Privacy Policy

1. Who We Are

Codolie Labs SLU (CIF: B23994924), with registered address in Mallorca, Spain ("Codolie", "we", "us", or "our"), operates the website codolie.com and related services. We are a web and mobile development agency specializing in creating digital experiences.

For any questions about this policy, you can reach us at hello@codolie.com.

2. Data We Collect

We collect and process the following types of personal data:

2.1 Information You Provide

• Account information: When you create an account, we collect your name, email address, and authentication credentials via our authentication provider (Clerk).
• Contact form submissions: Name, email, phone number, company name, and any message content you provide.
• Onboarding data: Project requirements, business details, and preferences you submit through our onboarding forms.
• Payment information: Billing details processed securely through Stripe. We do not store your full credit card number on our servers.
• Newsletter subscription: Your email address when you subscribe to our newsletter.

2.2 Information Collected Automatically

• Usage data: Pages visited, time spent, click patterns, and navigation paths via Google Analytics and Vercel Analytics.
• Device information: Browser type, operating system, screen resolution, and language preferences.
• IP address: Used for security, fraud prevention, and approximate geolocation.
• Cookies and similar technologies: See our Cookie Policy for details.

3. How We Use Your Data

We use your personal data for the following purposes:

• Service delivery: To provide, maintain, and improve our services, manage your account, and process payments.
• Communication: To respond to inquiries, send project updates, and provide customer support.
• Marketing: To send newsletters and promotional content (only with your consent; you can unsubscribe at any time).
• Analytics: To understand how our website is used and improve the user experience.
• Legal compliance: To comply with applicable laws and regulations, and to protect our legal rights.

4. Legal Basis for Processing (GDPR)

As a company based in the European Union, we process your data under the following legal bases:

• Contract performance: Processing necessary to provide our services and fulfill our contractual obligations.
• Consent: For marketing communications and non-essential cookies. You may withdraw consent at any time.
• Legitimate interest: For analytics, security, and improving our services, balanced against your privacy rights.
• Legal obligation: When required by applicable law (e.g., tax and accounting records).

5. Third-Party Services

We use the following third-party services that may process your personal data:

• Clerk — Authentication and user management.
• Stripe — Payment processing. Stripe is PCI DSS Level 1 certified.
• Google Analytics — Website analytics and traffic measurement.
• Vercel — Website hosting and performance analytics.
• Supabase — Database hosting and backend services.

Each third-party provider has its own privacy policy governing the use of your data. We encourage you to review their policies.

6. International Data Transfers

Some of our third-party providers are located outside the European Economic Area (EEA). When your data is transferred outside the EEA, we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on the provider's adequacy certifications (e.g., EU-US Data Privacy Framework).

7. Data Retention

We retain your personal data only for as long as necessary:

• Account data: For the duration of your account, plus a reasonable period after closure.
• Contact form data: Up to 2 years after your last interaction.
• Payment records: As required by Spanish tax law (typically 5 years).
• Analytics data: Retained in aggregated, anonymized form.
• Newsletter data: Until you unsubscribe.

8. Your Rights

Under the GDPR and Spanish data protection law, you have the right to:

• Access your personal data and obtain a copy.
• Rectify inaccurate or incomplete data.
• Erase your data ("right to be forgotten") under certain circumstances.
• Restrict processing of your data.
• Data portability — receive your data in a structured, commonly used format.
• Object to processing based on legitimate interest or for direct marketing purposes.
• Withdraw consent at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at hello@codolie.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption in transit (TLS/HTTPS) and at rest.
• Secure authentication via Clerk with multi-factor authentication support.
• Regular security assessments and updates.
• Access controls limiting data access to authorized personnel only.

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email. We encourage you to review this page periodically.