This website (secode.dev) and related training application at app.secode.dev (together, the “Service”) are operated by Secode (“we”, “us”, or “our”). We are the controller of personal data collected through the Service, unless stated otherwise (for example, where an organization administers accounts for its members).
This policy explains how we collect, use, disclose, and protect personal data when you visit our marketing website or use the training application. Some sections apply only to registered users of the application; we label those where helpful. If your access is provisioned by your employer or another organization, that organization may act as the controller for certain processing activities; in such cases, their privacy notice governs.
Training activity (app users): course selections, attempts, scores, feedback, and support requests.
Communications: messages you send us (e.g., support, demo requests).
3.2 Data collected automatically
Device & usage: IP address, device and browser type, pages viewed, timestamps, and referral URLs.
Cookies & similar: used for essentials (e.g., session), preferences, analytics, and—if enabled—marketing. See Cookies.
3.3 Data from third parties
SSO/Identity providers (app users): we receive basic profile and authentication data when you sign in via SSO.
Workspace admins (app users): administrators may supply user lists or roles to set up seats and permissions.
4) How we use personal data
Provide and maintain the Service (including account creation, authentication, and training delivery).
Improve and develop features (e.g., better content recommendations and product analytics).
Security (fraud prevention, abuse detection, and to protect the Service and users).
Communications (respond to inquiries, provide updates; you can opt out of non-essential emails).
Compliance (legal obligations, record keeping, and enforcing terms).
AI/LLM features. If we offer AI-assisted training or analysis, prompts and outputs may be processed to deliver the feature and to improve safety and quality. We do not use your private code or training content to train publicly available models. Where third‑party model providers act as processors, we require appropriate contractual safeguards.
5) Legal bases (GDPR/UK GDPR)
Contract: to create your account, authenticate you, and deliver the training you request.
Legitimate interests: to secure our Service, prevent misuse, and improve the product in ways that do not override your rights.
Consent: for non‑essential cookies/analytics/marketing where required by law; you can withdraw consent at any time via cookie preferences.
Legal obligation: to comply with applicable laws and to respond to lawful requests.
6) How we share information
Service providers: cloud hosting, analytics, communications, and customer support providers that process data on our behalf under contracts.
Organization administrators (app users): if your access is managed by an organization, admins may view usage and results associated with your account.
Compliance and safety: when required by law, or to protect rights, safety, and the integrity of the Service.
With your direction: for example, when you connect a third‑party integration or request data portability.
We do not sell personal information or share it for cross‑context behavioral advertising.
7) International data transfers
We may transfer personal data to countries outside your own (including to jurisdictions that may not provide the same level of data protection). Where required, we use appropriate safeguards such as the EU Standard Contractual Clauses (and UK Addendum/IDTA) or other lawful transfer mechanisms.
8) Data retention
We keep personal data only as long as needed for the purposes described in this policy, including to meet legal, accounting, or reporting requirements. Typical retention periods:
Account data: for the life of the account, then a limited period for audit/security (usually up to 90 days) unless longer required by law.
Training activity: retained while your organization maintains access and for a short period afterward for reporting.
Support communications: typically 24 months.
Cookie identifiers: per category lifetimes shown in the cookie preferences.
9) Security
We use administrative, technical, and organizational measures designed to protect personal data (for example, encryption in transit, role‑based access, and logging). No method of transmission or storage is completely secure; we cannot guarantee absolute security.
10) Your privacy rights
Your rights depend on your location and the laws that apply. Subject to limitations, you may have the right to:
Access, correct, or delete personal data;
Object to or restrict certain processing;
Data portability;
Withdraw consent where processing is based on consent;
Lodge a complaint with a supervisory authority (e.g., your local EU authority or the UK ICO).
California residents (CPRA) also have rights to know, delete, correct, and to opt out of “sale” or “sharing” of personal information, and to limit use of sensitive personal information. We do not sell or share personal information as defined by the CPRA.
Exercising your rights: contact us at [email protected]. We may need to verify your identity and request additional details to process your request.
11) Cookies & similar technologies
We use essential cookies to operate the Service and (with your consent, where required) optional cookies for preferences, analytics, and marketing. You can manage your choices at any time:
Blocking or deleting cookies may impact certain features. For more information, see the cookie categories in the preferences panel.
12) Children’s privacy
The Service is not directed to children and we do not knowingly collect personal data from individuals under 16. If you believe a child has provided personal data, contact us and we will take appropriate steps.
13) Business transfers
If we undertake a merger, acquisition, reorganization, or asset sale, personal data may be transferred as part of the transaction, subject to this policy or a successor policy that provides at least a comparable level of protection.
14) Changes to this policy
We may update this policy from time to time. We will post the updated version with a new “Last updated” date and, where appropriate, provide additional notice.