Our Commitment to You
Privacy Policy
CodeBridge LLC
Understand how CodeBridge collects, uses, and protects your personal information and data. We are committed to transparency and security.
Effective Date: July 1st, 2025
Introduction
CodeBridge is a software development agency that designs, builds, and maintains custom AI and software solutions for organizations operating in highly regulated industries, including healthcare, insurance, financial services, and the public sector. Our work combines advanced machine learning, secure cloud architecture, and rigorous engineering practices to deliver compliant, production-grade products.
We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Policy describes CodeBridge's policies and practices regarding its collection and use of your personal data, and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Policy as we undertake new personal data practices or adopt new privacy policies.
Data Protection Officer
CodeBridge is headquartered in the United States. CodeBridge has appointed an internal data protection officer for you to contact if you have any questions or concerns about CodeBridge's personal data policies or practices. If you would like to exercise your privacy rights, please direct your query to CodeBridge's data protection officer.
Email: privacy@codebridgehq.com
Postal Address: Data Protection Officer, CodeBridge LLC, United States
Support Form: https://www.codebridgehq.com/#contact
Phone: Available upon request through email
How We Collect and Use Your Personal Information
Information We Collect
CodeBridge collects several categories of personal information about its website visitors, clients, and the end users of the solutions we build:
1. Account and Contact Information
- Full name
- Email address
- Job title
- Company/employer name
- Work address
- Work phone number
- Username and password (encrypted)
- Authentication provider identifiers
2. Project and Engagement Data
- Project requirements, specifications, and documentation you share with us
- Source code, datasets, and assets provided for development work
- Communications, meeting notes, and correspondence related to engagements
- Any data processed by solutions we build and operate on your behalf
3. Platform and Service Usage Information
- User roles and permissions
- Team assignments and relationships
- Login history and authentication logs
- Feature usage patterns
- Analytics and reporting data
- User preferences and settings
4. Billing and Payment Information
- Company billing details
- Payment method information (processed by Stripe)
- Usage metrics for billing purposes
- Invoice history
5. Technical Information
- IP addresses
- Browser type and version
- Device information
- Operating system
- Pages visited and time spent
- Referring websites
- Log files and error reports
How We Use Your Information
We use the personal information we collect for the following purposes:
- Service Delivery:To design, build, deliver, maintain, and improve the custom software and AI solutions we provide to our clients.
- Authentication and Security:To verify your identity, enable secure access to your account, prevent fraud, and protect against unauthorized access.
- Analytics and Insights:To generate metrics, understand how our services are used, and deliver business intelligence to our clients.
- Communication:To send service-related notifications, respond to inquiries, provide support, and share important updates about our services.
- Billing and Payments:To process payments, generate invoices, track usage, and manage engagements.
- Product Improvement:To analyze usage patterns, understand client needs, develop new capabilities, and enhance the user experience.
- Compliance:To comply with legal obligations, enforce our terms of service, and respond to lawful requests from authorities.
- Marketing:To send promotional materials about our products and services (only with your consent, and you may opt out at any time).
Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA) and the United Kingdom, we process your personal data based on the following legal grounds:
- Contractual Necessity:Processing is necessary to perform our contract with you.
- Legitimate Interests:We have legitimate business interests in operating and improving our services.
- Legal Obligation:Processing is required to comply with applicable laws.
- Consent:You have provided explicit consent for specific processing activities.
Use of the CodeBridge Website
As is true of most other websites, CodeBridge's website (https://www.codebridgehq.com and https://app.codebridgehq.com) collects certain information automatically and stores it in log files. The information may include: Internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type and version, operating system, pages visited on our website, time and date of visits, referring website addresses, and clickstream data.
We use this information to help us design our site to better suit our users' needs, diagnose problems with our server and administer our website, analyze trends and gather broad demographic information, identify visitor preferences and improve our services, and ensure appropriate staffing to meet client needs.
CodeBridge has a legitimate interest in understanding how clients, customers, and potential customers use its website. This assists CodeBridge with providing more relevant products and services and with providing appropriate support.
