Privacy Policy

   Your privacy is extremely important to us. This Privacy Policy explains how Codoser.com (“Codoser,” “we,” “our,” “us”) collects, uses, processes, stores, shares, and protects your personal information when you access or use our website, services, marketplace, mobile applications, APIs, or any related tools (collectively, the “Platform”).

By using the Platform, registering an account, making a purchase, listing products, or otherwise interacting with Codoser, you agree to this Privacy Policy and the collection and use of information as described herein. If you do not agree with this Policy, please discontinue using the Platform immediately.

1. Scope of This Policy

1.1 This Privacy Policy applies to all personal data processed by Codoser in connection with the Platform, whether you are a buyer, author, affiliate, developer, visitor, or any other type of user.
1.2 It covers both online and offline data interactions with Codoser.
1.3 This Policy applies globally and is designed to meet the requirements of multiple privacy laws, including the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Indian IT Act & IT Rules, and other applicable laws.
1.4 If any provisions conflict with local mandatory privacy laws, the stricter provision applies.

2. Definitions

2.1 Personal Data: Any information relating to an identified or identifiable individual (e.g., name, email, IP address).
2.2 Processing: Any operation performed on personal data, such as collection, storage, use, transfer, disclosure, or deletion.
2.3 Controller: Codoser, which determines the purposes and means of processing personal data.
2.4 Processor: Third parties that process personal data on behalf of Codoser (e.g., hosting providers, payment gateways).
2.5 Cookies: Small text files stored on your device to enable Platform functionality, analytics, and personalization.
2.6 Applicable Laws: GDPR, CCPA, Indian IT Act 2000, and other relevant data protection laws.

3. Categories of Data We Collect

3.1 Information You Provide Directly

• Account registration data: name, email, username, password.
• Billing and payment information: address, phone number, tax details.
• Seller/author verification data: identity proof, business information, KYC/AML data.
• Communications: support tickets, feedback, surveys, reviews.
• Uploaded content: product listings, code files, descriptions, images.

3.2 Information Collected Automatically

• Device data: IP address, browser type, operating system, device identifiers.
• Usage data: pages visited, products viewed, features used, timestamps, clickstream.
• Transaction logs: purchases, downloads, licensing activity, errors.
• Cookies and tracking technologies as per our Cookie Policy.

3.3 Information from Third Parties

• Payment gateways may share transaction status.
• Identity verification providers may share results.
• Analytics and advertising partners may provide aggregated data.
• Affiliate programs may provide referral information.

4. Legal Basis for Processing (GDPR)

4.1 We process personal data under the following legal bases:

• Contractual necessity: to provide services, process transactions, deliver products.
• Legal obligations: tax compliance, KYC/AML checks, regulatory reporting.
• Legitimate interests: fraud prevention, service improvement, direct communications.
• Consent: where required for marketing, cookies, or sensitive data processing.
  4.2 Users in the EU/EEA may withdraw consent at any time without affecting prior lawful processing.

5. Purposes of Data Collection

5.1 We collect and process personal data for:

• Account registration, management, and authentication.
• Facilitating purchases, licensing, and payouts.
• Processing payments and issuing invoices.
• Providing support, responding to inquiries, and resolving disputes.
• Fraud detection, security monitoring, and abuse prevention.
• Marketing communications, if consented.
• Analytics to improve Platform performance and user experience.
• Compliance with legal obligations and regulatory requirements.

6. Data Required for Transactions

6.1 Certain data is mandatory to complete purchases or sales on the Platform (e.g., billing address, payment information).
6.2 Failure to provide required data may result in the inability to use certain features or complete transactions.

7. Account Data and Authentication

7.1 Account credentials are used solely for login and authentication.
7.2 Passwords are stored using secure cryptographic hashing algorithms.
7.3 We do not have access to plaintext passwords.
7.4 Multi-factor authentication may be offered to enhance account security.

8. Payment Information

8.1 Payments are processed through secure third-party gateways.
8.2 Codoser does not store complete credit card numbers or sensitive payment credentials.
8.3 We may receive and store limited data (e.g., transaction ID, payment status) for reconciliation and support.
8.4 All payment data is encrypted and transmitted over secure channels (TLS/SSL).

9. Cookies and Tracking

9.1 We use cookies and similar technologies for essential functionality, analytics, marketing, and personalization.
9.2 Users may control cookie preferences through their browser settings or consent tools.
9.3 Some cookies are essential; disabling them may affect Platform functionality.
9.4 See our Cookie Policy for detailed information.

10. Communication Data

10.1 We store communications with support, sales, or other teams for service quality and legal compliance.
10.2 Emails, tickets, and chats may be retained to resolve disputes or respond to legal requests.

