Codeshare Privacy Policy - Data Protection & Privacy Rights

    Privacy at a Glance

    • Zero data selling or sharing with third parties
    • Full control over your data and privacy settings
    • 30 days data retention after account deletion

    Compliance

    GDPR Compliant, CCPA Compliant

    Information We Collect

    Account Information

    • Email address (required for account creation)
    • Username (publicly visible identifier)
    • Password (encrypted, never stored in plain text)
    • Optional profile information (name, bio, location)

    Your Rights

    • Right to access your data
    • Right to rectification
    • Right to erasure (right to be forgotten)
    • Right to data portability
    • Right to withdraw consent

    Contact

    For privacy concerns, contact: [email protected]

    Last updated: December 15, 2024

    Privacy & Security Policy

    How we protect the integrity of the platform and your personal data.

    1. Universal Data Collection
    Data collected from all users, including unregistered guests.

    To maintain platform security, prevent unauthorized scraping, and mitigate malicious activity, Codeshare automatically collects technical identifiers from every visitor — regardless of whether you have an account or are browsing as a guest.

    • Network Identifiers: IP addresses (IPv4 and IPv6), proxy/VPN detection metadata, ISP details, autonomous system numbers (ASN), and network routing paths.
    • Device Fingerprinting: Browser type, version, rendering engine, installed plugins, screen resolution, color depth, timezone, language preferences, operating system, and hardware identifiers where available (e.g., GPU renderer strings, AudioContext fingerprints).
    • Geolocation: Approximate location data (country, region, city) derived from IP geolocation databases. We do not use GPS-based location tracking.
    • Behavioral Analytics: Navigation paths, click patterns, scroll depth, time spent on pages, referrer URLs, search queries within the platform, download events, and resource access logs.
    • Technical Metadata: HTTP headers, TLS handshake parameters, cookie identifiers, session tokens, and request timing data used for bot detection.

    Legal Basis: This data collection is performed under our legitimate interest in protecting the platform from fraud, abuse, and unauthorized automated access (GDPR Article 6(1)(f)). For users in jurisdictions requiring explicit consent, continued use of the platform constitutes acceptance of these practices.

    2. Registered User Data
    Information stored for account maintenance and platform operations.

    When you create an account, the following data categories are collected and stored:

    • Authentication Credentials: Email addresses and cryptographically hashed passwords using bcrypt with salt rounds. We never store passwords in plaintext, reversible encryption, or weak hash formats (MD5, SHA-1).
    • Profile Information: Usernames (publicly visible), display names, optional biographies, avatar images, social media links, and YouTube channel integrations.
    • Transaction Records: Complete purchase history, sales records, payment amounts, timestamps, buyer/seller identifiers, product metadata, refund status, and dispute records. Transaction logs are retained for a minimum of 7 years for regulatory and tax compliance.
    • Communication Data: Internal messages, support tickets, dispute correspondence, and notification preferences. All internal communications are logged and may be reviewed by administration.
    • Session History: Login timestamps, session durations, IP addresses used per session, devices used, and multi-factor authentication events.
    • Content Metadata: All code snippets, products, reviews, comments, and other user-generated content along with creation timestamps, edit history, and visibility settings.
    3. Mandatory KYC for Merchants
    High-security storage of identity verification data.

    As a digital marketplace facilitating financial transactions, we are legally required to verify the identity of all sellers. KYC data is subject to the highest security standards.

    • Identity Documents: Government-issued photo identification (national ID card, passport, driver's license). Document images are encrypted immediately upon upload.
    • Proof of Address: Utility bills, bank statements, or government correspondence dated within the last 3 months, confirming physical residence.
    • Financial Identifiers: Tax identification numbers (TIN), VAT registration numbers, IBAN/bank account details for payout processing.
    • Biometric Verification: Where required by law or risk assessment, selfie verification cross-referenced against submitted identification documents.

