Privacy Policy | Code Eagle

Code Eagle Inc. Privacy Policy

Code Eagle is a small business, and we believe that privacy is a foundational principle for any healthy society. We also believe that anyone bound by a law or a contract should be able to read and understand it easily.

As such, we have elected to write this policy document in plain language, as a reflection of our actual practices, rather than resorting to obscure legal boilerplate with little resemblance to reality. Please bear with us, and feel free to suggest any revisions. We promise we'll consider your input carefully.

This policy may change from time to time; if major revisions are made, we will make a record of prior versions available.

What data do we collect?

As a rule, we collect only what we need in order to do business.

While you're browsing our web site:

Our web site exists to provide a basic exposition of our available services, and give you a means to contact us. Unless you use our contact form, we don't need to know anything about you, and so we don't try to find out.

We do no direct logging of your IP address, location, or browser fingerprint, and our code for this web site does not use cookies, Google Fonts scripts, behavioural analytics software, or Google Analytics. Our infrastructure partner, CloudFlare, may inject cookies into the site when they serve it to you (they don't do this currently, but it could happen in the future). These would be very narrow in scope and, as "first party" cookies, cannot be used to track your activity across multiple web sites. You can also choose to block them, if you're not sure; we recommend using a privacy-first browser such as Brave, to make this as easy as possible.

If you use our contact form, we will collect only the data you choose to give us.

While we're working for you:

As our services are diverse, there are many pieces of information we may encounter about you in the course of doing business. Some of this data may be of a highly sensitive nature, including passwords, API credentials, credit card and other payment information, intellectual property, and details about your business or person. This will always be limited to what you choose to share with us, and anything sensitive will always be stored with strong encryption while at rest.

While you're using the software we write for you:

Any software we produce under contract with you is under your control; it will collect only the information you authorize, and this will be clearly discussed with you in advance.

Whom do we share your data with?

Your data is available on a need-to-know basis to those employees or subcontractors who are involved in your projects. When access to sensitive information is no longer required for a given agent, it will be revoked.

Like any modern business, our daily operations depend on several software and infrastructure partners, each of whom has access to some subset of the information that we touch. Our edge computing partner, CloudFlare, sees your web requests before we do, for example, and they see everything in plain text. This means that CloudFlare can read what you submit to us via our contact form. No, we're not comfortable with this either, but it's the technical reality of the internet in 2024, and there's no obvious solution. It is also true of every other web site you visit.

We currently utilize Google Workspace as an email and documents solution; Google could read your emails to us, and the emails we send to you, if they wanted to, and they can read anything we store in a Google Doc or Google Sheet. For this reason, we do not use email, or cloud document solutions, for the most sensitive data (passwords, API keys, etc.); these we'll exchange with you via a secure channel.

Our payment processor, Stripe, will process your credit card information (we don't ever see it), and will record it securely for future use if you agree to a recurring transaction.

This is not a complete list; the landscape is complicated, and information flows are extremely difficult to precisely track or even define. What we can promise you is that we always vet every relationship carefully. Thanks to GDPR and other privacy legislation, every major company we deal with has a well designed privacy policy, and our terms of service with each of them include standard clauses deemed acceptable by the European Union and other privacy-conscious jurisdictions.

How long will we retain your data?

Since we tend to collect only the data we need in order to do business with you, we will, as a rule, retain it for a long period of time. The Canada Revenue Agency and other federal and provincial government ministries in Canada require us to keep records of our business activities for several years, and our clients often find it useful when we're able to provide them with an original logo file, an old web site design, or even a historically-used password, many years after the fact.

If you feel, for any reason, that you'd like to know what we know about you, or request that we delete your data, we will do our best to honour that request, within the confines of the various laws and regulations that we're subject to.

What don't we do?

We will never ask you for your credit card number over an insecure channel, or store it directly for any reason, unless you ask us to; when you pay our invoices or purchase our services, your payment information is seen exclusively by Stripe, our payment processing partner, and not by us.

We will never use behavioural analytics software such as Hotjar to monitor your mouse movements, keystrokes, etc. as you use our web site or associated applications. Use of this software is common, but we feel it should be illegal.

We will never log your realtime location data for any reason, in any context, even if it's "anonymized". There is no such thing as anonymous location data.

We will never sell information about you to anyone, ever, for any reason.

Need more information?

Please feel free to contact our privacy officer:

Lincoln McCormick
[email protected]