11. Reviews, Comments, and Community Content

11.1 If you post reviews or comments, your username and public profile may be visible to others.
11.2 Content you make public may be indexed by search engines.
11.3 Users are responsible for the personal information they share publicly.

12. Marketing and Promotional Communications

12.1 With your consent where required, we may send promotional emails or notifications about new products, discounts, or features.
12.2 You may opt out of marketing communications at any time via unsubscribe links or account settings.
12.3 Transactional or service-related emails will still be sent where necessary.

13. Analytics and Performance Data

13.1 We use analytics tools to collect aggregated, anonymized data on Platform usage.
13.2 This data helps improve features, identify performance issues, and understand user behavior.
13.3 Personal identifiers may be pseudonymized for analytics.

14. Fraud Prevention and Security Monitoring

14.1 We analyze activity patterns to detect fraudulent transactions, unauthorized access, and policy violations.
14.2 Fraud prevention mechanisms may include automated decision-making or manual review.
14.3 Suspicious accounts may be suspended or flagged for further verification.

15. Sharing with Service Providers

15.1 We share personal data with carefully selected service providers who act on our behalf, such as:

• Cloud hosting and infrastructure providers.
• Payment processors and financial institutions.
• Email and communications services.
• Analytics and anti-fraud platforms.
  15.2 These providers are contractually bound to handle data securely and only for specified purposes.

16. Sharing with Authors and Buyers

16.1 When buyers purchase a product, limited data may be shared with the author for support and licensing purposes (e.g., email, username, license key).
16.2 Authors must comply with data protection laws and may not use this data for marketing without consent.
16.3 Buyers should review author privacy practices before sharing additional information voluntarily.

17. Legal Compliance and Regulatory Disclosures

17.1 We may disclose data when required by law, court orders, regulatory authorities, or law enforcement.
17.2 Such disclosures will be limited to the minimum information necessary.

18. International Data Transfers

18.1 Your data may be transferred and stored on servers located outside your country of residence.
18.2 Where required, appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions) are implemented to protect transferred data.
18.3 By using the Platform, you consent to such transfers.

19. Data Retention

19.1 We retain personal data only as long as necessary for the purposes described in this Policy, including legal, tax, and accounting requirements.
19.2 Criteria for retention include transaction history, regulatory obligations, and dispute resolution needs.
19.3 Upon expiration of retention periods, data is securely deleted or anonymized.

20. User Rights — GDPR / Global

20.1 Depending on your location, you may have rights including:

• Access to your personal data.
• Rectification of inaccurate information.
• Erasure (“Right to be forgotten”) under certain conditions.
• Restriction of processing.
• Data portability.
• Objection to processing based on legitimate interests.
• Withdrawal of consent at any time.
  20.2 We will respond to rights requests within legally mandated timelines.

21. CCPA Rights (California)

21.1 California residents may have additional rights under the CCPA, including:

• Right to know what personal data is collected and shared.
• Right to deletion.
• Right to opt out of the sale of personal data.
• Right to non-discrimination for exercising privacy rights.
  21.2 We do not sell personal data as defined by the CCPA.

22. Exercising Your Rights

22.1 You may exercise your privacy rights by contacting us through the official channels listed on our website.
22.2 We may verify your identity before responding to requests.
22.3 Some rights may be subject to exceptions or legal obligations.

23. Children’s Privacy

23.1 The Platform is not intended for children under the age of 18.
23.2 We do not knowingly collect personal data from minors.
23.3 If we become aware of such collection, we will delete the data promptly.

24. Automated Decision-Making

24.1 We may use automated systems for fraud detection or transactional risk analysis.
24.2 These systems do not make decisions with legal or similarly significant effects without human oversight.

25. Data Security Measures

25.1 We implement appropriate technical and organizational measures to protect personal data, including encryption, access controls, intrusion detection, and regular audits.
25.2 No system is 100% secure; users are encouraged to protect their accounts and report suspicious activity.

26. Breach Notification

26.1 In the event of a data breach affecting your personal data, we will notify you and relevant authorities as required by law.
26.2 Notifications will include information about the breach, affected data, and recommended actions.

27. Third-Party Websites and Services

27.1 The Platform may contain links to third-party websites. We are not responsible for their privacy practices.
27.2 Users should review third-party privacy policies before sharing personal information.

28. Changes of Ownership or Control

28.1 In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of the transaction.
28.2 We will ensure appropriate protections and notify users where required.

29. Non-Discrimination

29.1 We will not discriminate against users for exercising their privacy rights.
29.2 Access to core services will not be conditioned on consenting to unnecessary processing.

30. Policy Updates and User Responsibility

30.1 We may update this Privacy Policy at any time without prior notice.
30.2 It is the user’s responsibility to review the Policy periodically for changes.
30.3 Continued use of the Platform constitutes acceptance of the updated Policy.