1. Introduction

This Privacy Notice describes how we, Codesi, manage your personal data when you (referred to as “Business Client”) use our services through Codesi, including the https://codesi.ai/ website (referred to as "Website"). Whenever you access the Codesi, we provide various resources, features, functionalities, and services (collectively referred to as the "Services"). For clarity, the term Website encompasses https://codesi.ai/ as well as any other sites we own, operate, or portions of those sites operating under the Codesi brand. The company responsible for managing your personal data is Codesi, as defined in Terms of Service available at: https://codesi.ai/terms/.

2. Terminology used in this Privacy Notice

Data protection laws and regulations vary across different jurisdictions, leading to differences in terminology. To ensure clarity and consistency, this Privacy Notice adopts the definitions provided by the General Data Protection Regulation (GDPR), unless a term is specifically defined otherwise in this document. For the purposes of this Privacy Notice:

• Controller: Refers to the entity that determines the purposes and means of processing personal data. In this context, Codesi acts as a data controller for the personal data of its Business Clients.

• Processor: Refers to the entity that processes personal data on behalf of the controller. Please note that Codesi in certain scenarios may acts as a data processor for the personal data of the customers of its Business Clients, and such processing activities are outside the scope of this Privacy Notice.

• Personal Data: Refers to any information relating to an identified or identifiable natural person, as defined under the GDPR. This includes, but is not limited to, names, contact details, payment information, and any other data that can be used to identify an individual. NB! Company data is excluded from the scope of definition of Personal Data.

This Privacy Notice uses these terms in accordance with the GDPR’s definitions to simplify and standardize the information provided. If any term is defined differently in this document, that specific definition will take precedence in the context where it is used. It does not imply or indicate consent to the application of the GDPR or a choice of forum for any disputes.

3. Scope of the Privacy Notice

This Privacy Notice applies to the personal data processed by Codesi in its role as a data controller. Codesi acts as the data controller for the personal data relating to its Business Clients (or their representatives), including any individuals who create accounts for Service, access free or paid functionalities, or interact with Codesi’s landing pages and account pages. This includes personal information collected during account creation, authentication (via OAuth or credentials), and payment processing.

This Privacy Notice covers:

• The types of personal data collected by Codesi from its Business Clients

• The purposes for which Codesi collects, uses, and shares this personal data.

• The rights of individuals whose data is processed by Codesi.

• Codesi’s practices regarding data security, retention, and compliance with legal obligations.

Please note that this Privacy Notice does not apply to the data processing activities regarding Business Client’s end customers/visitors. Business Clients are responsible for providing their own privacy notices to their customers and ensuring compliance with applicable data protection laws. Codesi acts as a data processor for such excluded processing.

4. Data Collection

Codesi collects various types of personal data from its Business Clients to provide and improve its Services. The data collected can be categorized into the following groups:

4.1 Information You Provide to Us

Account Information

When you create an account with Codesi, we collect information necessary to identify you and provide access to our Services. This includes your name, email address, username, password, and any other details you may provide during the registration process. You may choose to provide additional information as part of your profile, such as a profile picture, company name, and other details that help personalize your experience. Following registration, your actions and choices within the Service will also be collected and stored.

Payment Information

If you choose to use paid functionalities, we collect payment information such as your billing address and credit card / payment method details. This information is used solely for processing payments and is handled in compliance with applicable security standards.

Communication Data

When you contact Codesi for support or other inquiries, we collect the content of your communications and any other information you provide during these interactions.

4.2 Information We Collect Automatically

Device and Log Information

We automatically collect information about the device you use to access our Services, including IP address, browser type, operating system, and device identifiers. We also collect data about your interactions with our Services, such as access times, pages viewed, and referring URLs.

Usage Data

As you interact with our platform, we collect data about your usage patterns. This includes features you use, content you view or create, and other actions you take within our platform.

Cookies and Tracking Technologies

Codesi uses cookies and similar technologies to collect data about your browsing behavior on our landing pages and account pages. This data helps us understand how our Services are used and improve user experience. For more information on how we use cookies, please refer to the section of this Notice titled “Cookies and Tracking Technologies”.

4.3 Information Collected from Third Parties

OAuth Authentication

If you choose to log in using a third-party service like Google or Facebook, we receive certain information from those Services, such as your username, email address, and authentication token. This information is used to simplify the login process and link your third-party account to your Codesi account.

5. Purpose of Data Processing

We process personal data based on various legal grounds as outlined under applicable data protection laws. The specific legal bases for processing depend on the context and the nature of the data being processed. Below are the primary legal bases we rely on:

1. Consent: We may process personal data based on your explicit consent. This includes situations where you have provided clear, informed consent for specific processing activities, such as subscribing to newsletters or receiving marketing communications. You have the right to withdraw your consent at any time, and we will cease processing your data for those purposes upon withdrawal.

