Privacy Policy

This Privacy Policy describes how Codematic Technology Services ("Codematic," "we," "us," or "our") collects, uses, protects, and discloses information in connection with their product Open CDP (the "Service").

1. Our Role in Your Data

Open CDP operates in two main capacities regarding data:

We are the Data Controller (for your account data)

We are the Data Controller for the information we collect about you, our direct customer or "User" (e.g., your name, email, billing information, and usage of the Open CDP website and user interface). This is the data used to manage your account and provide the Service to you.

We are the Data Processor (for your customer data)

We are the Data Processor for the data you send to Open CDP about your end-users and customers ("Client Data" or "End-User Data"). You, our customer, remain the Data Controller for all Client Data. We process Client Data solely on your behalf and according to your instructions as specified in our Terms of Service and any Data Processing Addendum.

2. Information We Collect

2.1. Information We Collect as a Data Controller (User Data)

We collect this information when you sign up, log in, use our website, or interact with our staff.

Category	Examples of Data Collected	Purpose of Collection
Account & Identity	Email address, password, first name, last name, phone number	To create, maintain, and secure your Open CDP account. To provide you with login credentials.
Organization Details	Organization name, website, contact number, number of employees, company location	To provision your Organization and Workspace, and for billing purposes.
Payment & Billing	Billing details, plan information (e.g., tier, features, limits)	To process payments for the Service.
Service Usage & Logs	IP address, login history, date/time stamps, browser type, pages visited, and system activity from Cloudflare	To monitor system performance, detect fraud, ensure security, and provide activity logs.
Communications	Information provided in support tickets, emails, or other communication channels.	To provide customer service and support.

2.2. Information We Process as a Data Processor (Client Data)

This data is owned by you and sent to our platform. We only process it according to your instructions.

Category	Examples of Data Processed	Source
Person Data	External ID, email, phone number, first name, last name, DOB, gender, city, country, custom user properties ("traits")	Your backends, mobile apps (via Flutter SDK), JavaScript SDK, or manual CSV uploads.
Event Data	Event name (e.g., `"purchase_completed"`), event properties, and timestamp	Your backends, mobile apps (via Flutter SDK), and JavaScript SDK.
Message Content	Content of emails, SMS, Push notifications, and webhooks you send to your customers.	Created by you within the Open CDP platform.

3. How We Use the Information We Collect (User Data)

As the Data Controller, we use the information we collect about you (our User) for the following purposes:

Service Provision: To provide, operate, and maintain Open CDP, including managing your Organization and Workspaces.
Authentication & Security: To verify your identity, process your login, and manage team member access and permissions.
Billing & Finance: To process subscription fees and manage your account plan.
Communication: To send you service-related and technical updates, security alerts, and administrative messages.
Marketing & Improvement (with consent/legitimate interest): To analyze trends, improve user experience, and develop new products.
Legal Compliance: To comply with legal obligations, enforce our terms, and protect the rights of Codematic and our Users.

4. How We Process Client Data (End-User Data)

As the Data Processor, we process your Client Data for the following actions:

Data Ingestion & Storage: Receive, validate, and store Person Profiles and Events in a database (ClickHouse/MongoDB).
Segmentation & Analysis: Compute dynamic segment memberships based on rules you define, and provide analytics and reporting views.
Campaign Execution: Process triggers (events, segment changes) and execute actions (emails, webhooks) on behalf of your customers as defined in your Campaigns and Transactional Messages.
SDK Operation: Facilitate the transmission of data from your Flutter and Javascript applications to our backend.

Codematic Technology Services does not use, sell, rent, share, or disclose Client Data to any third party for our own purposes, including marketing or advertising, except as necessary to provide the Service to you or as legally required.

5. Sharing and Disclosure of Information

5.1. Sharing of User Data (Account Data)

We may share your User Data with:

Codematic Affiliates: We may share your data with other entities within the Codematic Technology Services group as necessary to operate the Service.
Service Providers: We engage third-party companies to perform services on our behalf, such as payment processing, hosting, and observability. These providers are bound by strict confidentiality obligations.
Legal & Security: If required by law, court order, or governmental request, or to protect the rights and safety of Codematic or others.

5.2. Sharing of Client Data (End-User Data)

We only share Client Data when you instruct us to do so, via your use of the Service:

Messaging Providers: When you execute an email, SMS, or push notification action in a Campaign, the relevant End-User Data (e.g., email address, phone number, message content) is passed to your configured third-party provider (e.g., SendGrid, Postmark, Termii, Twilio).
Webhook Destinations: When you execute a Webhook action, the data you configure is sent to the external URL you specify.
Integrations (Future): Data may be sent to other third-party integrations (e.g., Facebook Ads, Google Ads - Out of Scope for V1) only when configured and authorized by you.

6. Data Security and Retention

6.1. Security

We are committed to protecting your data. We implement commercially reasonable technical, administrative, and organizational measures designed to protect Personal Data from unauthorized access, disclosure, or destruction. However, please note that no system is 100% secure.

6.2. Retention

We retain your Personal Data (User Data) for as long as your account is active or as needed to provide you with the Service, and for a reasonable period thereafter to comply with our legal obligations (e.g., tax, accounting, audit).

We retain Client Data based on the settings and retention policies you define, and as long as your account with us is active. Upon termination of your account, Client Data will be deleted in accordance with our Terms of Service and legal requirements.

7. Your Privacy Rights and Choices

Depending on your jurisdiction, you may have the following rights over your Personal Data (User Data) processed by us:

Access: The right to request copies of your Personal Data.
Correction: The right to request that we correct any information you believe is inaccurate or incomplete.
Erasure (Deletion): The right to request that we erase your Personal Data.
Objection/Restriction: The right to object to or restrict our processing of your Personal Data based on our legitimate interests.
Data Portability: The right to request that we transfer the data we have collected to another organization, or directly to you.
Withdraw Consent: Where we rely on your consent to process your data, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us using the details in the "Contact Us" section. We may need to verify your identity before fulfilling your request.

8. Changes to this Privacy Policy

We may update this Privacy Policy periodically. We will notify you of any material changes by posting the new policy on this page or through other means, such as email, and update the "Last Updated" date at the top of the policy. We encourage you to review this policy periodically.

9. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact the Codematic Technology Services Data Protection Officer:

Email: hello@codematic.io