Privacy Policy
CodeCulpt ("we", "us", or "our") is committed to protecting the personal information of our clients, website visitors, and prospective customers. This Privacy Policy describes how we collect, use, disclose, and safeguard personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Ontario privacy law.
By using our website at https://codeculpt.com or engaging our services, you consent to the practices described in this policy.
What Information We Collect
We collect personal information that you voluntarily provide and certain information automatically when you visit our site.
Information you provide directly:
- Name and email address when you complete our contact or quote forms
- Phone number and company name if provided in forms
- Account credentials (name, email, password) when you register for a client account
- Payment information processed securely through Stripe — we never store card numbers
- Project details and communications you share during our working relationship
Information collected automatically:
- IP address and browser type for security logging and rate limiting
- Pages visited, referral URLs, and session duration via Google Analytics 4
- Server-side logs for error diagnosis and uptime monitoring
How We Use Your Information
We use collected information for the following purposes:
- To respond to enquiries and provide quotes for our services
- To deliver and manage the web development, e-commerce, and advertising services you've contracted us for
- To create and manage your client portal account
- To process payments and send invoices via Stripe
- To send transactional emails (project updates, password resets) — not promotional emails unless you opt in
- To improve our website's performance, usability, and content based on aggregated analytics
- To comply with legal obligations and enforce our Terms of Service
- To protect against fraud, spam, and abuse through honeypot and rate-limiting mechanisms
We do not sell, rent, or trade your personal information to third parties. We do not use your data for ad targeting on behalf of any advertiser.
Third-Party Services
We use the following reputable third-party services to operate our business. Each has its own privacy policy:
- Stripe — payment processing. Your card data is handled entirely by Stripe and is never transmitted to or stored on our servers. See stripe.com/privacy.
- Supabase — database hosting. Your data is stored on Supabase's PostgreSQL infrastructure in a Supabase-managed environment.
- Resend — transactional email delivery. Email content is passed through Resend solely for delivery purposes.
- Google Analytics 4 — anonymised website analytics. IP addresses are anonymised before processing. You may opt out using Google's browser add-on.
- Vercel — frontend hosting. Access logs may be retained by Vercel per their privacy policy.
- Render.com — backend API hosting. Standard server logs are retained.
Cookies and Tracking
Our website does not use advertising cookies or cross-site tracking cookies. We use Google Analytics 4 with IP anonymisation for aggregated usage statistics. Google Analytics sets first-party cookies to distinguish sessions.
No cookie consent banner is presented because we do not use non-essential cookies that require consent under Canadian law. If we add marketing or advertising pixels in the future, we will update this policy and implement appropriate consent mechanisms.
Data Security
We take data security seriously and implement the following safeguards:
- Passwords are hashed with bcrypt (cost factor 12) — plaintext passwords are never stored
- All data transmission uses HTTPS with HSTS headers enforced
- JWTs are signed with a 32+ character secret and expire after 7 days
- Password reset tokens are SHA-256 hashed before storage; raw tokens are only sent once via email
- Rate limiting and progressive account lockout protect against brute-force attacks
- All database queries use parameterised statements to prevent SQL injection
- Content Security Policy headers are set on all responses
Despite these measures, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.
Data Retention
We retain personal information only as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law.
- Contact form submissions are retained for 2 years for business records
- Client account data is retained for the duration of the business relationship plus 1 year, then deleted upon request
- Payment records are retained for 7 years as required by the Canada Revenue Agency
- Activity logs are automatically purged after 180 days
- Expired password reset tokens are automatically deleted daily
Your Rights Under PIPEDA
Under PIPEDA and applicable Ontario privacy law, you have the right to:
- Know that we are collecting your personal information and why
- Access the personal information we hold about you
- Request correction of inaccurate or incomplete information
- Withdraw consent to collection or use at any time (subject to legal and contractual restrictions)
- Request deletion of your personal information, subject to legal retention requirements
- File a complaint with the Office of the Privacy Commissioner of Canada
To exercise any of these rights, please contact us using the details below. We will respond within 30 days.
Children's Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us immediately so we can delete it.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. The "Last updated" date at the top of this page will reflect when changes were made. Continued use of our website or services following any changes constitutes acceptance of the updated policy.
For material changes that affect how we use personal information, we will notify registered users by email.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal information, please reach out:
CodeCulpt
Ontario, Canada
Email: info@codeculpt.com
Phone: +1 (437) 365-0117