Privacy Policy

Last Updated: 27th August 2025

Effective Date: 27th August 2025

1. Introduction

Code & Clause (“we,” “us,” or “our”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (codeandclause.ai), use our services, or interact with us.

This policy complies with applicable data protection laws, including the General Data Protection Regulation (GDPR) for European Union residents and the Information Technology Act, 2000 for Indian residents.

Data Controller: Code & Clause, located in Bengaluru, India

2. Information We Collect

2.1 Personal Information You Provide

We collect information you voluntarily provide to us, including:

Contact Information:

  • Email addresses
  • First and last names
  • Phone numbers
  • Company/organization name
  • Job titles and roles
  • Professional contact details

Professional Information:

  • Industry and company size
  • Compliance needs for content personalization
  • Professional interests and requirements
  • Career level and experience

Service-Related Information:

  • Consultation requirements and preferences
  • Project details and objectives
  • Implementation timelines and budgets
  • Compliance assessment responses

Communication Data:

  • Messages sent through contact forms
  • Email correspondence
  • Video call recordings (for consulting services)
  • Chat transcripts and support interactions

2.2 Information We Collect Automatically

Website Analytics:

  • IP addresses and location data
  • Browser type and version
  • Device information and operating system
  • Pages visited and time spent on site
  • Referral sources and search terms
  • User behavior and interaction patterns

Cookies and Tracking Technologies:

  • Essential cookies for website functionality
  • Analytics cookies for performance measurement
  • Marketing cookies for retargeting and personalization
  • Social media cookies from integrated platforms

Technical Data:

  • Log files and server data
  • Error reports and diagnostic information
  • API usage and system interactions

2.3 Information from Third Parties

Professional Networks:

  • LinkedIn profile information (with consent)
  • Professional background and connections
  • Industry affiliations and certifications

Payment Processors:

  • Transaction data from Stripe
  • Billing information and payment history
  • Subscription and purchase records

Analytics and Marketing Tools:

  • Google Analytics demographic data
  • Marketing campaign performance data
  • Social media engagement metrics

3. How We Use Your Information

3.1 Service Provision

  • Deliver digital products and consulting services
  • Process downloads and access requests
  • Provide customer support and technical assistance
  • Manage user accounts and subscriptions

3.2 Communication and Marketing

  • Send newsletters and educational content
  • Provide product updates and announcements
  • Conduct market research and surveys
  • Deliver personalized content recommendations
  • Send promotional materials about relevant services

3.3 Business Operations

  • Analyze website usage and improve user experience
  • Conduct compliance assessments and gap analyses
  • Develop new products and services
  • Manage business relationships and partnerships
  • Ensure legal and regulatory compliance

3.4 Legal and Security

  • Protect against fraud and unauthorized access
  • Enforce our Terms of Use and other policies
  • Comply with legal obligations and regulatory requirements
  • Respond to legal requests and court orders

4. Legal Basis for Processing (GDPR)

For EU residents, we process your personal data based on:

Consent: When you provide explicit consent for marketing communications, cookies, or specific data processing activities.

Contract Performance: When processing is necessary to perform our services or fulfill contractual obligations.

Legitimate Interests: For business operations, analytics, fraud prevention, and service improvement, where our interests don’t override your privacy rights.

Legal Obligation: When required to comply with applicable laws, regulations, or legal processes.

5. How We Share Your Information

5.1 Service Providers

We share information with trusted third-party service providers who assist us in:

Email Marketing:

  • Brevo (email delivery and marketing automation)
  • List management and segmentation services

Analytics and Tracking:

  • Google Analytics (website performance analysis)
  • Heatmap and user recording services
  • Social media analytics platforms

Payment Processing:

  • Stripe (payment processing and billing)
  • Financial institutions for transaction processing

Technology Services:

  • Hostinger (web hosting and infrastructure)
  • Google Workspace (business communications)
  • Cloud storage and backup services
  • Project management tools (Notion, Asana, etc.)

AI and Content Services:

  • Claude (content creation and analysis)
  • Grok (research and data analysis)
  • Other AI tools for service enhancement

5.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction.

5.3 Legal Requirements

We may disclose information when required by law, court order, or government request, or to protect our rights, property, or safety.

5.4 With Your Consent

We may share information for other purposes with your explicit consent.

6. Data Retention

6.1 General Retention Policy

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, unless you request deletion or a longer retention period is required by law.

Email Marketing Data: Retained until you unsubscribe or request deletion Website Analytics: Typically retained for 26 months (Google Analytics default) Consulting Client Data: Retained for the duration of the business relationship and as long as legally required for business records Payment Information: Retained according to financial and tax record requirements Support Communications: Retained for reasonable period to provide ongoing support

6.2 Data Deletion

You may request deletion of your personal data at any time, subject to legal and contractual obligations.

