Privacy Policy

Last updated: January 15, 2025

1. Introduction

This Privacy Policy explains how Codqi ("we", "us", or "our") collects, uses, stores, and protects your personal information when you use our website at Codqi.com and all related services (the "Platform"). We are committed to protecting your privacy and handling your data responsibly.

By using the Platform, you consent to the practices described in this policy. If you do not agree, please do not use the Platform.

2. Information We Collect

We collect the following types of information:

Information you provide directly:

• Account information: Name, email address, and password when you create an account
• Payment information: Processed securely by Stripe or PayPal — we do not store your credit card number, CVV, or full payment card details on our servers
• Server credentials: If you use our installation service, you may provide cPanel access details (see Section 5 for how we handle these)
• Support communications: Messages, attachments, and information you provide when contacting our support team
• Profile information: Phone number, country, and any other optional details you add to your account

Information collected automatically:

• Device and browser data: IP address, browser type and version, operating system, and device type
• Usage data: Pages visited, time spent on pages, links clicked, and general navigation patterns
• Transaction data: Order history, license keys, domain activations, and download records
• Session data: Shopping cart contents, login sessions, and preferences

3. How We Use Your Information

We use your personal information for the following purposes:

• Service delivery: To process purchases, issue license keys, provide downloads, and manage your account
• Installation service: To install purchased software on your server when requested
• Customer support: To respond to inquiries, troubleshoot issues, and resolve disputes
• Communications: To send order confirmations, license information, product updates, and service notifications
• Security: To detect and prevent fraud, unauthorized access, and license abuse
• Platform improvement: To analyze usage patterns and improve our products and services
• Legal compliance: To comply with applicable laws, regulations, and legal processes

We will not use your personal information for purposes materially different from those described here without first notifying you and, where required, obtaining your consent.

4. Marketing Communications

With your consent, we may send you marketing emails about new products, promotions, or updates. You can opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your notification preferences in your account dashboard
• Contacting us at privacy@codqi.com

Opting out of marketing will not affect transactional communications (order confirmations, license notifications, security alerts).

5. Server Credentials (Installation Service)

If you use our free installation service and provide server access credentials:

• Credentials are encrypted immediately upon receipt using AES-256-GCM encryption
• Access is restricted to the single installation technician assigned to your order
• Credentials are used solely for the purpose of installing your purchased software
• All credentials are permanently and irrecoverably deleted within 48 hours of installation completion
• An audit log records when credentials were accessed, by whom, and when they were deleted

We never store your credentials in plain text, and no one other than the assigned technician can access them during the installation window.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information to third parties.

We may share limited data with the following categories of service providers, solely to operate the Platform:

• Payment processors: Stripe and PayPal process your payments under their own privacy policies
• Email delivery: Transactional and marketing emails are sent through our email service provider
• Hosting infrastructure: Our Platform runs on cloud infrastructure that stores your data in accordance with industry security standards

We may also disclose information if required by law, court order, or governmental regulation, or if necessary to protect our rights, property, or safety.

7. Cookies and Tracking

We use cookies for the following purposes:

• Essential cookies: Required for login sessions, shopping cart, CSRF protection, and core functionality. These cannot be disabled.
• Preference cookies: Remember your settings and preferences (e.g., theme, language)

We do not use third-party advertising or tracking cookies. We do not share browsing data with ad networks.

You can manage cookie settings through your browser. Disabling essential cookies may prevent you from using core features of the Platform (login, checkout, etc.).

8. Data Security

We implement industry-standard security measures to protect your personal information, including:

• AES-256-GCM encryption for sensitive stored data
• HTTPS/TLS encryption for all data in transit
• Secure session management with HttpOnly, Secure, and SameSite cookie flags
• Bcrypt password hashing (cost factor 12)
• Rate limiting on authentication and API endpoints
• Content Security Policy headers to prevent XSS attacks
• Prepared SQL statements to prevent injection attacks

While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

9. Data Retention

We retain your personal information for as long as necessary to:

• Maintain your account and provide our services
• Comply with legal obligations (e.g., tax records, transaction history)
• Resolve disputes and enforce our Terms of Service

If you close your account, we will delete or anonymize your personal information within 30 days, except where we are legally required to retain certain records (e.g., financial transaction records may be retained for up to 7 years for tax purposes).

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing of your data for certain purposes
• Withdrawal of consent: Withdraw consent for optional processing (e.g., marketing)

To exercise any of these rights, contact us at privacy@codqi.com. We will respond within 30 days.

11. Children's Privacy

The Platform is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

12. International Data Transfers

Your data may be processed in countries other than your own. By using the Platform, you consent to the transfer of your information to these countries, which may have different data protection standards. We ensure appropriate safeguards are in place for any international transfers.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. If we make material changes, we will notify you via email or a prominent notice on the Platform before the changes take effect. Your continued use of the Platform after changes are posted constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

• Email: privacy@codqi.com
• Support: Contact form