CODX, LLC ("Company", "we", "us", or "our") operates the FastCODX platform at fastcodx.com. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service, in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the California Consumer Privacy Act ("CCPA"), and other applicable data protection laws.
1. Data Controller
The data controller responsible for your personal data is:
- Company: CODX, LLC
- Email: info@fastcodx.com
We do not currently have a designated Data Protection Officer (DPO) as we do not meet the thresholds requiring one under Article 37 of the GDPR. For all data protection inquiries, please contact us at the email above.
2. Personal Data We Collect
2.1 Data you provide directly
| Data | Purpose | Legal basis (GDPR) |
|---|---|---|
| Email address | Account creation, service delivery, transactional communications | Performance of contract (Art. 6(1)(b)) |
| Business name | Website personalization, display on generated website | Performance of contract |
| Phone number | Display on generated website, WhatsApp integration | Performance of contract |
| City / Location | SEO optimization, local search configuration | Performance of contract |
| Business information (sector, services, hours) | Website content generation | Performance of contract |
| Photographs and logos | Display on generated website | Performance of contract |
| Instagram handle | Social media linking on generated website | Performance of contract |
2.2 Data collected automatically
| Data | Purpose | Legal basis |
|---|---|---|
| IP address | Security, fraud prevention, rate limiting | Legitimate interest (Art. 6(1)(f)) |
| Browser type, device, OS | Service optimization, debugging | Legitimate interest |
| Pages visited, interactions | Analytics, service improvement | Consent (Art. 6(1)(a)) |
| Referral source | Marketing attribution | Consent |
2.3 Data we do NOT collect
- We do not store credit card numbers or payment details. All payment processing is handled by Stripe, Inc.
- We do not collect special categories of data (health, biometric, political opinions, etc.).
- We do not sell your personal data to third parties.
3. How We Use Your Data
We use your personal data exclusively for:
- Service delivery — Generating, deploying, and maintaining your website
- Communication — Sending transactional emails (order confirmation, delivery notification, service updates)
- Support — Responding to your inquiries and processing change requests
- Security — Preventing fraud, abuse, and unauthorized access
- Analytics — Understanding how our platform is used to improve the Service (only with your consent)
- Legal compliance — Fulfilling our legal obligations
We do not use your data for automated individual decision-making or profiling as defined in Article 22 of the GDPR.
4. AI-Generated Content
We use artificial intelligence (provided by Anthropic, PBC) to generate website content such as headlines, service descriptions, and SEO metadata based on the business information you provide. This AI processing is necessary for the performance of our contract with you. The AI does not make decisions that produce legal effects or significantly affect you.
Your data submitted to the AI provider is processed solely for content generation and is not used to train AI models, in accordance with Anthropic's data processing terms.
5. Data Sharing and Sub-processors
We share your data only with the following categories of recipients, strictly for the purposes described:
| Sub-processor | Purpose | Location | Safeguards |
|---|---|---|---|
| Stripe, Inc. | Payment processing | USA | PCI DSS Level 1, EU-US DPF |
| Supabase, Inc. | Database, authentication, file storage | EU (AWS Frankfurt) | SOC2 Type II, DPA |
| Cloudflare, Inc. | Website hosting and CDN | Global CDN | EU-US DPF, DPA |
| Resend, Inc. | Transactional email delivery | USA | DPA available |
| Vercel, Inc. | Platform hosting | USA / EU | EU-US DPF, DPA |
| Anthropic, PBC | AI content generation | USA | Data not used for training, DPA |
We do not sell, rent, or share your personal data with third parties for their own marketing purposes.
6. International Data Transfers
As a US-based company, your data may be transferred to and processed in the United States. For transfers of personal data from the EU/EEA, we rely on:
- The EU-US Data Privacy Framework (DPF) where applicable
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where available
You may request a copy of the safeguards in place by contacting us at info@fastcodx.com.
7. Data Retention
| Data type | Retention period |
|---|---|
| Account and order data | Duration of the business relationship + 5 years (legal/tax obligations) |
| Website content and assets | As long as the website is hosted |
| Contact form submissions (from generated websites) | 90 days, then automatically deleted |
| IP addresses (rate limiting) | 90 days |
| Analytics data | 26 months (anonymized) |
| Payment records | Managed by Stripe per their retention policy |
Upon account deletion or service termination, we will delete or anonymize your personal data within 30 days, except where retention is required by law.
8. Your Rights
Under the GDPR (and similar laws), you have the following rights:
| Right | Description |
|---|---|
| Access (Art. 15) | Request a copy of the personal data we hold about you |
| Rectification (Art. 16) | Request correction of inaccurate or incomplete data |
| Erasure (Art. 17) | Request deletion of your personal data ("right to be forgotten") |
| Restriction (Art. 18) | Request restriction of processing in certain circumstances |
| Portability (Art. 20) | Receive your data in a structured, machine-readable format (JSON) |
| Objection (Art. 21) | Object to processing based on legitimate interests |
| Withdraw consent (Art. 7) | Withdraw consent for analytics cookies at any time |
To exercise any of these rights, contact us at info@fastcodx.com. We will respond within 30 days. If your request is complex, we may extend this by an additional 60 days with notice.
You also have the right to lodge a complaint with your local data protection supervisory authority.
California Residents (CCPA)
If you are a California resident, you have additional rights under the CCPA, including the right to know what personal information we collect, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at info@fastcodx.com.
9. Cookies
We use cookies and similar technologies. For full details, see our Cookie Policy.
Summary:
- Strictly necessary cookies — Required for the platform to function (authentication, language preference). No consent required.
- Analytics cookies — Google Analytics 4 and Vercel Analytics, used to understand platform usage. Only activated with your explicit consent.
- Marketing cookies — Meta Pixel (Facebook/Instagram) for advertising measurement. Only activated with your explicit consent.
10. Marketing Communications
With your explicit opt-in consent, we may send you marketing emails about new features, promotions, or related services. You may unsubscribe at any time by clicking the unsubscribe link in any marketing email. Your consent for marketing communications is separate from your acceptance of these Terms and is entirely optional.
We will never send marketing emails without your prior consent. Transactional emails (order confirmations, delivery notifications) are sent based on the performance of our contract and do not require separate consent.
11. Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption in transit (TLS/HTTPS) and at rest
- Access controls and authentication (role-based access)
- Regular security reviews of our codebase and dependencies
- Use of reputable, audited infrastructure providers
- No storage of payment card data on our systems
While we strive to use commercially acceptable means to protect your data, no method of transmission or storage is 100% secure.
12. Children's Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from anyone under 16 years of age. If we become aware that we have collected data from a person under 16, we will delete it promptly. If you believe we have inadvertently collected such data, please contact us at info@fastcodx.com.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users at least 30 days before taking effect. The "Last updated" date at the top reflects the latest revision.
14. Contact Us
For any questions, concerns, or requests related to this Privacy Policy or your personal data:
- Email: info@fastcodx.com
- Company: CODX, LLC