🛡 Privacy Policy
Last updated: December 2024
1. Registration & Account Data
We collect and store your registration information (name, username, email, encrypted password) to create and manage your Codata account.
This data is necessary for authentication, service delivery, and essential communications about your account.
All account data is stored securely in our encrypted authentication database (AES-256). Passwords are hashed using bcrypt and never stored in plain text.
Important: While account credentials are stored, all data files you upload for analysis are processed entirely in-memory and are never stored on our servers.
2. Uploaded Data Processing
No raw files or personally identifiable data uploaded to the platform are stored beyond the processing duration.
Aggregated and anonymized analysis results are preserved solely for auditing and future reference by the data owner.
Data lifecycle policies are enforced: data is deleted securely once it is no longer required.
3. Encryption & Processing Mechanism
All initial processing occurs locally in the user's browser (client-side) to minimize data exposure.
Submitted data is processed in-memory only, with secure deletion immediately after completion.
End-to-end encryption (AES-256) ensures all data in transit and at rest is fully protected.
No raw content is ever stored in any database, safeguarding personal information.
4. Legal Basis for Processing
The legal basis for processing your personal data is the performance of our Terms & Conditions agreement. By creating an account and using Codata services, you enter into a contractual relationship with us, and processing your data is necessary to fulfill this agreement and provide our services.
5. Data Retention Periods
Active accounts: All registration data is retained while your account remains active to provide continuous service access.
After account deletion: Your personal data is securely deleted within 90 days of account closure, unless retention is required by law.
Legal obligations: Some data may be retained longer if required by Saudi law or for legitimate legal purposes (e.g., dispute resolution, fraud prevention, regulatory compliance).
6. Third-Party Data Sharing
Your personal registration data is not shared with third parties except when legally required by Saudi Arabian authorities or court orders.
We may share data with trusted service providers who assist in platform operations (e.g., cloud hosting, email services) under strict confidentiality agreements and data processing terms.
Important: Your uploaded data files are processed entirely in-memory and are never shared with any third parties under any circumstances.
7. Cross-Border Data Transfers
Your personal data is stored and processed within the Kingdom of Saudi Arabia. We do not transfer your personal data outside of KSA without appropriate safeguards and adequate protection measures. Any necessary transfers will only occur with your explicit consent or when required by law.
8. Security & Standards
Codata is designed following best practices and industry security standards.
Regular internal and external audits are conducted to verify continuous adherence to security protocols.
No data is shared with third parties unless legally required, and all consent is respected.
9. Your Data Rights
Right to Access: You may request access to all personal data we hold about you.
Right to Rectification: You may request correction of inaccurate or incomplete personal data.
Right to Erasure: You may request deletion of your personal data and account.
Right to Restriction: You may request limitation of processing activities.
Right to Data Portability: You may receive your personal data in a structured, commonly used format.
Right to Object: You may object to processing of your personal data for specific purposes.
Right to Withdraw Consent: You may withdraw your consent at any time (see section 10).
Right to Lodge Complaints: You may file complaints with our Data Protection Officer.
10. Withdrawing Consent
You may withdraw your consent for data processing at any time by deleting your account through dashboard settings or sending a written request to privacy@codata.sa.
Upon consent withdrawal and account deletion, you will lose access to all Codata services. This action is irreversible.
We will process your deletion request and securely erase your personal data within 90 days, subject to any legal retention requirements.
11. Contact & Support
For questions regarding your personal data, rights, consent, or privacy practices, contact our Data Protection Officer at privacy@codata.sa. We aim to respond to all requests within 30 business days.