2. Contractual Necessity: Processing is necessary for the performance of a contract to which you are a party. For example, when you enter into an agreement with us for providing our services, we process your data to fulfill our contractual obligations, such as managing your account, processing payments, and delivering services.

3. Legal Obligation: We may process personal data to comply with legal obligations to which we are subject. This includes fulfilling requirements under applicable laws and regulations, such as maintaining financial records, reporting obligations, or responding to lawful requests from regulatory authorities.

4. Legitimate Interests: We process personal data based on our legitimate interests, provided these interests are not overridden by your rights and interests. This may include activities such as improving our services, conducting market research, and ensuring the security and integrity of our systems. We carefully assess and balance our interests with the impact on your privacy.

Codesi processes the personal data of its Business Clients for a variety of purposes, all of which are intended to ensure the effective delivery and enhancement of our services. The key purposes for which we process your data are outlined below:

5.1 Service Provision and Account Management

Account Creation and Maintenance

We process your personal data to create and manage your account, authenticate your identity, and provide access to the platform’s functionalities, whether free or paid. This includes managing your login credentials, processing password resets, and facilitating secure account access.

Service Delivery

Your data is used to provide the services you have requested, including managing your website creation process, enabling platform features, and ensuring the smooth operation of the platform. This also includes processing your transactions and managing any orders or subscriptions.

5.2 Payment Processing

Billing and Payments

We process your payment information to handle billing and payments for any paid services you choose to use. This ensures that we can charge you correctly, manage invoices, and process refunds where applicable. All payment data is handled securely in compliance with industry standards.

5.3 Communication

Customer Support

We use your data to communicate with you about your account, respond to your inquiries, and provide customer support. This may include sending you notifications, updates, and other service-related communications.

Service Updates and Notifications

We process your contact details to keep you informed about important updates to our services, changes to our terms, or any relevant security alerts.

5.4 Service Improvement and Development

Analytics and Performance

Monitoring We analyze usage data, device information, and other interactions with our platform to understand how our services are being used. This helps us to improve the functionality, performance, and user experience of our platform.

Product Development

We use the insights gained from analytics to develop new features, enhance existing functionalities, and drive innovation within our platform. This ensures that we continue to meet the evolving needs of our Business Clients.

5.5 Security

Platform Security

We process personal data to ensure the security of our platform, including monitoring for suspicious activity, preventing unauthorized access, and protecting against fraud, malware, and other security threats.

5.6 Marketing and Promotions

Promotional Communications

Subject to regional requirements, we may use your contact information to send you marketing communications about our services, special offers, and events that may be of interest to you. You can opt-out of receiving these communications at any time.

By providing your email address and/or other contact details to Codesi, you express free and unconditional consent to processing of your data for direct marketing purposes, including email marketing.

Personalized Marketing

We may analyze your usage data and preferences to provide personalized marketing content that is relevant to your interests. This includes displaying targeted ads and offers on our platform.

5.7 Protection of the Our Interests

We process personal data to protect our legitimate interests, ensuring the proper functioning and security of our services. This includes:

Fraud Prevention and Security Measures

We collect and analyze data to prevent fraudulent activities, unauthorized access, and ensure the security of our platforms. This is necessary to protect our business operations, safeguard user data, and maintain the integrity of our services.

Legal Compliance and Defense of Rights

We may process personal data to comply with legal obligations, respond to legal claims, or defend our rights in court. This ensures that we can protect our interests and those of our stakeholders, including customers, partners, and employees.

Business Continuity and Risk Management

We process data as part of our risk management procedures, including disaster recovery and business continuity planning. This is essential to protect our operations and minimize disruption to our services.

The legal basis for this processing is our legitimate interest in protecting our business, complying with legal obligations, and ensuring the security and continuity of our services. We carefully assess and balance our interests against your rights and freedoms to ensure your privacy is respected.

5.8 Automated Decision-Making

By using our services, you acknowledge and consent to the use of automated decision-making processes that may be employed to enhance your experience and tailor our offerings. This includes, but is not limited to, the use of algorithms and machine learning to analyze your interactions and preferences, which may influence aspects such as personalized content, recommendations, and service functionality. We implement these processes to provide a more relevant and efficient experience, but you have the right to request manual intervention or challenge decisions made solely based on automated processes. For more information or to exercise your rights, please contact our customer support team.

6. Data Sharing and Disclosure

Codesi values your privacy and is committed to protecting your personal data. We only share your data in specific circumstances and with trusted third parties to fulfill the purposes outlined in this Privacy Notice. The key scenarios in which we may share your data are described below:

6.1 Service Providers

Third-Party Service Providers

We may share your personal data with third-party service providers who assist us in delivering our services. These providers may include payment processors, cloud storage providers, customer support platforms, and other vendors who help us operate our platform. These service providers are contractually obligated to process your data only on our behalf and in accordance with our instructions, and they must implement appropriate security measures to protect your data.

