Privacy Policy

Last updated on: 01.11.2023

This Privacy Policy is adopted by Nevercode LTD, a company registered in the UK, registry code: 10577696 (“Nevercode” or “We”). We primarily operate under the trade name Codemagic.

We are operating the website https://codemagic.io/, its subdomains (the “Website”), and the web-based Codemagic IT development solution, including the software, databases, interfaces, associated media, documentation, updates, new releases and other components or materials incorporated therein or integrated therewith (hereinafter collectively “Platform”).

This Privacy Policy sets out the principles of processing your personal data by Nevercode when you use our services and our website. If you have any questions about how we process your personal data or if you wish to submit an application for exercising your rights related to processing your personal data, please contact us through the contact information provided in the section "Contacts" below.

Unless defined in this Privacy Policy, the terms used in Privacy Policy are used in the meaning given to them in Article 4 of the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

  1. DEFINITIONS
    Personal dataAny information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular on the basis of such a record as the name, personal identification code, place of location information or network identifier, or on the basis of one or more physical, physiological, genetic, mental, economic, cultural or social identities.
    Data subjectNatural person whose personal data is processed by Nevercode.
    ProcessingAny operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
    Data controllerNatural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
    Data processorNatural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
    “Services” or “Service”Natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  2. WHY WE PROCESS PERSONAL DATA AND WHAT PERSONAL DATA DO WE PROCESS?
    1. When you have opted to use our Services, we need to process your personal data to enable the Services to you.
    2. We process personal data that is submitted to us directly by you in the course of using our Services or that we obtain in the course of your use of the Services.
    3. We may also process personal data that is submitted to us directly by you also if you contact us with a query or question via Website or via any other channel (by sending an e-mail, for example). In such a case we process your personal data included in the inquiry to the extent that is necessary to respond to you.
    4. Personal data we process about you in the course of using our Services may include the following data about you:
      1. general personal information: first name and last name that you disclose to us when you purchase our Services;
      2. contact details: email address, phone number, delivery address that you disclose to us when you purchase our Services;
      3. payment data: if your use of the Services is subject to a fee, then the payment data related to the Services purchased by you;
      4. usage data: we also collect information about how you use the Website and our Services, to amend and better adapt the Services to you.
    1. We process your personal data to provide Services to you (please read Terms of Service for Codemagic Service by Nevercode as available on our Website). Legal basis for such data processing is GDPR Article 6-1-(b), i.e. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
    2. In certain specific situations we might also process your personal data where this is necessary for the purpose of our legitimate interests pursued by us. Legal basis for such data processing is GDPR Article 6-1-(f). In such a case we shall ensure that processing is proportionate and that we have carried out legitimate interest impact assessment. For example, for the purpose of our legitimate interest we analyse how our Services and Website are used by our customers so we can provide better service.
    3. In certain specific situations we may also process your personal data based on your consent. Legal basis for such data processing is GDPR Article 6-1-(a). In those situations, we process your personal data on the terms provided in the consent that you have granted to us.
    4. Additionally, we might process your personal data when processing is necessary for compliance with a legal obligation to which we are subject, for example for accounting purposes under applicable accounting legislation. Legal basis for such data processing is GDPR Article 6-1-(c).
    5. More specifically, we rely on following legal bases when processing your personal data:
      Purpose of processingTypes of personal dataHow have we obtained personal dataLegal basis for processingRetention period
      Enabling the creation of user account.First name, last name, e-mail address, phone number, delivery information (if applicable).Directly from each Customer.Performance of the contract under the Terms of Service with the data subject – GDPR art. 6 (1) (b).

      After the termination of the contractual relationship with the data subject (under the Terms of Service) - legitimate interest of Nevercode– GDPR art. 6 (1) (f).
      During the term of the contract with the data subject under the Terms of Service.

