Privacy Policy

Effective Date: March 24, 2026

1. Introduction

Geek Inc. ("Geek Inc.", "we", "us", or "our"), operating under the product name Codera, operates the codera.io website and the Codera platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: name, email address, and password when you create an account.
  • Organisation information: organisation name, billing address, and payment details processed through Stripe on behalf of Geek Inc.
  • Support communications: information you provide when contacting us for support.

2.2 Information Collected Automatically

  • Usage data: pages visited, features used, workflow deployment counts, and execution metadata (status, timing, node identifiers).
  • Device data: browser type, operating system, IP address, and referring URL.
  • Cookies: session cookies for authentication and preference cookies for site functionality.

2.3 Information We Do NOT Collect

Codera's two-plane architecture is designed so that your business data — including workflow payloads, credential values, and execution outputs — remains exclusively in your own AWS account. The Codera control plane receives only execution metadata (status codes, timestamps, node identifiers) via HMAC-signed telemetry events. We do not collect, store, or have access to your workflow payload data.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Process transactions and manage your subscription and billing.
  • Send transactional emails (account verification, password resets, deployment notifications).
  • Monitor and display real-time execution status on your dashboard.
  • Improve and develop new features for the Service.
  • Detect, prevent, and address security issues and abuse.
  • Comply with legal obligations.

4. How We Share Your Information

We do not sell your personal information. We may share information with:

  • Service providers: third-party vendors that help us operate the Service, including Stripe (payment processing on behalf of Geek Inc.), Amazon Web Services (infrastructure), and email delivery providers. These providers are contractually obligated to use your information only to provide services to us.
  • Legal requirements: when required by law, regulation, legal process, or governmental request.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, in which case your information may be transferred to the acquiring entity.
  • With your consent: when you explicitly authorise us to share information.

5. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption in transit (TLS) and at rest (AES-256) for all data stored on our infrastructure.
  • AWS Cognito for authentication with support for multi-factor authentication (MFA).
  • Role-based access control (RBAC) within organisations.
  • Credential values stored exclusively in AWS Secrets Manager within your own AWS account — Codera stores only Amazon Resource Name (ARN) references.
  • HMAC-SHA256 signed telemetry events with timestamp validation to prevent replay attacks.
  • Regular security reviews and audit logging of all administrative actions.

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your account information for as long as your account is active or as needed to provide the Service. Execution metadata is retained for the period specified by your subscription plan. When you delete your account, we will delete or anonymise your personal information within 30 days, except where retention is required by law.

Workflow data, credentials, and execution payloads in your AWS account are under your sole control and are not affected by account deletion on our platform.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: request a copy of the personal information we hold about you.
  • Correction: request correction of inaccurate or incomplete information.
  • Deletion: request deletion of your personal information, subject to legal retention requirements.
  • Portability: request a machine-readable copy of your data.
  • Objection: object to processing of your personal information in certain circumstances.
  • Withdrawal of consent: withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at privacy@codera.io.

8. Cookies

We use the following types of cookies:

  • Essential cookies: required for authentication and core Service functionality. These cannot be disabled.
  • Analytics cookies: help us understand how visitors interact with the website so we can improve it. You may opt out of these via your browser settings.

We do not use advertising or tracking cookies.

9. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

10. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@codera.io and we will promptly delete it.

11. International Data Transfers

Our Service is hosted on Amazon Web Services infrastructure. If you access the Service from outside the region where our infrastructure is located, your information may be transferred to and processed in a different jurisdiction. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Effective Date" above. For significant changes, we will provide additional notice via email or an in-app notification. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Geek Inc.Geek Inc.geekinc.caprivacy@codera.io