Payment Providers

To process payments for orders made through our website, we work with third-party payment providers. These providers may include, but are not limited to, credit card processors, digital wallet services, and other financial institutions. When you make a payment, your personal data, including payment information, name, and contact details, will be securely transferred to the relevant payment provider for processing.

6.2 Legal and Regulatory Requirements

Compliance with Laws

We may disclose your personal data if required to do so by law, regulation, or legal process. This includes responding to lawful requests from public authorities, such as law enforcement agencies, regulatory bodies, or government entities, to meet national security or law enforcement requirements.

Protection of Rights and Interests

We may share your data if we believe it is necessary to protect our rights, property, or safety, or that of our Business Clients, users, or others. This includes enforcing our terms of service, investigating potential violations, and preventing fraud or other illegal activities.

6.3 Analytics and Advertising Partners

Google Analytics

We use Google Analytics to analyze how users interact with our platform and to improve our services. Google Analytics may collect data such as your IP address, browser type, and browsing activity on our site. This data is anonymized where possible and is used solely for statistical and analytical purposes. You can learn more about how Google Analytics processes your data and how to opt out in the section of this Notice titled “Cookies and Tracking Technologies”.

Marketing Partners

With your consent, we may share anonymized or aggregated data with marketing partners to help us deliver targeted advertisements and promotions. These partners do not receive personal data that directly identifies you, and we take steps to ensure that they handle the data in a manner consistent with this Privacy Notice.

6.4 Google reCAPTCHA

To protect our website and services from abuse, unauthorized access, and automated threats, we use Google reCAPTCHA, a service provided by Google LLC. When you interact with certain features of our website, Google reCAPTCHA may collect and process data such as your IP address, browser information, and user behavior patterns. This data is transferred to Google and used for security purposes, ensuring that our services are accessed by legitimate users only. For more information on how Google handles your data, please refer to Google’s Privacy Policy.

6.5 International Data Transfers

Codesi operates globally, and your personal data may be transferred to, and processed in, countries other than the one in which you reside. When we transfer data across borders, we ensure that appropriate safeguards are in place to protect your data, such as the use of legally recognized mechanisms.

By continuing to use the Service, you provide your consent to international data transfers.

7. Data Security

At Codesi, ensuring the security and privacy of our users' data is of paramount importance. We adhere to industry-leading practices and standards to protect both the personal data of our Business Clients and the customer data they process through our platform.

7.1 Data Protection Measures

Encryption

All data transmitted between our users and our platform is protected through advanced encryption protocols (TLS/SSL).

Access Controls

Access to data is restricted based on user roles and permissions. Business clients and their authorized personnel have access only to the data relevant to their accounts. Internal access is granted on a need-to-know basis, and all access is logged and monitored.

Authentication

We use robust authentication methods, including OAuth and multi-factor authentication (MFA), to secure user accounts and prevent unauthorized access. All login attempts and account changes are tracked and reviewed for unusual activity.

Data Backup and Recovery

Regular backups of all critical data are performed to safeguard against data loss. Our disaster recovery plan ensures that data can be restored quickly in the event of an incident.

7.2 Continuous Improvement

We are committed to continually enhancing our data security practices. We regularly review and update our security policies, invest in new technologies, and train our staff to stay ahead of emerging threats and vulnerabilities.

By prioritizing data security, Codesi ensures that our Business Clients and their customers can trust us to protect their sensitive information and provide a secure, reliable service.

8. Data Retention

At Codesi, we are committed to managing and retaining data responsibly and in compliance with applicable regulations. Our data retention practices are designed to ensure that data is kept only for as long as necessary to fulfill its intended purpose and to comply with legal and regulatory requirements.

8.1 Retention of Business Client Data

Account Data

Data associated with Business Client accounts, including account details and activity logs, is retained for as long as the account remains active. Such data may be anonymized, pseudonymized at any time instead of being deleted.

Payment Information

Payment details are retained only for as long as required to process transactions and fulfill billing obligations.

Service Usage Data

Data related to the usage of our platform’s services is retained for the duration of necessity and usefulness of such data. This data helps us improve our services and is anonymized where possible to minimize any potential privacy impact.

8.2 Legal and Regulatory Compliance

Legal Obligations

We retain data as required by law, including for tax, accounting, and legal purposes. Data retention periods may be extended in cases where we are subject to legal proceedings or investigations.

Regulatory Requirements

In compliance with data protection regulations, we ensure that our data retention practices align with legal requirements and industry standards. We periodically review and update our retention policies to reflect changes in laws and regulations.