      After the termination of the contract under the Terms of Service - three years based on our legitimate interest until the end of the limitation periods under applicable law.
      Enabling the use of the Services.Information about the usage of the Services, payment data and other financial related data (see below), your purchasing history related to the use of your Services.Automatically in the course of your use of the Service.Performance of the contract under the Terms of Service with the data subject – GDPR art. 6 (1) (b).

      After the termination of the contractual relationship with the data subject (under the Terms of Service) - legitimate interest of Nevercode– GDPR art. 6 (1) (f).
      During the term of the contract with the data subject under the Terms of Service.

      After the termination of the contract under the Terms of Service - three years based on our legitimate interest until the end of the limitation periods under applicable law.
      Payment for the Service.Information concerning the amounts paid or unpaid by you to us for the use of the Service, credit card number, tax id, billing and shipping address.Automatically in the course of your use of the Service.Performance of the contract under the Terms of Service with the data subject – GDPR art. 6 (1) (b).

      After the termination of the contractual relationship with the data subject (under the Terms of Service) - legitimate interest of Nevercode– GDPR art. 6 (1) (f).
      During the term of the contract with the data subject under the Terms of Service.

      After the termination of the contract under the Terms of Service - three years based on our legitimate interest until the end of the limitation periods under applicable law.
      Answering the inquires of the data subject.Name, e-mail and other personal data that is submitted to us directly by you also if you contact us with a query or question via Website or via any other channel (by sending an e-mail, for example).Directly from each data subject.To answer to the request of the data subject and our legitimate interest – GDPR art. 6 (1) (b) and GDPR art. 6 (1) (f).Until the end of the limitation period of the claim related to which the inquiry is submitted. Generally, such term is three years.
      Analytics data.Information collected through cookies (please see Cookie Policy below) that may include your IP address, location, gender, age, e-mail address and other statistics concerning your use of the Services and the Platform.Automatically in the course of your use of the Service.Consent by data subject - GDPR art. 6 (1) (a) or on the basis of our legitimate interest – GDPR art. 6 (1) (b) and GDPR art. 6 (1) (f).Consent by data subject - GDPR art. 6 (1) (a)

      Analytics data that is anonymized may be retained for unspecified term.
      Performance enhancing and providing key functionality of the Platform.Information collected through cookies (please see Cookie Policy below).Automatically in the course of your use of the Service.Consent by data subject - GDPR art. 6 (1) (a).Consent by data subject - GDPR art. 6 (1) (a).
  3. WHEN DO WE SHARE YOUR PERSONAL DATA?
    1. To the extent this is necessary for the provision of our Services, we may share your personal data with certain third parties.
    2. We may also share your personal data with third party suppliers providing services to us, e.g. IT suppliers or other service providers. At the moment of adopting this Privacy Policy, we use the following service providers:
      1. Mailchimp service by Rocket Science Group LLC d/b/a Mailchimp, to send email notifications. Privacy terms for Mailchimp are available here: https://mailchimp.com/legal/;
      2. Pipedrive OÜ for web-based Sales CRM and pipeline management solution. Privacy terms for Pipedrive OÜ are available here: https://www.pipedrive.com/en/privacy;
      3. Stripe, Inc. for payment services. Privacy terms for Stripe, Inc. are available here: https://stripe.com/en-ee/privacy;
      4. Intercom R&D Unlimited Company for support and marketing services. Privacy terms for Intercom R&D Unlimited Company are available here: https://www.intercom.com/legal/privacy;
      5. Segment.io, Inc. for analytics. Privacy terms for Segment.io, Inc. are available at: https://segment.com/legal/privacy/;
      6. Teamtailor AB for managing job applicants. Privacy terms for Teamtailor AB are available at: https://www.teamtailor.com/en/privacy-policy/ ;
      7. Facebook, Inc., services. Privacy terms for Facebook, Inc., are available at: https://www.facebook.com/privacy/explanation ;
      8. Google services, such as Gmail, Google Analytics and Google Tag Manager, for communication and analytics. Privacy terms for Google, LLC., are available at: https://policies.google.com/privacy;
      9. Some blog articles or content on our platform may also feature Youtube videos. Privacy terms for Google, LLC., are available at https://policies.google.com/privacy?hl=en.
      10. ActiveCampaign, LLC. to send newsletters and marketing. Privacy terms for ActiveCampaign are available here: https://www.activecampaign.com/legal.
    3. We may also transfer your personal data to third countries, i.e. countries outside the EU/EEA area, for the purposes explained in this Privacy Policy. When transferring your personal data to third countries, we will ensure that the transfer is subject to appropriate safeguards under GDPR and that your rights are protected, such as the Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2004/915/EC and/or 2010/87/EU. You may request a copy of the safeguards we have put in place with respect to the transfer of personal data by contacting us via contact details below.
  4. HOW LONG IS YOUR PERSONAL DATA RETAINED?
    1. Nevercode does not retain personal data longer than it is necessary for the purposes of processing personal data or pursuant to applicable law.
    2. Personal data related to contracts can be retained during the term of the contract and based on our legitimate interest pursuant to Article 6 (1) (f) of the GDPR until the end of the statutory limitation periods under applicable law. Accordingly, as a general rule, Nevercode retains your personal data as long as it is necessary for the provision of the Services during the term of the contract concluded between you and Nevercode and for three years after the term of the contract. In this regard, as a general rule, if you have not used our Services for three years, your profile and all personal data therein will be deleted, unless we have a legal basis for retaining your personal data for longer time period.
    3. Pursuant to the Accounting Act, we may retain accounting documents for seven years.
    4. More specific terms concerning the retention periods of your personal data are outlined in the table in Section 3 above.
  5. HOW DO WE PROTECT YOUR PERSONAL DATA?

