Privacy Policy

Last updated:

1. Introduction

Codemina Ltd ("we," "our," or "us") is a private limited company registered in the United Kingdom with company number 14528227. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including our WhatsApp Business Engagement SaaS Platform, web applications, mobile applications, email hosting, and domain registration services.

3. Information Collection

3.1 Personal Information

We collect:

  • Name and contact details
  • Email addresses
  • Billing information
  • Domain registration information
  • IP addresses
  • Device information
  • Usage data and patterns
  • Log files
  • Location information

4. Use of Information

We use your information for:

  • Service provision and maintenance
  • Payment processing
  • Communication
  • Service improvement
  • Legal compliance
  • Technical support
  • Security monitoring
  • Fraud prevention

5. Data Storage and Security

5.1 Cloud Infrastructure

We use Amazon Web Services (AWS) data centers located in:

  • United Kingdom
  • United States
  • Germany

All data is processed and stored in accordance with AWS's security standards and our data protection requirements.

5.2 Security Measures

We implement:

  • Data encryption (in transit and at rest)
  • Regular security assessments
  • Access controls
  • Firewall protection
  • Regular backups
  • Employee training

6. Data Sharing

We share information with:

  • Service providers and partners
  • Payment processors
  • Domain registrars
  • Law enforcement (when required)
  • Third parties (with your consent)

7. Your Rights

Under data protection laws, you can:

  • Access your data
  • Request corrections
  • Request deletion
  • Object to processing
  • Request data portability
  • Withdraw consent
  • Lodge complaints with authorities

8. Cookies

Used for:

  • Session management
  • Preference storage
  • Usage analysis
  • User experience improvement
  • Security

9. Children's Privacy

Our services are not intended for children under 13, and we do not knowingly collect their information.

10. International Transfers

Data transfers between AWS data centers comply with:

  • Standard Contractual Clauses
  • UK and EU GDPR requirements
  • Appropriate safeguards
  • AWS data protection agreements

11. Data Processing

11.1 Data Controller and Processor

Codemina Ltd acts as both a data controller and data processor depending on the nature of our services:

  • As Data Controller: For our own business operations, customer account management, and direct service provision
  • As Data Processor: When processing data on behalf of our business clients using our SaaS platforms

11.2 Data Processing Activities

We process personal data for the following purposes:

  • Service delivery and platform operations
  • Customer communication and support
  • Billing and payment processing
  • Service improvement and analytics
  • Compliance with legal obligations
  • Security and fraud prevention

11.3 Data Retention

We retain personal data for the following periods:

  • Customer Account Data: Duration of the business relationship plus 7 years for legal/tax purposes
  • Transaction Records: 7 years as required by UK financial regulations
  • Communication Logs: Up to 90 days unless required for legal purposes
  • Support Tickets: 3 years after resolution
  • Marketing Data: Until consent is withdrawn or 2 years of inactivity

11.4 Data Subject Rights

All data subjects have the right to:

  • Request access to their personal data
  • Request rectification of inaccurate data
  • Request erasure of data ("right to be forgotten")
  • Request restriction of processing
  • Object to processing
  • Request data portability
  • Withdraw consent at any time
  • Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise these rights, contact us at support@codemina.com

11.5 Data Processing Agreements

When we process data on behalf of our business clients, we enter into Data Processing Agreements (DPAs) that comply with UK GDPR and EU GDPR requirements. These agreements specify:

  • The nature and purpose of processing
  • Types of personal data and categories of data subjects
  • Obligations and rights of the controller and processor
  • Security measures and sub-processor arrangements
  • Data breach notification procedures
  • International data transfer mechanisms

12. WhatsApp Business API Data Processing

12.1 WhatsApp Engagement Platform

Our WhatsApp Business Engagement SaaS Platform enables businesses to communicate with their customers via the WhatsApp Business API. We are applying to become a Meta Tech Provider partner.

12.2 Data Processed Through WhatsApp

When using our WhatsApp Business Engagement Platform, we may process:

  • WhatsApp Business Account information
  • Customer phone numbers and contact details
  • Message content (text, images, videos, documents)
  • Message metadata (timestamps, delivery status, read receipts)
  • Business profile information
  • Conversation history and analytics

12.3 WhatsApp Data Handling and Meta Integration

When you use our WhatsApp Business Engagement Platform:

  • Messages are transmitted through Meta's WhatsApp Business API infrastructure
  • Meta processes message data according to their WhatsApp Business Policy
  • We act as a data processor on behalf of businesses using our platform
  • Message content is encrypted end-to-end where supported by WhatsApp
  • We do not share WhatsApp data with third parties except as required for service operation
  • All WhatsApp data processing complies with Meta's Platform Terms and Policies

12.4 WhatsApp Data Retention

  • Message Content: Stored for up to 90 days for service delivery, or as configured by the business client
  • Message Metadata: Retained for up to 2 years for analytics and compliance
  • Contact Information: Retained for the duration of the business relationship
  • Conversation History: Available to business clients as per their subscription plan

12.5 WhatsApp User Rights

End users communicating via WhatsApp with businesses using our platform can:

  • Block or report business accounts directly within WhatsApp
  • Request deletion of their data by contacting the business directly
  • Opt-out of business messaging by blocking the business on WhatsApp
  • Contact us at support@codemina.com for data subject rights requests

12.6 Business Client Responsibilities

Businesses using our WhatsApp Engagement Platform are responsible for:

  • Obtaining appropriate consent from their customers before sending WhatsApp messages
  • Complying with WhatsApp Business Policy and applicable data protection laws
  • Providing clear privacy information to their customers
  • Handling data subject rights requests from their customers
  • Ensuring message content complies with WhatsApp's terms of service
  • Maintaining their own Data Processing Agreement with us

12.7 Meta as Sub-Processor

Meta Platforms Inc. (formerly Facebook) acts as a sub-processor for WhatsApp message delivery. Meta processes data according to:

13. Policy Updates

We'll notify you of significant changes via:

  • Email
  • Website announcements
  • Application notifications