Privacy Policy
Last updated:
This Privacy Policy explains how CodLight (“CodLight,” “we,” “our”) handles information collected through codlight.com and our related services. We are committed to keeping personal data minimal, secure, and used only for the purposes described below.
Template notice. This document is a baseline template aligned with the GDPR, UK GDPR, and CCPA. Before launch, have your legal counsel adapt it to your jurisdiction, processors, and retention windows.
1. Who we are
CodLight is a software development studio. The controller of any personal data processed via this website is CodLight. To contact the data controller, write to ceo@codlight.com with the subject line “Data request.”
2. What we collect
We collect only what we need to operate the site and respond to inquiries:
- Contact data you provide on the project inquiry form: name, email, the service you select, and the details you share in the message field.
- Booking data when you schedule a call via Calendly: name, email, time zone, and any answers to scheduling questions. Calendly processes this on our behalf.
- Newsletter subscriptions: email address only.
- Technical data automatically logged by our hosting and analytics providers: IP address, browser type, device, referring URL, pages viewed, scroll depth, click events, and approximate location (country / region).
- Behavioural data from Microsoft Clarity and Google Analytics 4 — aggregated, anonymized signals about how visitors move through the site. Form field contents are masked by default.
- Chat transcripts if you start a conversation via our Tawk.to widget.
3. How we use it
- Respond to your inquiries and proposals.
- Schedule and conduct discovery calls.
- Send newsletters (only with explicit opt-in; opt out any time).
- Operate, secure, and improve the website.
- Measure marketing performance in aggregate.
- Comply with legal obligations.
We do not sell personal data and do not use it for third-party advertising.
4. Lawful basis (GDPR · UK GDPR)
- Consent — analytics and chat cookies (you can withdraw at any time via our cookie banner or browser).
- Contract — communications related to a live engagement or proposal.
- Legitimate interest — basic security, fraud prevention, and aggregate site metrics.
- Legal obligation — tax, accounting, and statutory record-keeping.
5. Service providers (sub-processors)
The following providers process limited data on our behalf. Each is bound by an agreement that restricts use to instructions from CodLight and requires appropriate safeguards.
| Provider | Purpose | Region |
|---|---|---|
| Google Analytics 4 / Tag Manager | Aggregate site analytics, event tracking | US / EU |
| Microsoft Clarity | Heatmaps, session replay (anonymized) | US / EU |
| Tawk.to | Live chat | US |
| Calendly | Meeting scheduling | US |
| Vercel | Website hosting + edge delivery | Global edge |
6. International transfers
Some providers are located outside your country of residence, including the United States. Where required, transfers rely on Standard Contractual Clauses or equivalent safeguards approved by the relevant data protection authority.
7. Retention
- Contact form messages: up to 24 months after last contact.
- Active client communications: for the life of the engagement plus 7 years.
- Newsletter subscriptions: until you unsubscribe.
- Aggregate analytics: 14 months (GA4 default).
- Session recordings (Clarity): up to 90 days.
8. Your rights
Depending on your jurisdiction, you may have the right to access, correct, delete, restrict, or port your personal data, to object to processing, and to withdraw consent at any time. To exercise these rights, email ceo@codlight.com. We respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
9. Children
Our services are not directed to children under 16, and we do not knowingly collect data from them.
10. Security
We apply industry-standard administrative, technical, and physical safeguards including TLS in transit, least-privilege access, audit logs, and routine security reviews. No system is perfectly secure; if a breach materially affects you, we will notify you without undue delay.
11. Changes
We may update this policy as our services evolve. Material changes will be announced on this page with a revised “Last updated” date. Continued use of the site after changes constitutes acceptance.
12. Contact
CodLight · ceo@codlight.com · codlight.com
Reach us at ceo@codlight.com. For data access, deletion, or correction requests, mark the subject line “Data request” and we’ll respond within 30 days.