    To protect your personal data from unauthorized access, unlawful processing or disclosure, accidental loss, modification or destruction, we use appropriate technical and organisational measures that comply with applicable laws. These measures include but are not limited to the implementation of appropriate computer security systems, protection of paper and electronic format files by technical and logical means, controlling and limiting access to documents and buildings.

    All information to and from the Platform is encrypted using Transport Layer Security (TLS). For more information on our data security policies, please check here.

    That said, like any hosted service provider, we cannot guarantee that unauthorized third parties or unauthorized personnel will not gain access to your Personal Data despite our efforts. You should note that in using the Website and the Service, your information will travel through third-party infrastructures which are not under our control.

    We cannot protect, nor does this Privacy Policy apply to, any information that you transmit to other users of the Website or the Service. You should never transmit personal or identifying information to other users.

  6. CALIFORNIA CONSUMER PRIVACY ACT (CCPA)

    California residents have additional rights to their personal information under The California Consumer Privacy Act (CCPA).

    1. The scope of personal information and who CCPA applies to

      This Section 7 applies only if you are a California resident. For purposes of this section, "Personal Information" has the meaning given in the CCPA.

      This Section 7 does not apply to:

      • information exempted from the scope of the CCPA;
      • information collected in a business-to-business context, namely, where the information reflects our communications or transactions with you in the context of performing due diligence on, providing services to, or receiving services from, a company, partnership, sole proprietorship, non-profit or government agency where you are an employee, controlling owner, director, officer or contractor of that organization;
      • activities governed by a different privacy notice, such as notices we give to California personnel or job candidates; or
      • Personal Information we collect, use, and share on behalf of our customers as a "service provider" under the CCPA.
    2. California residents rights are as follows according to CCPA and the context of Nevercode;

      1. Right to know and access.

        You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

        • The categories of personal information we collected about you,
        • The categories of sources for the personal information we collected about you,
        • Our business or commercial purpose for collecting that personal information,
        • The categories of third parties with whom we share that personal information, and
        • The specific pieces of personal information we collected about you.
      2. Right to delete.

        You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. You must contact the applicable business customers directly to delete your information that they have in their systems.

