch everything.

We are not responsible for bugs, security vulnerabilities, data loss, downtime, or any other issues not identified in the report. We are also not responsible for issues that arise from changes made to the codebase after the audit date.

How We Work

This audit uses AI-assisted analysis (Anthropic Claude) as part of the review process. Every finding in the report is verified by reading the actual source code. AI assists with analysis and pattern detection, but a human engineer reviews the output and makes all final determinations about what goes in the report.

Data Handling

How we receive your code. You provide access via GitHub repository invite, GitLab repository invite, or a link to a zip file (Google Drive, Dropbox, or similar). We do not accept code through any other channel.

Storage during the audit. Your code lives on a single local machine. It is never uploaded to cloud storage, synced to cloud drives, or copied to shared machines.

Who touches your code. GoodToShip is a one-person practice. Only that person has access to your source code. No subcontractors, no team members, no exceptions.

Device security. The machine used for audits has automatic screen lock enabled and is not shared with anyone else.

Retention. We keep your code for 90 days after report delivery to handle follow-up questions. After 90 days, the repository clone is permanently deleted and the trash is emptied. We take reasonable steps to ensure no copies remain in backups or cloud sync.

Destruction process. At the end of the 90-day retention window: the local repository clone is deleted, the trash is emptied, and we confirm no copies remain in backups, cloud sync, or any other location. If you provided access via repository invite, we remove ourselves from the repository at that time as well.

AI and Third-Party Processing

Your source code is processed through Anthropic's API during the review. This is the only third-party service that touches your code. No other service receives, caches, stores, or trains on your code.

Anthropic does not use API inputs for model training. They retain API inputs for a limited period per their current policy, after which they are deleted. Full details: Anthropic Privacy Policy

To be explicit: your code is never sent to OpenAI, Google, or any other AI provider. It is never uploaded to any code analysis platform, cloud IDE, or SaaS tool. The only path your code takes outside the local machine is to Anthropic's API for analysis, and Anthropic does not retain it beyond their safety window.

Confidentiality

All source code, architecture details, findings, and business information reviewed during this audit are treated as confidential. We will not:

  • Share your code or report with any third party
  • Publish or publicly reference your project without your written permission
  • Use your code for any purpose other than delivering this audit

This confidentiality applies to all materials provided to us, including repository access, documentation, and any communications during the engagement.

Your Responsibilities

  • Provide accurate repository access (GitHub, GitLab, or zip file) before the audit begins
  • Ensure you have the right to share the codebase with us (you own it, or you have permission from the owner)
  • Revoke repository access after the audit is complete, if desired

Refund Policy

If we are unable to complete the audit (for example, the repository is inaccessible or the codebase is not in a reviewable state), we will issue a full refund. Once the report has been delivered, no refunds will be issued.

Changes to These Terms

We may update these terms from time to time. The version in effect at the time of your purchase applies to your audit.