Skip to content
FORM 04 · PRIVACYUpdated April 20, 2026

Privacy

Privacy policy.

Last revised · April 20, 2026

1. Introduction

This Privacy Policy describes how CODERCOPS (“CODERCOPS”, “we”, “our”, “us”) collects, uses, shares, and protects personal data across the CODERCOPS platform, including the marketing site (codercops.com), the builder and client dashboard (dashboard.codercops.com), the staff admin panel, the public profile site (profile.codercops.com), and the supporting API (api.codercops.com). For the purposes of India's Digital Personal Data Protection Act, 2023 (“DPDPA”) we act as a Data Fiduciary; for the EU/UK GDPR we act as a Data Controller.

By creating an account, subscribing, submitting an application, or otherwise using the platform, you acknowledge that you have read and understood this policy. If you do not agree, please do not use the platform.

2. Who this policy applies to

  • Visitors — anyone browsing our marketing site or blog.
  • Builders — freelancers who apply for verification, maintain a public profile, and use platform features.
  • Clients — companies and individuals who use the platform to discover and engage builders.
  • Applicants and correspondents — people who contact us through the contact form, newsletter, email, or WhatsApp.

3. Personal data we collect

3.1 Marketing site and visitor data

  • Contact form submissions: name, email, phone (optional), and message.
  • Newsletter: email address.
  • Analytics: pages visited, referral source, browser, device, approximate location (country/city), and session activity via Google Analytics 4 (with your consent).
  • Visitor profile: an anonymous visitor identifier stored in a cookie to remember reading preferences.

3.2 Account and authentication data

  • Email address, first name, last name.
  • Role (builder or client), active subscription flag, and account status.
  • If you sign in with a third-party OAuth provider, the identifier issued by that provider and any basic profile fields you authorise.
  • A session cookie scoped to .codercops.com that keeps you signed in across the marketing site, dashboard, admin, and profile apps (cross-app single sign-on).

3.3 Builder verification data

If you apply for the Verified Builder badge we collect, at the stages of our four-step pipeline (submitted → project review → interview → verified):

  • Full name, email, and phone number.
  • Specialty, years of experience, availability, bio, skills, and services offered.
  • Links to portfolio, LinkedIn, GitHub, personal website, and social profiles.
  • GitHub public profile data fetched via the GitHub API (stored as JSON), if you link GitHub.
  • Portfolio items you upload — titles, descriptions, tech stack, role, project URLs, and cover images stored in Cloudflare R2.
  • Resume file (PDF) if uploaded, stored in Cloudflare R2.
  • Avatar image if uploaded, stored in Cloudflare R2.
  • Admin review notes made by our staff during evaluation.

3.4 Client and company data

  • Public profile fields — display name, headline, location, timezone, bio, social links.
  • Company name, logo, description, industry, and size (if you create a company).

3.5 Subscription and billing data

  • Subscription status and the payment provider you selected (Stripe or Polar).
  • Provider-side identifiers (stripe_customer_id, stripe_subscription_id, polar_customer_id, polar_subscription_id) that link your account to the payment provider.

We do not receive or store your card number, CVV, or bank details. Payment card data is collected and held by Stripe or Polar under their own privacy terms. See the sub-processor list below.

3.6 Platform activity and content

  • Opportunities you post (clients) or apply to (builders).
  • Messages and comments made within the platform.
  • Content you publish on your public profile.

3.7 Technical and security data

  • IP address, user agent, and request metadata in server logs.
  • Error and performance traces captured by Sentry with personal data scrubbed.
  • Cookies listed in the Cookie Policy.

4. Purposes and legal bases

We process your personal data for the purposes below, relying on the following legal bases (DPDPA §6 / §7 and GDPR Art. 6):

  • Providing the service — account creation, sign-in, subscription management, verification, and platform features. Basis: performance of a contract with you.
  • Processing payments — charging the subscription fee, preventing fraud, and keeping billing records. Basis: contract and compliance with legal obligations (tax, accounting).
  • Evaluating builder applications — reviewing submitted information and portfolios, conducting interviews, granting or denying the Verified Builder badge. Basis: contract and legitimate uses (DPDPA) / legitimate interest (GDPR).
  • Communicating with you — transactional emails (confirmations, stage transitions, platform notifications, receipts) and replies to your inquiries. Basis: contract and legitimate interest.
  • Marketing and newsletter — sending our newsletter and showing relevant content. Basis: your consent.
  • Analytics and advertising — understanding how our marketing site is used, personalising content, and showing ads on the marketing site. Basis: your consent.
  • Security, abuse prevention, and debugging — logging, error monitoring, rate limiting, and investigating misuse. Basis: legitimate interest.
  • Legal compliance — responding to lawful requests, enforcing our Terms, and exercising legal claims. Basis: compliance with legal obligations.

