Privacy Policy

Last updated: June 9, 2025

1. Introduction

Codelloy (“we”, “us”, or “our”) operates a SaaS platform for smart link and QR code generation, analytics, and custom domain routing. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have over your data.

By using the Service, you agree to the collection and use of information as described in this Policy. This Policy applies to our website, dashboard application, API, and any other product or service that links to this Policy.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect your name, email address, and (if applicable) your organization name. If you authenticate via Google OAuth, we receive your name and email from Google.

2.2 Billing Data

Payment processing is handled by Stripe. We do not store your full credit card number or CVV. Stripe provides us with a payment token and billing address for invoicing purposes.

2.3 Usage and Configuration Data

We store the smart links, QR codes, custom domains, and other configuration you create through the Service, along with metadata such as creation timestamps and settings.

2.4 Analytics Data from Link Clicks

When an end user clicks one of your smart links or scans a QR code, we collect:

  • Click timestamp
  • Device type and operating system (derived from User-Agent)
  • Referrer URL
  • Country and region (derived from truncated IP address)
  • Visitor and session identifiers (via cookies; see below)

2.5 Log Data

Our servers automatically record standard web logs when you interact with the Service, including your IP address, browser type, pages visited, and error information. Log data is used for security monitoring and debugging.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service
  • Process payments and manage subscriptions
  • Send transactional emails (account confirmations, invoices, password resets)
  • Provide click analytics and reporting to you as the link owner
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations
  • Communicate service updates and material changes to these policies

4. Analytics Cookies

When a visitor clicks a Codelloy smart link or scans a Codelloy QR code, the following cookies may be set to enable analytics:

CookiePurposeLifetime
_sl_vidPersistent visitor ID used for unique visitor counting.1 year
_sl_sidSession ID used for session tracking.Browser session (no expiration)

Both cookies are httpOnly and use sameSite=lax. They are set only when a user visits a smart link or scans a QR code, not when browsing this marketing website.

These cookies are not used for advertising or cross-site tracking. As a Codelloy customer, you are responsible for disclosing the use of these cookies to your end users in accordance with applicable laws (e.g., GDPR, ePrivacy Directive, CCPA).

5. IP Address Handling

IP addresses are truncated (the last octet is zeroed, e.g. 203.0.113.0) before storage. Full IP addresses are never persisted. Truncated IP data is used only for geographic attribution in analytics reports.

6. Data Retention

We retain different categories of data for different periods:

  • Analytics click data: retained for 730 days (2 years) from the date of collection
  • Account data: retained for the duration of your account, plus up to 90 days after account closure to allow for recovery requests
  • Billing records: retained for 7 years as required for tax and accounting compliance
  • Server logs: retained for up to 90 days

7. Third-Party Services

We use third-party services to operate the platform. Each third-party service has its own privacy practices:

Stripe

Payment processing. Stripe collects billing information directly from you on our behalf and is subject to its own privacy policy.

Google OAuth

Optional sign-in via Google. When you sign in with Google, we receive your name and email address from Google. Google's use of your data is governed by Google's Privacy Policy.

Cloudinary

Image and media asset hosting for QR codes and other visual assets. Files you upload or generate may be stored on Cloudinary's infrastructure.

Mailgun

Transactional email delivery for account confirmations, password resets, invoices, and policy update notifications. Your email address is shared with Mailgun solely for this purpose.

8. Data Sharing and Disclosure

We do not sell your personal data. We may share information in the following circumstances:

  • Service providers: with the third-party services listed above, under contractual data processing agreements
  • Legal compliance: if required by law, court order, or governmental authority
  • Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction
  • Protection of rights: to investigate, prevent, or take action regarding illegal activities, fraud, or threats to security

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you
  • Correction: request that inaccurate data be corrected
  • Deletion: request erasure of your personal data (subject to legal retention requirements)
  • Portability: receive your data in a structured, machine-readable format
  • Objection: object to certain processing activities
  • Restriction: request that we restrict processing of your data in certain circumstances

To exercise any of these rights, contact us at privacy@codelloy.com. We will respond within 30 days.

10. Data Security

We implement industry-standard technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. However, no transmission over the internet or electronic storage method is 100% secure, and we cannot guarantee absolute security.

11. Updates to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice in the Service before the changes take effect.

Your continued use of the Service after the effective date of the revised Policy constitutes your acceptance of the changes.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Privacy inquiries: privacy@codelloy.com

General support: support@codelloy.com