When and How We Share Information with Third Parties
Service Providers and Sub-Processors
We engage trusted third-party service providers to help us deliver and improve our services. These providers have access to your personal information only to perform specific tasks on our behalf and are obligated to protect your data.
| Service Provider | Purpose | Data Access |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure, database hosting, file storage, AI/ML services | Project data, user data, metadata |
| Stripe | Payment processing and billing | Billing information, payment methods |
| Analytics Providers | Website analytics and user experience | Website usage data |
| Email Delivery Providers | Transactional email delivery | Email addresses, notification content |
When We Share Information
We do not sell personal information to anyone. We only share your information in the following circumstances:
- With Your Consent:When you explicitly authorize us to share information.
- Service Delivery:With service providers who perform functions on our behalf.
- Legal Compliance:When required by law, legal process, or government request.
- Business Transfers:In connection with a merger, acquisition, or sale of assets.
- Protection of Rights:To enforce our agreements, protect our rights, property, or safety.
- Aggregated Data:We may share aggregated, de-identified data that cannot be used to identify you.
Mobile Information and SMS/Text Messaging
No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All categories mentioned in this Privacy Policy exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
If you opt in to receive SMS or text messages from CodeBridge, the mobile phone number you provide and your consent to be contacted are used solely to deliver the messages you requested (such as account notifications, service updates, security alerts, or support communications). We do not sell, rent, lease, or otherwise share your mobile opt-in information or consent with any third party, and we do not use it for third-party marketing.
How We Handle Mobile Data
- No Sale or Sharing:Mobile opt-in data and consent are never sold, rented, or shared with third parties or affiliates for their marketing purposes.
- Limited Service Providers:We only disclose mobile information to vetted service providers (such as our SMS delivery vendor) strictly to transmit the messages you requested, under contractual confidentiality and data-protection obligations.
- Protected as Sensitive Data:Mobile phone numbers and any associated identifiers are safeguarded with the same SOC 2 Type II controls and, where applicable, HIPAA safeguards applied to all personal data, including encryption in transit and at rest, access controls, and audit logging.
- Opting Out:You can opt out of SMS messages at any time by replying STOP to any message or by contacting us at privacy@codebridgehq.com. You may reply HELP for assistance. Message and data rates may apply, and message frequency varies.
Transferring Personal Data to the U.S.
International Data Transfers
CodeBridge has its headquarters in the United States, and our servers and service providers are primarily located in the United States. Information we collect about you will be processed and stored in the United States.
By using CodeBridge's services, you acknowledge that your personal information will be processed in the United States. The United States has not sought nor received a finding of "adequacy" from the European Union under Article 45 of the GDPR.
Safeguards for International Transfers
Pursuant to Article 46 of the GDPR, CodeBridge provides appropriate safeguards for international data transfers through:
- Standard Contractual Clauses (SCCs):We use binding, standard data protection clauses approved by the European Commission.
- Enhanced SCCs:Our clauses have been enhanced based on guidance from the European Data Protection Board.
- Data Processing Agreements:We enter into data processing agreements with our vendors.
- Additional Safeguards:We implement technical measures including AES-256 encryption at rest, TLS 1.3 encryption in transit, VPC isolation, multi-factor authentication, and role-based access controls.
Data Subject Rights
Your Privacy Rights
The European Union's General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other privacy laws provide certain rights for data subjects. We respect and honor these rights for all our users, regardless of location.
Rights Under GDPR
If you are located in the EEA or UK, you have the following rights:
- Right to Be Informed:Clear information about how we collect and use your personal data.
- Right of Access:Request access to your personal data and information about how we process it.
- Right to Rectification:Correct inaccurate or incomplete personal data.
- Right to Erasure:Request deletion of your personal data in certain circumstances.
- Right to Restrict Processing:Request that we limit how we use your personal data.
- Right to Data Portability:Receive your personal data in a structured, machine-readable format.
- Right to Object:Object to our processing of your personal data in certain circumstances.
- Rights Related to Automated Decision Making:Not be subject to decisions based solely on automated processing.
How to Exercise Your Rights
To exercise any of these rights, please contact us at:
- Email: privacy@codebridgehq.com
- Support Form: https://www.codebridgehq.com/#contact
- Account Settings: Access your account settings to update certain information directly
We will respond to your request within 30 days for GDPR requests or 45 days for CCPA requests.
