Privacy Policy
Information about personal data processing
This Privacy Policy sets out the rules for processing and protecting personal data provided by Users in connection with using the Codesphere service (hereinafter: "Service").
Data Controller:
Codesphere
[ADDRESS TO BE COMPLETED]
[POSTAL CODE] [CITY], Poland
Tax ID (NIP): [TO BE COMPLETED]
Email: contact@codesphere.app
The Controller has not appointed a Data Protection Officer. For matters related to personal data protection, you can contact the Controller directly at the email address provided above.
We make every effort to ensure your data is secure and processed in accordance with applicable laws, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).
When using the Service, we may collect the following data:
Voluntarily provided data:
- Email address (when contacting via form)
- Name (optional)
- Phone number (optional, when requesting a call)
- Message content
Automatically collected data:
- IP address (anonymized after 24 hours)
- Browser and device type
- Date and time of visit
- Pages viewed and tools used
- Cookie data (only with your consent, except for essential cookies)
Tool data:
Files uploaded to tools (e.g., images for compression) are processed only in the server's operational memory, are not saved to disk, and are automatically deleted immediately after processing (within 60 seconds of upload at most). The Controller has no access to the content of uploaded files.
We process your data for the following purposes:
Service provision (Art. 6(1)(b) GDPR - contract performance):
- Enabling use of tools and Service features
- Managing user account (if applicable)
Communication (Art. 6(1)(f) GDPR - legitimate interest):
- Responding to messages sent via contact form
- Legitimate interest: handling inquiries and building relationships with users
Analytics (Art. 6(1)(a) GDPR - consent):
- Analyzing Service traffic for improvement
- Processing occurs only after consent is given via the cookie banner
Own marketing (Art. 6(1)(a) GDPR - consent):
- Sending information about news and updates
- Only after separate, voluntary consent is given
Security (Art. 6(1)(f) GDPR - legitimate interest):
- Protecting the Service from abuse, attacks, and unauthorized access
- Legitimate interest: ensuring IT infrastructure security
Legal obligations (Art. 6(1)(c) GDPR):
- Fulfilling obligations under law (e.g., tax, accounting)
The Service uses cookies. On your first visit, we display a banner allowing you to manage your consent.
Essential cookies (no consent required):
- Ensuring proper functioning of the Service
- Remembering language preferences
- Remembering your cookie choices
Analytics cookies (consent required):
- Analyzing how the Service is used
- Collecting anonymous visit statistics
- Improving functionality
Advertising cookies (consent required):
- Ad personalization (if displayed)
- Measuring campaign effectiveness
Managing consent:
You can change your cookie preferences at any time by clicking the "Cookie settings" link in the footer. You have the right to withdraw consent at any time, which does not affect the lawfulness of processing carried out before withdrawal.
You can also manage cookies in your browser settings. Disabling essential cookies may affect the functionality of some Service elements.
Your data may be shared with the following categories of recipients:
Service providers (data processors):
- Vercel Inc. (USA) - hosting and infrastructure
- Resend (USA) - email service
- Google LLC (USA) - analytics (Google Analytics 4) - only with your consent
Government authorities:
- Only based on applicable legal provisions, upon request from authorized bodies
Transfer of data outside the European Economic Area (EEA):
Some of our providers are based in the USA. Data transfer to the USA is carried out based on:
- European Commission adequacy decision (EU-US Data Privacy Framework) - for certified entities
- Standard Contractual Clauses adopted by the European Commission
You have the right to obtain a copy of the safeguards used by contacting us at contact@codesphere.app.
We do not sell your personal data to third parties. We do not make automated decisions, including profiling, that would produce legal effects concerning you or similarly significantly affect you.
Under GDPR, you have the following rights:
Right of access (Art. 15 GDPR):
You can obtain confirmation of whether we process your data and receive a copy of it.
Right to rectification (Art. 16 GDPR):
You can request correction of inaccurate data or completion of incomplete data.
Right to erasure (Art. 17 GDPR):
You can request deletion of data ("right to be forgotten") when, among others, data is no longer necessary, you withdraw consent, or you object.
Right to restriction of processing (Art. 18 GDPR):
You can request restriction of data processing in certain cases.
Right to data portability (Art. 20 GDPR):
You can receive your data in a structured format (e.g., JSON, CSV) and transfer it to another controller.
Right to object (Art. 21 GDPR):
You can object at any time to processing of data based on the controller's legitimate interest.
Right to withdraw consent (Art. 7(3) GDPR):
If processing is based on consent, you can withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.
How to exercise your rights:
Send a message to: contact@codesphere.app. We will respond without undue delay, no later than within one month of receiving the request. For complex requests, the deadline may be extended by another two months, of which we will inform you.
We apply appropriate technical and organizational measures to protect your data in accordance with Art. 32 GDPR:
Technical measures:
- Connection encryption (HTTPS/TLS 1.3)
- Encryption of data at rest
- Regular software updates and security patches
- Firewall and DDoS protection
- Regular backups
Organizational measures:
- Limited data access (need-to-know principle)
- Data protection training
- Security incident response procedures
In case of a personal data breach that is likely to result in a high risk to your rights or freedoms, we will inform you without undue delay, in accordance with Art. 34 GDPR.
We store personal data only for the period necessary to achieve the processing purposes:
Contact form data:
- 3 years from last contact (due to potential claims) or until consent is withdrawn, whichever comes first
Billing data (invoices, payments):
- 5 years from the end of the tax year in which the tax obligation arose (legal requirement)
Analytics data (Google Analytics):
- Up to 14 months (with analytics cookies enabled with consent)
Server logs:
- Up to 30 days (purpose: security)
Cookies:
- Essential: session duration or up to 12 months
- Analytics/advertising: up to 12 months (only with consent)
After the retention period, data is permanently deleted or irreversibly anonymized.
We reserve the right to make changes to this Privacy Policy in case of changes to legal regulations, Service functionality, or the scope of data processing.
We inform about changes through:
- Publishing an updated version on this page with a new update date
- Email notification (if we have your address and you have consented to such communication)
- Clear notice in the Service for significant changes
We encourage you to regularly check this page. The date of the last update is at the top of the document.
Contact the Controller:
If you have questions about personal data processing or wish to exercise your rights, contact us:
Email: contact@codesphere.app
Address: [ADDRESS TO BE COMPLETED], Poland
We respond to inquiries without undue delay, no later than within one month.
Right to complain:
If you believe that the processing of your personal data violates GDPR, you have the right to lodge a complaint with the supervisory authority:
President of the Personal Data Protection Office (PUODO)
ul. Stawki 2, 00-193 Warsaw, Poland
Phone: +48 22 531 03 00
Website: https://uodo.gov.pl
You may also lodge a complaint with the supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.