    Security Measures for KYC Data:

    • All KYC documents are encrypted at rest using AES-256 encryption.
    • Access is restricted to a maximum of 2 authorized security personnel through role-based access control (RBAC).
    • KYC data is stored in geographically isolated, dedicated encrypted storage volumes separate from the main application database.
    • All access to KYC data is logged with immutable audit trails.
    • KYC documents are automatically purged 90 days after account closure, unless retention is required by legal obligation.
    4. Data Utilization & Security Infrastructure
    How your data is used to protect and power the platform.

    We use your data strictly for the following purposes. We do not sell, rent, or trade your personal data to third-party advertisers, data brokers, or marketing agencies under any circumstances.

    • Platform Operations: Account management, authentication, authorization, content delivery, search indexing, and recommendation systems.
    • Transaction Processing: Payment facilitation, commission calculation, payout processing, invoice generation, and financial reporting.
    • Security & Fraud Prevention: Real-time threat detection, bot mitigation, rate limiting, IP reputation scoring, device fingerprint analysis, and anomaly detection in transaction patterns.
    • Legal Compliance: Tax reporting, anti-money laundering (AML) obligations, court orders, law enforcement requests, and regulatory audits.
    • Service Improvement: Aggregated, anonymized analytics for platform performance monitoring, feature usage analysis, and user experience optimization. Individual user data is never used for this purpose.
    • Communication: Transactional notifications (purchase confirmations, payout alerts), security alerts (login from new device), and platform announcements. Marketing emails are opt-in only.

    Security Infrastructure:

    • All traffic is served exclusively over TLS 1.3 with HSTS enforcement and certificate pinning.
    • Application databases are encrypted at rest and replicated across geographically distributed backup locations.
    • Daily automated backups with 30-day retention in encrypted, air-gapped storage.
    • Web Application Firewall (WAF) with real-time rule updates for OWASP Top 10 protection.
    • DDoS mitigation through enterprise-grade traffic scrubbing and rate limiting.
    • Intrusion Detection System (IDS) monitoring all server access with automated alerting.
    • Regular penetration testing by third-party security firms.
    5. Cookies & Tracking Technologies
    How we use cookies and similar technologies.

    Codeshare uses the following categories of cookies and tracking technologies:

    • Essential Cookies: Required for authentication, session management, CSRF protection, and security. These cannot be disabled as they are necessary for platform function.
    • Functional Cookies: Store user preferences such as theme settings, language selection, editor configuration, and display options.
    • Analytical Cookies: Collect anonymized usage statistics to help us understand how users interact with the platform. No personally identifiable information is stored in analytical cookies.
    • Security Cookies: Used for bot detection, rate limiting, and fraud prevention. These cookies are set automatically and are essential for platform integrity.

    We do not use third-party advertising cookies, cross-site tracking pixels, or social media tracking widgets. No data from our cookies is shared with advertising networks.

    6. Third-Party Data Sharing & Disclosures
    When and how data leaves our infrastructure.

    Your data may be shared with the following categories of third parties under strictly controlled conditions:

    • Payment Infrastructure Provider: Financial transaction data (amount, currency, card token) is processed by our contracted payment infrastructure provider. We do not store raw credit card numbers, CVV codes, or full card details on our servers. Payment data is transmitted directly to the processor via PCI DSS Level 1 compliant channels.
    • Law Enforcement & Legal Authorities: We will disclose any requested data to law enforcement agencies upon receipt of a valid court order, subpoena, or warrant. We may also proactively report criminal activity detected on the platform to relevant authorities without user notification.
    • YouTube / Google API: For subscriber-only content features, we verify YouTube subscription status via the Google API. We access only the minimum data required (channel subscription status) and do not store your private Google account data, watch history, or personal Google information.
    • Email Service Provider: Transactional and notification emails are sent through our contracted email delivery service. Only email addresses and message content are shared with this provider.
    • Content Delivery Network (CDN): Static assets and cached content are served through our CDN provider. CDN access logs may contain IP addresses and are subject to the CDN provider's data retention policies.