        We may deny your deletion request or not delete some of your personal information, if retaining the information is necessary for us or our service provider(s) to:

        • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
        • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
        • Debug products to identify and repair errors that impair existing intended functionality.
        • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
        • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
        • Comply with a legal obligation.
        • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

        We may also limit our deletion to the extent permitted by applicable law.

      3. Right to opt out.

        You have the right to opt-out of any "sale" of your Personal Information as defined in the CCPA.

        Nevercode does, has not and has no intentions whatsoever to sell personal information. This right is not applicable and is always opted out for everyone using our services.

      4. Right to non-discrimination.

        You are entitled to exercise the rights described above free from discrimination prohibited by the CCPA. Unless permitted by the CCPA, we will not:

        • Deny you goods or services,
        • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties,
        • Provide you a different level or quality of goods or services, or
        • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
    3. How to exercise your rights;

      To exercise your rights, please submit your request via our web form on our Contact Us page (located at https://codemagic.io/contact/) and provide the following information:

      Full name and email address associated with your use of our Service, and your specific request (e.g., right to access or right to delete). We will attempt to respond to a consumer request for access or deletion within 45 days of receiving that request. If we require more time, we will inform you of the reason and extension period in writing.

      Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information.

      You may only make a verifiable consumer request for access or data portability twice within a 12-month period.

