Privacy Policy | CodeWeb

CodeWeb – Privacy Policy and Personal Data Protection

Last updated: October 19, 2025

Protecting your personal data is a priority for CodeWeb – JordanDev, the micro-enterprise operating the platform codeweb.app. This policy explains how CodeWeb collects, uses, protects and shares your personal data when you use the codeweb.app platform. We are committed to processing your data transparently and in compliance with the General Data Protection Regulation (GDPR).

Article 1: Data Controller and Definitions

The data controller is JordanDev (hereinafter "CodeWeb"), the micro-enterprise operating codeweb.app. "User" means any person accessing or using the codeweb.app platform, regardless of their country of residence. You can contact us at: contact@codeweb.app.

Article 2: Collected Data and Legal Basis

We only collect data strictly necessary for providing and improving our services. For each category, the legal basis is mentioned in accordance with Article 6.1 of the GDPR:

Identification Data (Legal basis: Art. 6.1.b GDPR - Contract Performance): email address, public information from your Google or GitHub account (username, profile photo, if any). These data are necessary for account creation and management.
Connection and Security Data (Legal basis: Art. 6.1.a GDPR - Consent, Art. 6.1.b GDPR - Legal): IP address, browser type and version, operating system, pages visited, date and time of connection, essential cookies. These data ensure security and service improvement.
Usage and Analytics Data (Legal basis: Art. 6.1.a GDPR - Consent): access to training courses, progress, features used, analytics data. These data allow us to optimize your experience.

Important: We do not collect or store any passwords. Authentication is only done via secure links or OAuth2 connections (Google / GitHub).

Article 3: Purposes of Data Processing

The collected data is used for:

Creating and managing your user account.
Ensuring secure authentication.
Managing your orders and access to purchased content.
Optimizing and personalizing your user experience.
Ensuring the security and maintenance of the website.
Conducting anonymous statistical analysis to improve our services.

No further processing incompatible with these purposes will be carried out without your explicit consent.

Article 4: Connection Methods

Access to your account on codeweb.app is exclusively through:

Authentication link sent to your email address (passwordless login).
OAuth login via Google
OAuth login via GitHub

We do not ask for or store your passwords.

Article 5: Cookies and Tracking Tools

We use cookies to ensure proper site functioning and analyze usage. Analytical and marketing cookies are deployed only with your consent, manageable at any time.

Essential Cookies (Legal basis: Art. 7 GDPR + ePrivacy Directive) - Ensure technical site functioning (session, security).
Analytical and Marketing Cookies (Legal basis: Consent) - Analyze and understand site usage for continuous improvement.

Tools used:

Google Tag Manager: management of marketing and analytical tags (sub-processor, Art. 28 GDPR).
Google Analytics: anonymized traffic statistical analysis (IP anonymization enabled, data transfers protected by SCC).

You can configure your cookie preferences anytime via the cookie banner or browser settings. For more information on cookie management and your rights:CNIL - Cookies.

Article 6: Data Sharing and Sub-processors

Your personal data is never sold. Data is shared only with authorized sub-processors (Art. 28 GDPR) for essential services. Each sub-processor acts on our instructions only:

Stripe Payments Europe Ltd (Payment Processor): secure payment processing. Duration: business relationship + legal obligations.
Vercel Inc / Vercel Europe Ltd (Hosting Provider): website hosting and data storage. EU processing via Vercel Europe Ltd. Transfers outside EU protected by SCC. Duration: business relationship.
Supabase Inc. / Supabase Europe Ltd (Database Manager): secure database management. EU processing via Supabase Europe Ltd. Transfers outside EU protected by SCC. Duration: business relationship.
Google LLC / Google Ireland Ltd (Analytics & Marketing): audience analytics (Analytics, Tag Manager). EU processing via Google Ireland Ltd. Transfers outside EU protected by SCC. Duration: 13 months for analytics data.

Each sub-processor is bound to CodeWeb by a Data Processing Agreement (DPA) per Article 28 GDPR. Each provider commits to protecting confidentiality and security of your data.

Article 7: Data Location, Hosting and Transfers

Your data is hosted on secure, Europe-based infrastructures for most processing. Transfers outside the EU are strictly governed:

Vercel Inc. / Vercel Europe Ltd: Web hosting provider. Primary processing in Europe (Vercel Europe Ltd); transfers outside EU protected by Standard Contractual Clauses (SCC) per Schrems II.
Supabase Inc. / Supabase Europe Ltd: Database management. Primary processing in Europe (Supabase Europe Ltd); transfers outside EU protected by SCC per Schrems II case law.

Per GDPR Articles 44+ et seq., all transfers of personal data outside the EU are protected by European Commission-approved Standard Contractual Clauses (SCC), with supplementary security measures where necessary. You have the right to contact CodeWeb to obtain a copy of these safeguards.

Article 8: Data Security and Breach Notification

We implement all necessary measures to ensure data security (Art. 32 GDPR):

Encrypted connections via HTTPS/TLS for all data exchanges.
Passwordless secure authentication (magic links, OAuth2).
Regular and proactive system and infrastructure monitoring.
Strict access restrictions (zero trust principle) to databases.
Regular backups and recovery testing to prevent data loss. Breach Notification: In case of personal data breach creating risk to your rights, CodeWeb will inform you promptly per legal obligations (Art. 33-34 GDPR). CNIL will be notified if required.

Article 9: Data Retention

Your data is retained according to necessity and legal obligations per data category:

User Account Data: retained while account is active. Upon deletion request, immediate deletion (except legally required data).
Billing and Payment Data: retained for 10 years per French and EU tax legislation (Directive 2006/112/EC).

Analytics and cookies: maximum 13 months (Google Analytics standard). Connection/security logs: 90 days unless legal need. Dispute data: 3 years after resolution. You can request account deletion anytime at contact@codeweb.app.

Article 10: Your Rights (Art. 13-22 GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

Right of Access (Art. 15 GDPR): obtain confirmation that your data is processed and receive a complete copy in readable format.
Right of Rectification (Art. 16 GDPR): correct inaccurate or incomplete data promptly.
Right to Erasure / "Right to Be Forgotten" (Art. 17 GDPR): request deletion of your personal data (subject to legal conditions).
Right to Restrict Processing (Art. 18 GDPR): temporarily restrict data use in case of dispute.
Right to Data Portability (Art. 20 GDPR): retrieve your data in structured, machine-readable format (JSON, CSV).
Right to Object (Art. 21 GDPR): object to marketing processing or for legitimate reasons. Consent Withdrawal: You may withdraw consent anytime for consent-based processing (Art. 7 GDPR), without affecting prior processing legality.

To exercise your rights, contact us at contact@codeweb.app mentioning "GDPR Rights Request". We are committed to responding within 30 days (Art. 12.3 GDPR).

Article 11: Policy Updates

This privacy policy may be updated to reflect:

The evolution of services offered on codeweb.app.
Legal and regulatory changes.

Any substantial changes will be notified via a site announcement or by email. We recommend that you regularly review this page.

Article 12: Contact, CNIL and Complaints

For any questions about personal data protection or to exercise your rights:

Response Commitment: We commit to responding within 30 calendar days of your request, per GDPR Article 12.3. For complex requests, we will notify you of any extension.

CodeWeb – JordanDev. Email: contact@codeweb.app. If, after contacting us, you believe your rights are not being respected or that CodeWeb is not complying with GDPR provisions, you may file a complaint (formally called a "complaint") with the competent data protection authority. In France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL). You can file a complaint online through the CNIL website or by post. CNIL has 3 months to process your complaint. You also retain the right to pursue legal action.CNIL - File a Personal Data Protection Complaint