5. Sub-processors we share data with

We rely on the following sub-processors to run the platform. They may access your personal data only as necessary to perform the service they provide to us:

  • NeonManaged PostgreSQL database (account, subscription, verification, content data) (US / EU) (privacy terms).
  • UpstashRedis cache and QStash background task queue (US / EU) (privacy terms).
  • Cloudflare R2Object storage for avatars, resumes, portfolio images (Global) (privacy terms).
  • ResendTransactional email delivery (account, verification, platform notifications) (US / EU) (privacy terms).
  • VercelFrontend hosting and edge delivery (Global) (privacy terms).
  • SentryError monitoring and performance tracing (PII scrubbed) (US) (privacy terms).
  • StripePayment processing and customer billing portal (US / Global) (privacy terms).
  • PolarPayment processing and Merchant of Record for tax compliance (US / Global) (privacy terms).
  • Google Analytics 4Website analytics (consent-based) (Global) (privacy terms).
  • Google AdSenseAdvertising on marketing site (consent-based) (Global) (privacy terms).
  • AirtableContact form submission storage (US) (privacy terms).

6. International transfers

We are based in Lucknow, India. Many of our sub-processors are based in, or operate data centres in, the United States, the European Union, and other regions. When personal data is transferred outside your country of residence we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (for EU/UK transfers) and, for transfers into and out of India, any restrictions notified by the Central Government under Section 16 of the DPDPA.

7. How long we keep your data

  • Account data: until you delete your account or request deletion.
  • Verification artefacts (applications, portfolio files, admin notes): retained for up to 2 years after a verification decision for audit and to prevent re-submission of fraudulent applications.
  • Billing records and invoices: retained for up to 8 years as required by Indian tax and accounting law. Invoices are issued by Stripe or Polar and also held by them.
  • Email logs: rendered content is anonymised after 365 days; metadata is retained for delivery audit.
  • Contact form submissions: retained for up to 2 years or until you request deletion.
  • Analytics data: retained per Google Analytics 4 default (up to 14 months).
  • Visitor profile cookies: 1 year.
  • Server and error logs: up to 90 days, then rotated or deleted.
  • Database backups: up to 90 days.

8. Your rights

Under the DPDPA, the GDPR, the UK GDPR, and other applicable laws, you have the following rights:

  • Access the personal data we hold about you and obtain a summary of our processing.
  • Correct or complete inaccurate or out-of-date data.
  • Erase personal data that is no longer necessary or that you previously consented to.
  • Withdraw consent at any time, where processing is based on consent (e.g. analytics, marketing).
  • Nominate another individual to exercise your rights in the event of your death or incapacity (DPDPA).
  • Portability — receive your data in a structured, commonly used, machine-readable format (GDPR).
  • Object to processing based on legitimate interest (GDPR).
  • Grievance redressal — raise a grievance with our Grievance Officer (see Section 12).
  • Lodge a complaint with your supervisory authority, including the Data Protection Board of India or an EU data protection authority.

To exercise any of these rights, email us at codercops@codercops.com from the email address associated with your account. We respond within 90 days for DPDPA rights requests and within 30 days for GDPR rights requests.

9. Children

The CODERCOPS platform is not intended for children. For users in India, the DPDPA defines a child as any person under the age of 18, and we do not knowingly process personal data of children without verifiable parental or guardian consent. For users in the EEA, UK, and similar jurisdictions, the threshold is 16 (or the lower age set by local law, where permitted). If you believe a child has provided us data, contact us and we will delete it.

10. How we protect your data

  • All traffic is served over TLS/HTTPS.
  • Cloudflare R2 objects (resumes, portfolio images, avatars) are delivered through signed URLs.
  • Database and infrastructure access is limited to authorised staff and audited.
  • Sentry is configured to scrub personally identifying information from error events.
  • Payment card data never touches our servers; it is handled directly by Stripe or Polar.

No method of electronic storage or transmission is completely secure. We will notify affected users and the Data Protection Board of India as required if a personal data breach that is likely to cause harm occurs.

11. Cookies

We use essential cookies to keep you signed in and to remember your consent preferences, and — with your consent — analytics and advertising cookies on the marketing site. For the full cookie inventory and how to manage preferences, see our Cookie Policy.

12. Grievance Officer and contact

If you have a question, a grievance, or a rights request under the DPDPA, GDPR, or any other applicable privacy law, contact our Grievance Officer:

  • Email: codercops@codercops.com
  • Phone / WhatsApp: +91 8052027789
  • Address: Lucknow, India
  • Acknowledgement: within 24 hours of receipt.
  • Resolution: within 15 days for grievances under the IT Intermediary Guidelines; up to 90 days for DPDPA rights requests.

13. Changes to this policy

We may update this Privacy Policy from time to time. If we make a material change we will notify active subscribers by email and display a notice in the dashboard at least 15 days before the change takes effect. The “Last updated” date at the top of this page always reflects the current version.