Privacy Policy

Last updated: January 1, 2026

At Codexse ("we," "us," or "our"), we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at codexse.com and use our digital marketplace services. This policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

1. Information We Collect

1.1 Information You Provide Directly

We collect personal information that you voluntarily provide when you:

  • Create an Account: Name, email address, username, password, and optional profile information
  • Make Purchases: Billing address, payment card details (processed securely by Stripe/PayPal), transaction history
  • Become a Seller: Business name, tax identification information, bank account details for payouts, identity verification documents
  • Contact Us: Name, email, message content when using contact forms or support tickets
  • Subscribe to Communications: Email address for newsletters and marketing

1.2 Information Collected Automatically

When you access our platform, we automatically collect:

  • Device Information: Browser type and version, operating system, device type, screen resolution
  • Usage Data: Pages visited, time spent on pages, click patterns, search queries, products viewed
  • Network Information: IP address, approximate geographic location, Internet service provider
  • Referral Data: How you arrived at our site (search engine, referral link, direct visit)

1.3 Information from Third Parties

We may receive information from:

  • Social Login Providers: If you sign in using Google, GitHub, or other OAuth providers, we receive your name, email, and profile picture
  • Payment Processors: Transaction status and fraud prevention data from Stripe and PayPal
  • Analytics Services: Aggregated usage statistics from Google Analytics

2. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to fulfill our contract with you (e.g., processing purchases, delivering products)
  • Legitimate Interests: Processing for our legitimate business interests (e.g., fraud prevention, platform security, analytics) where your rights do not override
  • Consent: Processing based on your explicit consent (e.g., marketing emails, cookies)
  • Legal Obligation: Processing required to comply with laws (e.g., tax records, fraud reporting)

3. How We Use Your Information

We use collected information to:

3.1 Provide Our Services

  • Process and fulfill your orders and transactions
  • Create and manage your account
  • Provide customer support and respond to inquiries
  • Enable sellers to receive payments and manage their stores
  • Deliver purchased digital products

3.2 Improve and Personalize

  • Analyze usage patterns to improve platform features
  • Personalize your experience with relevant product recommendations
  • Conduct research and analytics to enhance our services

3.3 Communicate

  • Send transactional emails (order confirmations, receipts, shipping updates)
  • Notify you of product updates from sellers you've purchased from
  • Send marketing communications (with your consent)
  • Inform you of policy changes and important notices

3.4 Ensure Security and Compliance

  • Detect, prevent, and investigate fraud and security threats
  • Enforce our Terms of Service and policies
  • Comply with legal and regulatory requirements
  • Respond to legal requests and prevent harm

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your data with:

4.1 Service Providers

Third-party companies that help us operate our platform:

  • Payment Processing: Stripe, PayPal, Payoneer (to process payments securely)
  • Cloud Infrastructure: Server hosting and data storage
  • Email Services: Transactional and marketing email delivery
  • Analytics: Google Analytics for usage analysis
  • Security: Fraud detection and prevention services

All service providers are contractually bound to protect your data and use it only for specified purposes.

4.2 Sellers on Our Platform

When you purchase a product, we share your name and email address with the seller for:

  • Providing product support
  • Sending product updates and documentation
  • License verification

Sellers are prohibited from using your information for unsolicited marketing or sharing it with third parties.

4.3 Legal Requirements

We may disclose information when required to:

  • Comply with applicable laws, regulations, or legal processes
  • Respond to valid government requests
  • Protect the rights, property, or safety of Codexse, our users, or the public
  • Enforce our terms and policies

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and your choices regarding your data.

5. Data Security

We implement comprehensive security measures to protect your data:

  • Encryption: TLS 1.3 encryption for all data in transit; AES-256 encryption for sensitive data at rest
  • Access Control: Role-based access control; multi-factor authentication for staff
  • Infrastructure Security: Firewalls, intrusion detection, DDoS protection
  • Payment Security: PCI DSS compliant payment processing; we never store full card numbers
  • Regular Audits: Periodic security assessments and penetration testing
  • Incident Response: Documented procedures for security breach response and notification

While we implement industry-standard security measures, no system is completely secure. We encourage you to use strong passwords and protect your account credentials.

6. Your Rights

6.1 Rights Under GDPR (EU/EEA Residents)

If you are located in the European Union or European Economic Area, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time for consent-based processing
  • Lodge Complaint: File a complaint with your local data protection authority

6.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the right to:

  • Know: Request disclosure of personal information collected, used, and shared
  • Delete: Request deletion of your personal information
  • Opt-Out: Opt out of the sale of personal information (note: we do not sell personal information)
  • Non-Discrimination: Not be discriminated against for exercising your rights

California residents may designate an authorized agent to make requests on their behalf.

6.3 Exercising Your Rights

To exercise any of these rights:

  • Visit your account's Privacy Center at codexse.com/privacy-center
  • Email us at privacy@codexse.com
  • Use the contact form on our website

We will respond to verified requests within 30 days (or 45 days for complex requests, with notice).

7. Data Retention

We retain personal data for different periods based on purpose:

  • Account Data: Retained while your account is active and for 30 days after deletion request
  • Transaction Records: Retained for 7 years for tax and legal compliance
  • Support Communications: Retained for 3 years after resolution
  • Marketing Preferences: Until you withdraw consent
  • Analytics Data: Anonymized after 26 months

8. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all service providers
  • Adequacy decisions where applicable

9. Cookies and Tracking

We use cookies and similar technologies. For detailed information about our cookie practices, including how to manage your preferences, please see our Cookie Policy.

10. Children's Privacy

Our services are not intended for individuals under 16 years of age (or the age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@codexse.com.

11. Third-Party Links

Our platform may contain links to third-party websites and services. This Privacy Policy applies only to Codexse. We are not responsible for the privacy practices of third-party sites. We encourage you to review their privacy policies before providing any personal information.

12. Do Not Track

Some browsers transmit "Do Not Track" signals. Currently, we do not respond to DNT signals, as there is no industry standard for compliance. We honor opt-out preferences through our cookie consent mechanism.

13. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes:

  • We will update the "Last updated" date at the top of this page
  • We will notify you via email for significant changes
  • We may display a prominent notice on our website

Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

14. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

Codexse Data Protection Team

Email: privacy@codexse.com

Website: codexse.com/contact

For EU residents, you may also contact your local data protection authority if you have concerns about our data practices.