Security of Your Information
Our Commitment to Security
CodeBridge takes the security of your personal information seriously. We implement comprehensive technical, administrative, and physical security measures designed to protect your data from unauthorized access, disclosure, alteration, and destruction, in alignment with HIPAA and SOC 2 Type II requirements.
Technical Security Measures
- Encryption:AES-256 encryption for data at rest, TLS 1.3 encryption for data in transit.
- Network Security:VPC isolation with private subnets, security groups, network segmentation, and WAF protection.
- Authentication:Advanced identity management, multi-factor authentication support, and token-based authentication.
- Data Protection:Secrets management for credentials and automated, encrypted backups.
- Application Security:Input validation, parameterized queries, CSP headers, and XSS and CSRF protection.
Data Breach Notification
In the unlikely event of a data breach that affects your personal information, we will notify affected individuals within 72 hours of becoming aware of the breach (as required by GDPR), provide information about what data was affected, explain the steps we are taking to address the breach, and offer guidance on how you can protect yourself.
Data Storage and Retention
Where We Store Your Data
Your personal data is stored by CodeBridge in secure cloud infrastructure located in the United States, including managed databases across multiple availability zones, object storage, and encrypted backups with cross-region replication.
How Long We Retain Your Data
- Client Data (Active Accounts): Duration of your business relationship with CodeBridge
- Client Data (After Account Closure): Up to 90 days after account termination
- Billing and Financial Records: 7 years (as required by tax and financial regulations)
- System Logs: Application logs (90 days), Security logs (1 year), Audit logs (7 years)
- Analytics and Aggregated Data: Indefinitely (after de-identification)
Right to Deletion
You have the right to request deletion of your personal data at any time. To request deletion, email privacy@codebridgehq.com or use your account settings. We will process deletion requests within 30 days and provide confirmation once complete.
Children's Data
Age Restrictions
CodeBridge's services are not directed to children under the age of 16. We do not knowingly collect, use, or disclose personal information from children under 16 years of age.
What We Do If We Learn We Have Collected Children's Data
If we become aware that we have inadvertently collected personal information from a child under 16 without proper parental consent, we will:
- Delete the information as soon as possible
- Terminate any associated account
- Not use the information for any purpose
- Not disclose the information to third parties
If you believe that we have collected personal information from a child under 16, please contact us immediately at privacy@codebridgehq.com.
Changes to This Privacy Policy
Updates and Modifications
We reserve the right to update this Privacy Policy from time to time to reflect changes in our data practices, new features or services, legal or regulatory requirements, and feedback from users or regulators.
How We Notify You
When we make material changes to this Privacy Policy:
- We will update the "Effective Date" at the top of this policy
- We will notify active users via email, in-app notification, and prominent notice on our website
- For significant changes, we may require you to review and accept the updated policy
Your continued use of CodeBridge services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.
Questions, Concerns, or Complaints
Contact Us
If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:
CodeBridge LLC
Data Protection Officer: privacy@codebridgehq.com
Postal Address: CodeBridge LLC, Attention: Privacy Team, United States
Response Time
- General questions: 5 business days
- Data subject requests: 30 days (GDPR) or 45 days (CCPA)
- Security concerns: 24-48 hours
- Data breach notifications: Within 72 hours of confirmation
Supervisory Authorities
If you believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with:
- European Union/EEA:European Data Protection Supervisor or your national data protection authority.
- United Kingdom:Information Commissioner's Office (ICO) - https://ico.org.uk
- California:California Attorney General's Office - https://oag.ca.gov/privacy
Acknowledgment and Acceptance
By using CodeBridge's services, visiting our website, or providing us with your personal information, you acknowledge that:
- 1:You have read and understood this Privacy Policy.
- 2:You consent to the collection, use, and disclosure of your personal information as described.
- 3:You understand your rights and how to exercise them.
- 4:You agree to the transfer of your data to the United States (if applicable).
If you do not agree with this Privacy Policy, please do not use our services.
Last Updated: July 1st, 2025
Version 2.0
© 2026 CodeBridge LLC. All rights reserved.