Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your information in compliance with applicable data protection laws.

Last updated: January 14, 2025

Data Controller Information

Legal Entity Name

Codesec

Registration Status

Udyam Registered MSME (India)

Enterprise Type

Micro Enterprise

Registered Location

Bangalore, Karnataka

Data Protection Contact

Email: [email protected]
For data protection inquiries, please contact us with the subject line "Data Protection Request".

Introduction

Codesec ("we," "our," or "us"), a micro enterprise registered under the MSME Act of India, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website codesec.me, use our services, Chrome extensions, or tools. This policy complies with the Information Technology Act, 2000 (India), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site or use our services.

Information We Collect

Personal Information You Provide

We may collect personal information that you voluntarily provide to us when you:

  • Register for an account or subscribe to our services
  • Subscribe to our newsletter or marketing communications
  • Contact us through our contact form or email
  • Use our tools, applications, or Chrome extensions
  • Request a quote or consultation for our services
  • Participate in surveys, promotions, or contests

Categories of personal data collected: Name, email address, phone number, company name, job title, project requirements, payment information (processed by third-party payment processors), and any other information you choose to provide.

Automatically Collected Information

When you visit our website or use our services, we may automatically collect:

  • IP address and approximate geolocation
  • Browser type, version, and language preferences
  • Operating system and device information
  • Pages visited, time spent, and navigation patterns
  • Referring website or source
  • Date and time of access

Chrome Extension Data

Our Chrome extensions (such as Risk Observer) may collect limited data necessary for functionality. We DO NOT collect, store, or sell your browsing history, personal data, or any sensitive information through our extensions. All processing occurs locally on your device unless explicitly stated otherwise.

Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to enhance your experience. For detailed information about our cookie practices, please see our Cookie Policy.

Legal Basis for Processing

We process your personal data only when we have a valid legal basis to do so:

Contractual Necessity

Processing necessary to perform a contract with you (e.g., providing services you requested, processing payments).

Legal Obligations

Processing required to comply with applicable laws, regulations, court orders, or legal processes.

Legitimate Interests

Processing for our legitimate business interests (e.g., improving services, fraud prevention, analytics).

Consent

Where you have given us explicit consent (e.g., newsletter subscriptions, marketing communications).

How We Use Your Information

Service Provision

  • • Provide and maintain our services
  • • Process service requests and transactions
  • • Send service-related communications
  • • Manage your account and subscriptions

Communication

  • • Respond to inquiries and support requests
  • • Send newsletters and updates (with consent)
  • • Provide customer support
  • • Send project updates and invoices

Improvement & Analytics

  • • Analyze usage patterns and trends
  • • Improve our website and services
  • • Develop new features and tools
  • • Conduct research and analysis

Security & Compliance

  • • Comply with legal obligations
  • • Protect our rights and interests
  • • Prevent fraud and abuse
  • • Ensure network and information security

Information Sharing and Disclosure

We do NOT sell, trade, or rent your personal information to third parties. We may share your information only in the following limited circumstances:

Service Providers

Trusted third-party service providers who assist us in operating our website and providing services (e.g., hosting providers, payment processors, email service providers). These providers are contractually bound to protect your data.

Legal Requirements

When required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction, subject to the same privacy protections.

With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

Encryption

SSL/TLS encryption for data in transit, encryption at rest for sensitive data

Access Controls

Role-based access controls, strong authentication, regular access reviews

Monitoring

24/7 security monitoring, intrusion detection, regular security audits

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

Account InformationDuration of account + 3 years
Transaction Records7 years (legal requirement)
Contact Form Submissions2 years
Newsletter SubscriptionsUntil unsubscribe
Analytics Data26 months

Your Rights Under GDPR (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation:

Right of Access

Request a copy of your personal data we hold and information about how it is processed.

Right to Rectification

Request correction of inaccurate or incomplete personal information.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal information, subject to legal retention requirements.

Right to Restrict Processing

Request limitation of processing of your personal data in certain circumstances.

Right to Data Portability

Receive your personal data in a structured, machine-readable format and transfer it to another controller.

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Withdraw your consent at any time where processing is based on consent.

Right to Lodge a Complaint

Lodge a complaint with a supervisory authority in your country of residence.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:

Right to Know

You have the right to know what personal information we collect, use, disclose, and sell about you.

Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

Right to Opt-Out of Sale

We do not sell your personal information. We have not sold personal information in the preceding 12 months.

Right to Non-Discrimination

You will not receive discriminatory treatment for exercising your privacy rights.

International Data Transfers

Your information may be transferred to and processed in countries other than your own, including India (where we are headquartered) and other countries where our service providers operate. We ensure that such transfers are conducted in accordance with applicable data protection laws:

  • Standard Contractual Clauses approved by relevant authorities
  • Adequacy decisions where applicable
  • Binding Corporate Rules for transfers within our organization
  • Your explicit consent where required

Children's Privacy

Our services are not intended for children under the age of 16 (or 13 in the United States). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete such information promptly. If you believe we have collected information from a child, please contact us immediately at [email protected].

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email or through a prominent notice on our website. We encourage you to review this Privacy Policy periodically. Your continued use of our services after any changes constitutes acceptance of the updated policy.

How to Exercise Your Rights

To exercise any of your privacy rights, please contact us using the methods below. We will respond to your request within:

  • GDPR requests: 30 days (extendable by 60 days for complex requests)
  • CCPA requests: 45 days (extendable by 45 days)
  • Other requests: 30 days

We may need to verify your identity before processing your request to protect your privacy and security.

Contact Us

If you have any questions about this Privacy Policy, our privacy practices, or wish to exercise your data protection rights, please contact us:

Data Controller: Codesec (Udyam Registered MSME)

Privacy Email: [email protected]

General Email: [email protected]

Website: https://codesec.me/contact

Location: Bangalore, Karnataka