Privacy Policy

Introduction

Welcome to Codiroo ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the "Service").

By accessing or using Codiroo, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

Information We Collect

Information You Provide to Us

Account Information

• Email address
• Username
• Password (encrypted and securely stored)
• Profile information

Referral Information

• Referral links you create or share
• Referral codes
• Vendor preferences
• Comments and feedback you provide

Communication Data

• Information you provide when you contact us for support
• Feedback, survey responses, or other communications

Information Collected Automatically

Usage Data

• IP address
• Browser type and version
• Device information (operating system, device identifiers)
• Pages visited and features used
• Time and date of visits
• Time spent on pages
• Referring website addresses
• Click tracking and interaction data

Cookies and Tracking Technologies

• Session cookies to maintain your login state (essential)
• Preference cookies to remember your settings (only stored if you allow optional cookies)
• Local storage data for application functionality and secure authentication

Analytics Information

• Referral link performance metrics
• Click-through rates
• User engagement statistics
• Dashboard activity data

How We Use Your Information

We use the information we collect for the following purposes:

To Provide and Maintain Our Service

• Creating and managing your account
• Processing and distributing referral links
• Tracking referral performance and analytics
• Enabling fair rotation of referral opportunities
• Providing customer support

To Improve Our Service

• Analyzing usage patterns and trends
• Developing new features and functionality
• Troubleshooting technical issues
• Conducting research and testing

To Communicate With You

• Sending administrative information and updates
• Responding to your inquiries and support requests
• Notifying you of changes to our Service or policies
• Sending marketing communications (with your consent)

To Ensure Security and Prevent Fraud

• Monitoring for suspicious activity
• Enforcing our Terms & Conditions
• Protecting against unauthorized access
• Complying with legal obligations

Our Basis for Processing Data

We operate the Service from the United States and handle personal information to provide, secure, and improve the platform. We rely on the following bases to process information:

• Contractual necessity: Processing is required to create accounts, deliver referral rotation, and provide core features
• Legitimate interests: We improve the Service, maintain security, prevent fraud, and understand product usage
• Consent for optional preferences: We rely on your consent to remember UI preferences when you allow optional cookies
• Legal obligations: We retain and disclose information when required to comply with applicable U.S. laws

How We Share Your Information

We do not sell your personal information.

We may share your information in the following circumstances:

With Service Providers

• Supabase (authentication, database hosting, and storage infrastructure)
• Email service providers for transactional communications
• Payment processors (if applicable)

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

For Business Transfers

• In connection with a merger, acquisition, reorganization, or sale of assets
• Your information may be transferred as part of the business transaction

For Legal Purposes

• To comply with legal obligations, court orders, or government requests
• To enforce our Terms & Conditions
• To protect our rights, property, or safety, or that of our users
• To prevent fraud or illegal activity

Aggregated or De-identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Account Information: Retained while your account is active and for a reasonable period afterward
• Usage Data: Typically retained for up to 24 months for analytics purposes
• Communication Records: Retained as needed for customer support and legal compliance

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, regulatory, or security purposes.

Your Privacy Rights

All Users

• Access and Portability: You can access your account information through your dashboard and request a copy of your personal data in a portable format
• Correction: You can update your account information at any time through your account settings
• Deletion: You can request deletion of your account and personal information by contacting us at itscodiroo@gmail.com
• Opt-Out of Marketing: You can opt out of marketing emails by clicking the "unsubscribe" link or updating your preferences

International Visitors

The Service is operated from the United States and is not specifically directed to residents of the EEA, United Kingdom, or other jurisdictions that require local data protection representatives. If you reside outside the United States, you may have additional rights under your local laws. Please contact us at itscodiroo@gmail.com and we will review your request in line with our legal obligations and contractual commitments.

Data Security

We implement reasonable administrative, technical, and physical security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction.

Security Measures Include:

• Encryption of data in transit and at rest (SSL/TLS)
• Secure authentication via Supabase
• Regular security audits and monitoring
• Access controls and authentication requirements
• Employee training on data protection

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

International Data Transfers

Our infrastructure is located in the United States. By using the Service, you understand that your information will be stored and processed in the United States, where data protection requirements may differ from those in your home country.

If you access the Service from outside the United States, you consent to the transfer and processing of your information in the United States and acknowledge that U.S. law will apply to our handling of your data to the extent permitted by your local regulations.

Children's Privacy

Our Service is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will delete such information from our systems.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons.

We will:

• Post the updated Privacy Policy on this page
• Update the "Last Updated" date at the top
• For material changes, provide additional notice (e.g., email notification)

Continued use of the Service after changes constitutes acceptance. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Response Time: We will respond to your inquiry within a reasonable timeframe, typically within 30 days for general inquiries and within 45 days for applicable data privacy requests.

Summary of Key Points

• We collect information you provide and usage data automatically
• We use information to provide, improve, and secure our Service
• We do not sell your personal information
• You have rights to access, correct, and delete your information
• You control optional preference cookies through the in-app banner
• We implement security measures to protect your data
• We comply with applicable U.S. privacy laws
• Contact us with any questions or to exercise your rights