PRIVACY POLICY

1. Introduction

Codessome ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website codessome.com (the "Service") or engage our software development services.

This policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws. By using our Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

• Name and contact information (email, phone, address)
• Company information and job title
• Project requirements and technical specifications
• Payment and billing information
• Communication preferences and history
• Professional background and technical expertise

2.2 Technical Information

We automatically collect certain technical information:

• IP address and geolocation data
• Browser type, version, and operating system
• Device information and screen resolution
• Website usage patterns and analytics
• Cookies and similar tracking technologies
• Referral sources and search terms

2.3 Project-Related Information

During our engagement, we may collect:

• Source code and technical documentation
• Business requirements and specifications
• User data necessary for development and testing
• Performance metrics and system logs
• Feedback and communication records

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Service Delivery

• Provide software development and consulting services
• Communicate about projects and deliverables
• Process payments and manage billing
• Provide technical support and maintenance
• Deliver training and documentation

3.2 Business Operations

• Improve our services and develop new offerings
• Conduct market research and analytics
• Send marketing communications (with consent)
• Comply with legal and regulatory requirements
• Protect against fraud and security threats

3.3 Legal Basis (GDPR)

We process personal data based on:

• Contract performance: To fulfill our service agreements
• Legitimate interests: For business operations and improvements
• Consent: For marketing communications and optional features
• Legal compliance: To meet regulatory requirements

4. Information Sharing and Disclosure

4.1 Third-Party Service Providers

We may share information with trusted third parties who assist in our operations:

• Cloud hosting providers (AWS, Azure, Google Cloud)
• Payment processors (Stripe, PayPal)
• Communication tools (email, video conferencing)
• Analytics and monitoring services
• Legal and accounting professionals

4.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction. We will notify you of any such change.

4.3 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes or government requests
• Protect our rights, property, or safety
• Investigate fraud or security incidents
• Enforce our terms of service

4.4 No Sale of Personal Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5. Data Security

We implement comprehensive security measures to protect your information:

5.1 Technical Safeguards

• End-to-end encryption for data transmission
• AES-256 encryption for data at rest
• Multi-factor authentication for system access
• Regular security audits and penetration testing
• Secure development practices and code reviews

5.2 Administrative Safeguards

• Role-based access controls and principle of least privilege
• Employee background checks and security training
• Incident response and breach notification procedures
• Regular backup and disaster recovery testing
• Vendor security assessments and agreements

5.3 Physical Safeguards

• Secure data centers with 24/7 monitoring
• Restricted access to facilities and equipment
• Environmental controls and redundant systems
• Secure disposal of hardware and media

6. Data Retention

We retain personal information for different periods based on the purpose:

• Client data: For the duration of our relationship plus 7 years for legal compliance
• Project files: As specified in our service agreements, typically 3-5 years
• Marketing data: Until you opt out or 3 years of inactivity
• Website analytics: 26 months from collection
• Financial records: 7 years as required by law
• Legal documents: As required by applicable statutes of limitations

We regularly review and delete information that is no longer necessary for our business purposes or legal obligations.

7. Your Rights and Choices

7.1 GDPR Rights (EU Residents)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete information
• Erasure: Request deletion of your personal data
• Portability: Receive your data in a structured format
• Restriction: Limit how we process your information
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Revoke consent for specific processing activities

7.2 CCPA Rights (California Residents)

• Know: What personal information we collect and how it's used
• Delete: Request deletion of your personal information
• Opt-out: Opt out of the sale of personal information (we don't sell data)
• Non-discrimination: Equal service regardless of privacy choices

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

• Essential cookies: Required for website functionality
• Analytics cookies: Help us understand website usage
• Preference cookies: Remember your settings and choices
• Marketing cookies: Deliver relevant advertisements (with consent)

8.2 Managing Cookies

You can control cookies through your browser settings or our cookie preference center. Note that disabling certain cookies may affect website functionality.

8.3 Third-Party Analytics

We use analytics services including:

• Google Analytics (with IP anonymization)
• Hotjar for user experience analysis
• Mixpanel for product analytics

9. International Data Transfers

We may transfer your information to countries outside your residence, including the United States. We ensure adequate protection through:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with equivalent protection
• Certification schemes and codes of conduct
• Binding corporate rules for intra-group transfers

10. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will:

• Post the updated policy on our website
• Update the "Last updated" date
• Notify you of material changes via email or website notice
• Obtain consent for changes that expand our use of your information

12. Contact Information

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

13. Definitions

• Personal Information: Information that identifies, relates to, or could reasonably be linked with you
• Processing: Any operation performed on personal data, including collection, use, storage, and deletion
• Controller: The entity that determines the purposes and means of processing personal data
• Processor: The entity that processes personal data on behalf of the controller
• Data Subject: The individual to whom personal data relates