7. Your Privacy Rights

7.1 Rights for All Users

  • Access: Request information about data we hold about you
  • Correction: Update or correct inaccurate personal information
  • Deletion: Request deletion of your personal data
  • Opt-out: Unsubscribe from marketing communications
  • Data Portability: Request a copy of your data in a portable format

7.2 Additional Rights for EU Residents (GDPR)

  • Right to Restriction: Limit how we process your data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for specific processing activities
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

7.3 How to Exercise Your Rights

To exercise any of these rights, contact us at:

  • Email: one@codeandclause.ai
  • Subject Line: “Privacy Rights Request”
  • Include: Your name, email address, and specific request details

We will respond to valid requests within 30 days (or as required by applicable law).

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

Essential Cookies:

  • Website functionality and security
  • User session management
  • Form submission and data processing

Analytics Cookies:

  • Google Analytics for website performance
  • User behavior analysis and optimization
  • Traffic source and conversion tracking

Marketing Cookies:

  • Retargeting and personalized advertising
  • Social media integration and sharing
  • Campaign performance measurement

Preference Cookies:

  • Language and region settings
  • Customized user experience
  • Content personalization

8.2 Cookie Management

You can control cookies through:

  • Browser settings and preferences
  • Our cookie consent banner
  • Third-party opt-out tools
  • Direct contact for assistance

Note: Disabling certain cookies may affect website functionality and user experience.

9. Data Security

9.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

Technical Safeguards:

  • SSL/TLS encryption for data transmission
  • Secure hosting infrastructure with Hostinger
  • Regular security updates and patches
  • Access controls and authentication systems
  • Data backup and recovery procedures

Organizational Safeguards:

  • Staff training on data protection practices
  • Confidentiality agreements with service providers
  • Regular security assessments and audits
  • Incident response and breach notification procedures

9.2 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify relevant authorities within 72 hours (where required)
  • Inform affected individuals without undue delay
  • Provide clear information about the breach and response measures
  • Take immediate steps to contain and remediate the breach

9.3 International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place, including:

  • Adequacy decisions by relevant authorities
  • Standard contractual clauses with service providers
  • Binding corporate rules where applicable
  • Your explicit consent for specific transfers

10. Children’s Privacy

Our services are not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

11. Third-Party Links and Services

Our website may contain links to third-party websites and services. This Privacy Policy does not apply to those external sites. We encourage you to review the privacy policies of any third-party services you use.

Key Third-Party Services:

12. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. We will:

  • Post the updated policy on our website
  • Update the “Last Updated” date
  • Notify you of material changes via email or website notice
  • Obtain consent for significant changes where required by law

13. Contact Information

13.1 Data Protection Inquiries

For questions about this Privacy Policy or our data practices:

  • Email: one@codeandclause.ai
  • Website: codeandclause.ai
  • Subject Line: “Privacy Policy Inquiry”

13.2 Data Subject Rights Requests

For requests to exercise your privacy rights:

  • Email: one@codeandclause.ai
  • Subject Line: “Privacy Rights Request”
  • Include: Your name, email address, and specific request details

13.3 Data Protection Officer

While not required to designate a formal Data Protection Officer, privacy inquiries are handled by our compliance team at the contact information above.

13.4 EU Representative

For EU residents requiring a local representative, we will designate one as our business expands into the European market.

14. Specific Regional Information

14.1 For Indian Residents

Under the Information Technology Act, 2000 and related rules:

  • You have the right to access and correct your personal information
  • We implement reasonable security practices to protect your data
  • Data breaches affecting sensitive personal information will be reported as required

14.2 For EU Residents

Under GDPR:

  • You have enhanced rights as outlined in Section 7.2
  • Our lawful basis for processing is detailed in Section 4
  • You may lodge complaints with your local supervisory authority
  • Data transfers outside the EU are conducted with appropriate safeguards

14.3 For US Residents

Depending on your state:

  • California residents may have additional rights under CCPA
  • Other state privacy laws may provide additional protections
  • We will update this policy as US federal privacy legislation develops

15. Consent and Withdrawal

15.1 Providing Consent

By using our services, you consent to the collection and processing of your personal data as described in this Privacy Policy. For specific activities requiring explicit consent, we will obtain your clear, informed agreement.

15.2 Withdrawing Consent

You may withdraw your consent at any time by:

  • Unsubscribing from email communications
  • Contacting us directly
  • Adjusting your account settings
  • Using our data subject rights request process

Note: Withdrawing consent does not affect the lawfulness of processing based on consent before withdrawal.

Legal Notice: This Privacy Policy is designed to comply with applicable data protection laws and provide transparency about our data practices. It is not intended as legal advice. For specific legal questions about data protection, consult qualified legal counsel.

Effective Compliance: We are committed to maintaining the highest standards of data protection and will continuously update our practices to ensure ongoing compliance with evolving privacy regulations.