9. User Rights

At Codesi, we recognize the importance of protecting user rights and providing transparency regarding the handling of personal data. The specific rights available to users may vary depending on their jurisdiction and applicable data protection laws. We are committed to honoring these rights in accordance with relevant regulations.

9.1 GDPR Rights

You enjoy certain rights under GDPR (to the extent it applies to our relationship):

• Right to Access. You have the right to request access to your personal data that we hold. This includes the right to obtain confirmation as to whether or not personal data concerning you is being processed, as well as access to the data and related information, such as the purposes of processing and the categories of personal data involved.

• Right to Rectification. You may request correction or completion of any inaccurate or incomplete personal data we hold about you. If you believe any of your information is incorrect, you can contact us to have it updated.

• Right to Erasure (Right to be Forgotten). In certain circumstances, you have the right to request the deletion of your personal data, such as when the data is no longer necessary for the purposes it was collected, or if you withdraw consent. Codesi will comply with such requests to the extent required by law.

• Right to Restrict Processing. You have the right to request the restriction of processing of your personal data under specific conditions, such as when you contest the accuracy of the data or object to its processing. While your data is restricted, Codesi will continue to store it but will limit its use as requested.

• Right to Data Portability. You may request a copy of your personal data in a structured, commonly used, and machine-readable format, and have the right to transmit this data to another service provider, where technically feasible. This right applies to data processed by automated means based on your consent or the performance of a contract.

• Right to Object. You have the right to object to the processing of your personal data in certain situations, including where your data is processed for direct marketing purposes. Codesi will comply with such objections unless there are compelling legitimate grounds for the processing or where it is required for legal reasons.

• Right to Withdraw Consent. If our processing of your personal data is based on your consent, you have the right to withdraw this consent at any time. Withdrawal of consent will not affect the legality of processing based on consent before its withdrawal.

• Right to Lodge a Complaint. If you believe that Codesi has infringed your data protection rights, you have the right to lodge a complaint with a supervisory authority in your jurisdiction or country of residence.

9.2 Jurisdiction-Specific Rights

The rights available to users may vary based on the jurisdiction in which they reside. For example, individuals in the European Union have additional rights under the General Data Protection Regulation (GDPR), while individuals in California have specific rights under the California Consumer Privacy Act (CCPA).

9.3 How to Exercise Rights

To exercise any of the rights described above or if users have any questions regarding their personal data, they should contact Codesi via our customer support channels via [email protected]. We are committed to addressing and resolving all requests in a timely manner, in accordance with applicable legal requirements.

9.4 Verification and Processing of Requests

When we receive a request to exercise user rights, we may need to verify the identity of the requester to ensure that the request is legitimate. We will process such requests within the timeframes specified by applicable laws and regulations.

9.5 Limitations and Exceptions

Certain rights may be subject to limitations or exceptions based on applicable laws. For example, we may not be able to fulfill a request if it would impact the rights of others or if there are legal obligations that require us to retain the data.

10. Cookies and Tracking Technologies

We use cookies and other tracking technologies to enhance user experience, analyze website performance, and improve our services. This section provides information on the types of cookies and tracking technologies we use, their purposes, and how users can manage their preferences.

10.1 Types of Cookies and Tracking Technologies

Essential Cookies

These cookies are necessary for the proper functioning of our website and services. They enable core functionalities such as account login, session management, and security. Essential cookies cannot be disabled.

Performance Cookies

These cookies collect information about how users interact with our website, including which pages are visited most frequently and any error messages encountered. This data helps us improve the performance and usability of our website.

Targeting and Advertising Cookies

These cookies track users' browsing habits and interests to deliver more relevant advertising. They may also be used to limit the number of times an ad is shown and to measure the effectiveness of advertising campaigns.

10.2 Managing Cookies and Tracking Technologies

By continuing to use our service, you express consent to use of cookies. In case you wish to opt-out of Google Analytics processing, please use the relevant browser extension (link).

10.3 Third-Party Cookies

Our website may include cookies from third-party services, such as analytics providers and advertising networks. These third parties have their own privacy policies and cookie practices. We encourage users to review these policies to understand how their data is handled.

11. Changes to the Privacy Notice

11.1 Policy on Updates

Codesi may update this Privacy Notice from time to time to reflect changes in our practices, legal requirements, or technological advancements. We are committed to ensuring that our Privacy Notice remains accurate and up-to-date. Any significant changes that affect how we handle your personal data will be communicated clearly and promptly.

11.2 Notification of Changes

When we make material changes to this Privacy Notice, we will notify users through appropriate channels. This may include posting a notice on our website, sending an email to registered users. It is important to review the Privacy Notice periodically to stay informed about how we protect your data.

11.3 Effective Date

All updates to this Privacy Notice will become effective as of the date they are published. Continued use of our services following any changes to the Privacy Notice constitutes acceptance of the revised terms.