Logo

Privacy

Privacy Policy

Effective Date: January 21, 2025 Last Updated: January 21, 2025

1. Introduction

Cod'Hash ("we", "us", "our") operates the blog platform at blog.codhash.dev (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, organization details when you create an account
  • Profile Information: Display name, bio, avatar, social media links for author profiles
  • Content: Blog articles, images, comments you create or upload
  • Payment Information: Processed securely by Stripe (we do not store credit card details)

2.2 Automatically Collected Information

  • Usage Data: Pages viewed, articles read, features used
  • Analytics: Article views, reading time, trending content (anonymized)
  • Technical Data: Browser type, IP address, device information, referrer URLs
  • Cookies: Session cookies for authentication, preference cookies for settings

2.3 Information from Third Parties

  • Authentication Providers: Google, GitHub (email, name, profile picture with your consent)
  • Payment Processor: Stripe (subscription status, payment events)

3. How We Use Your Information

We use collected information for:

  • Service Delivery: Provide, maintain, and improve the blog platform
  • Authentication: Secure account access and session management
  • Content Management: Store and display your articles, author profiles, media
  • Analytics: Understand usage patterns, popular content, performance metrics
  • Communication: Send service updates, billing notifications, support responses
  • Security: Detect and prevent fraud, abuse, security incidents
  • Compliance: Meet legal obligations and enforce our Terms of Service

4. Data Sharing and Disclosure

We share your information only in these cases:

4.1 Service Providers

  • Vercel: Hosting and deployment infrastructure
  • Neon/PostgreSQL: Database storage (encrypted at rest)
  • Stripe: Payment processing (PCI-DSS compliant)
  • UploadThing: Media file storage and CDN
  • Resend: Transactional email delivery

4.2 Legal Requirements

We may disclose information if required by:

  • Valid legal process (subpoena, court order)
  • Protection of rights, property, or safety
  • Prevention of fraud or security threats

4.3 Business Transfers

If Cod'Hash is acquired or merged, your information may transfer to the new entity.

5. Data Retention

  • Account Data: Retained while your account is active
  • Content: Articles and media retained until you delete them
  • Analytics: Aggregated analytics retained for 24 months
  • Deleted Accounts: Permanently deleted within 30 days of account deletion request

6. Your Rights

Depending on your location, you have rights to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Portability: Export your content in machine-readable format
  • Objection: Opt out of certain data processing
  • Withdrawal: Revoke consent for data processing

Contact us at hello@codhash.com to exercise these rights.

7. Data Security

We implement security measures including:

  • Encryption: HTTPS for data in transit, encryption at rest
  • Authentication: Secure password hashing, magic link authentication
  • Access Controls: Role-based permissions, API key authentication
  • Monitoring: Security logging, incident detection
  • Vendor Security: SOC 2 compliant service providers

No method is 100% secure. We cannot guarantee absolute security.

8. Cookies and Tracking

Essential Cookies

  • Authentication: Session management (required)
  • Security: CSRF protection tokens (required)

Optional Cookies

  • Preferences: Theme, language settings (optional)
  • Analytics: Anonymous usage tracking (can be disabled)

You can control cookies via browser settings.

9. International Data Transfers

Your data may be transferred to servers in the United States and Europe. We ensure adequate protection through:

  • Standard Contractual Clauses: EU-approved data transfer mechanisms
  • Vendor Compliance: GDPR and privacy shield frameworks
  • Encryption: Data encrypted during transfer and storage

10. Children's Privacy

The Service is not intended for users under 16. We do not knowingly collect data from children. If we discover such collection, we delete it immediately.

11. Changes to This Policy

We may update this Privacy Policy. We will notify you via:

  • Email notification to your registered address
  • Prominent notice on the Service
  • Updated "Last Updated" date at the top

Continued use after changes constitutes acceptance.

12. Contact Us

For privacy questions or requests:

  • Email: hello@codhash.com
  • Website: https://codhash.com
  • Address: [Your registered business address]

13. GDPR Compliance (EU Users)

Legal Basis for Processing

  • Contract Performance: Provide the Service you requested
  • Legitimate Interest: Improve Service, prevent fraud
  • Consent: Marketing communications (optional)

Data Protection Officer

Contact our DPO at hello@codhash.com for GDPR matters.

Supervisory Authority

EU users can lodge complaints with their local data protection authority.

14. California Privacy Rights (CCPA)

California residents have rights to:

  • Know what personal information is collected
  • Request deletion of personal information
  • Opt out of sale of personal information (we do not sell data)
  • Non-discrimination for exercising rights

Request via hello@codhash.com with subject "California Privacy Request".