Privacy policy.

This policy explains what information Codvyx (“we”, “our”, “the studio”) collects when you visit codvyx.com, email us, message us on WhatsApp, or work with us on a project — and what we do with it.

It applies to every page of codvyx.com and to all client and prospect communications that happen outside the site.

When you reach out — by email, contact form, WhatsApp or scheduled call — we receive whatever you choose to share. Typically that is your name, work email, company, and a short description of your project.

If you become a client, we additionally hold the information needed to deliver the engagement: invoicing details, signed proposals, contracts, design assets, code access tokens, and project documentation.

Like most websites, our server records standard request data — IP address, user agent, the page you requested, and a timestamp — to keep the site running and to detect abuse.

We use a privacy-respecting analytics setup that does not store personally identifying cookies. We do not run advertising trackers, fingerprinting scripts, or third-party social pixels on codvyx.com.

We use your information for three things, and three things only: to reply to you, to deliver the work you have hired us for, and to send invoices or contracts related to that work.

We never sell, rent, or trade your information. We do not enrol you in marketing sequences without explicit opt-in.

To run the studio we use a small number of vetted vendors — for email (Google Workspace), hosting (Vercel, AWS, Cloudflare), payments (Razorpay, Stripe, Wise), version control (GitHub), and design (Figma).

These vendors process information on our behalf and are bound by their own privacy commitments. We pick vendors with strong security posture and disclose them in writing before any client data is shared.

Casual enquiries that do not lead to a project are deleted within 12 months.

Active client records — proposals, invoices, project repositories — are retained for the duration of the engagement plus the period required by Indian tax and accounting law (currently seven financial years).

On written request, we will delete any record we are not legally required to retain.

Production systems run on encrypted infrastructure with access restricted to named team members on hardware-backed credentials. Code repositories and design files use SSO and two-factor authentication.

If we ever experience a security incident that affects your data, we will tell you within 72 hours of confirming it and explain what happened and what we are doing about it.

You can ask us, at any time, to confirm what information we hold about you, to correct it, to export it in a portable format, or to delete it. Write to info@codvyx.com and we will respond within 30 days.

If you are an Indian resident, you have the rights granted under the Digital Personal Data Protection Act, 2023. If you are in the EEA or the UK, you have the rights granted under the GDPR. We honour both.

Our services are aimed at businesses, founders, and operators. We do not knowingly collect information from anyone under the age of 18.

We may update this policy as the studio grows or as the law changes. The date at the top of this page reflects the most recent revision. For material changes, we will email active clients in advance.