    Critical Notice: We will never sell user data to data brokers, advertisers, or any commercial third party. Any employee or contractor who violates this policy is subject to immediate termination and legal action.

    7. Data Retention & Lifecycle
    How long we keep your data and when it is deleted.
    Data CategoryRetention PeriodJustification
    Account DataUntil deletion + 30 daysRecovery period
    Transaction Records7 years minimumTax & regulatory compliance
    KYC Documents90 days post-closureAML compliance
    Security Logs (IP, fingerprints)24 months rollingFraud investigation
    Support Tickets3 yearsDispute resolution
    Banned User Data (IP/HWID)IndefinitePlatform protection
    Cookies & Session DataSession / 1 year maxFunctionality
    Analytics (anonymized)IndefiniteService improvement
    8. Your Rights Under GDPR, CCPA & International Law
    Control and lifecycle of your information.

    Depending on your jurisdiction, you have the following rights regarding your personal data:

    • Right of Access (GDPR Art. 15): Request a copy of all personal data we hold about you. We will respond within 30 days.
    • Right to Rectification (GDPR Art. 16): Request correction of inaccurate or incomplete data.
    • Right to Erasure (GDPR Art. 17): Request deletion of your data ("right to be forgotten"), subject to legal retention requirements outlined in Section 7.
    • Right to Data Portability (GDPR Art. 20): Request your data in a machine-readable format (JSON/CSV) for transfer to another service.
    • Right to Restrict Processing (GDPR Art. 18): Request limitation of data processing while a dispute is being resolved.
    • Right to Object (GDPR Art. 21): Object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.
    • CCPA Rights (California): Right to know what data is collected, right to delete, right to opt-out of sale (we do not sell data), and right to non-discrimination.

    To exercise any of these rights, contact [email protected] with your account email and a description of your request. Identity verification will be required before processing.

    Limitation: In cases of fraud, platform bans, or active legal investigations, we reserve the right to retain hardware identifiers, IP hashes, and transaction records to prevent re-entry and protect the platform ecosystem, even after account deletion.

    9. International Data Transfers
    Cross-border data movement and safeguards.

    Codeshare operates globally and your data may be transferred to and processed in countries outside your country of residence. When data is transferred internationally, we ensure appropriate safeguards are in place:

    • Standard Contractual Clauses (SCCs) approved by the European Commission for EU-to-third-country transfers.
    • Adequacy decisions where the destination country provides adequate data protection.
    • End-to-end encryption for all data in transit between jurisdictions.
    • Data processing agreements (DPAs) with all sub-processors mandating equivalent security standards.
    10. Children's Privacy (COPPA Compliance)
    Protection of minors.

    Codeshare is not intended for use by individuals under the age of 18 (or the age of majority in their jurisdiction). We do not knowingly collect personal data from minors. If we discover that a minor has created an account, the account will be immediately terminated and all associated data will be permanently deleted within 72 hours.

    Parents or guardians who believe their child has provided personal information to Codeshare should contact [email protected] immediately.

    11. Data Breach Notification Protocol
    Our response plan in the event of a security incident.

    In the unlikely event of a data breach that affects your personal information:

    • We will notify affected users within 72 hours of discovering the breach, in compliance with GDPR Article 33.
    • Notifications will include: the nature of the breach, categories of data affected, approximate number of individuals impacted, potential consequences, and measures taken to mitigate the breach.
    • Relevant supervisory authorities will be notified as required by applicable law.
    • A post-incident report will be published within 30 days detailing the root cause and preventive measures implemented.
    12. Policy Modifications & Contact
    How we handle changes to this policy.

    We reserve the right to update this Privacy Policy at any time. Material changes will be communicated via email notification and a prominent banner on the platform at least 15 days before they take effect. Minor clarifications or formatting changes may be applied without prior notice.

    Continued use of Codeshare after policy changes take effect constitutes acceptance of the updated terms. If you disagree with any changes, you must cease using the platform and request account deletion.

    Contact Information:

    Last Updated: April 1, 2026