  7. COOKIES
    1. Our Website uses cookies. This section incorporates our cookie policy (the Cookie Policy) that applies when you use Website.
    2. Cookies are small data files stored on your hard drive by a website. Cookies help us monitor and improve the functionality and usage of our Website and your experience when using our Services. We can use cookies to see which areas and features are popular and to count visits to our Website to recognise you as a returning visitor and to tailor your experience of the Website according to your preferences. We may also use cookies for targeting or advertising purposes.
    3. We use following type of cookies on our Website:
      1. Strictly necessary cookies, that are essential in order to enable you to move around and navigate on Platform and use the features of Platform.
      2. Statistics cookies, that record information about the way our Platform is used, to acquire knowledge on how often our Platform is visited, where on our Platform our visitors spend the most time, how often they interact with a page or part of a page, this allows us to make the structure, navigation, and content of our Platform as user-friendly as possible.
      3. Advertisement: targeting and advertising cookies are specifically designed to gather information from you on your device to display advertisements to you based on relevant topics that interest you. Advertisers will place these cookies on a website with the website operator’s permission. The information the cookies gather on you can be shared with other advertisers to measure the performance of their advertisements.
    4. The specific cookies that Platform uses are the following:
      CookieDescriptionDurationType
      ajs_anonymous_id
      ajs_user_id
      This cookie is set by Segment.io to check the number of new and returning visitors to the website.1 yearAnalytics
      _gat_gtag_UA_125963734_1Google uses this cookie to distinguish users.1 minuteAnalytics
      codemagic_accept_cookies
      codemagic_campaign_demo_request
      codemagic_campaign_signup
      codemagic_ cookies are functional (for example remembering where user came from so we could redirect them back in case they have to visit pages outside the codemagic domain e.g. github page). It is also used for our marketing/internal analytics (what page did form submitter originate from, what was the true source of completed signup, etc) and experience enhancing (remembering some user interface preferences)28 daysAnalytics
      codemagic_marketingcodemagic_ cookies are functional (for example remembering where user came from so we could redirect them back in case they have to visit pages outside the codemagic domain e.g. github page). It is also used for our marketing/internal analytics (what page did form submitter originate from, what was the true source of completed signup, etc) and experience enhancing (remembering some user interface preferences)30 daysAnalytics
      codemagic_lpcodemagic_ cookies are functional (for example remembering where user came from so we could redirect them back in case they have to visit pages outside the codemagic domain e.g. github page). It is also used for our marketing/internal analytics (what page did form submitter originate from, what was the true source of completed signup, etc) and experience enhancing (remembering some user interface preferences)2 yearsAnalytics
      codemagic_usercodemagic_ cookies are functional (for example remembering where user came from so we could redirect them back in case they have to visit pages outside the codemagic domain e.g. github page). It is also used for our marketing/internal analytics (what page did form submitter originate from, what was the true source of completed signup, etc) and experience enhancing (remembering some user interface preferences)5 yearsFunctional, Analytics
      codemagic_marketing
      codemagic_popup_*
      codemagic_ cookies are functional (for example remembering where user came from so we could redirect them back in case they have to visit pages outside the codemagic domain e.g. github page). It is also used for our marketing/internal analytics (what page did form submitter originate from, what was the true source of completed signup, etc) and experience enhancing (remembering some user interface preferences)4 weeksFunctional, Analytics
      codemagic_oauth_redirect
      codemagic_custom_repository
      codemagic_blogcta
      codemagic_blogbanner
      codemagic_blogsidebarbanner
      codemagic_team_redirect
      codemagic_popup_*
      codemagic_ cookies are functional (for example remembering where user came from so we could redirect them back in case they have to visit pages outside the codemagic domain e.g. github page). It is also used for our marketing/internal analytics (what page did form submitter originate from, what was the true source of completed signup, etc) and experience enhancing (remembering some user interface preferences)1 dayFunctional, Analytics
      Intercom-id-I6a0o8dsThis cookie is used for Intercom and allows visitors to see any conversations they've had on Codemagic websites.9 monthsCustomer support
      Intercom-session-I6a0o8dsIdentifier for each unique browser session. The user can access their conversations and have data communicated on logged out pages for 1 week, as long as the session isn't intentionally terminated with `Intercom('shutdown');`, which usually happens on logout.7 days (from each log in)Customer support
      __stripe_midFacilitates Stripe payments on Codemagic websites.1 yearPayments
      __stripe_sidFacilitates Stripe payments on Codemagic websites.30 minutesPayments
      prism_224738833This cookie is set by ActiveCampaign to track page views and submissions forms created with ActiveCampaign.30 daysAnalytics, Marketing
      sessionThis cookie used to tell if requests came from the same browser.Session basedFunctional
    5. If our blog or platform features some content or functionality that is made available via third parties like Youtube for example then the cookies that may be generated through that content may not be explicitly listed in 8.4, but the services and vendors that we use are included in section 4 and their cookie policy is available through the links provided therein.
    6. You can delete or block cookies on Website through your browser settings at any time. However, some cookies might be necessary for the functionality of Website. Therefore, you understand that when blocking or deleting the cookies some features of Website might not function correctly.
    7. For more general information about cookies including the difference between session and persistent cookies please see www.allaboutcookies.org.
    8. In case you have any question concerning Cookie Policy, you may contact us via contact details provided below.
  8. YOUR RIGHTS
    1. Nevercode is dedicated ensuring that all data subject rights arising under applicable law are always guaranteed to you. In particular, any data subject has:
      1. the right to access the personal data that Nevercode processes about you;
      2. the right to request that Nevercode rectifies any inaccurate personal data about you;
      3. the right to request Nevercode to erases your personal data and/or restricts of processing of your personal data if we do not have valid legal basis for processing;
      4. the right to receive your processed personal data in a structured, commonly used and machine-readable format and have the right to transmit your personal data to another controller;
      5. the right to object to the processing of your personal data.
    2. If you believe that your rights have been infringed, you may contact and lodge a complaint to the supervisory authority applicable for your jurisdiction ( List of data protection authorities in EU countries is available at https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en ).
  9. CHAT ROOMS
    If you participate in a discussion in our public Slack channel located at codemagicio.slack.com, you should be aware that any Personal Data you submit there can be read, collected, or used by other users in that chat room, and could be used to send you unsolicited messages. We are not responsible for the Personal Data you choose to submit in that forum.
  10. JOB APPLICATIONS
    If you choose to apply for a job at Nevercode you may be required to submit personal information to us that we use to evaluate your candidacy to the desired role.
  11. PRIVACY POLICY CHANGES
    Although most changes are likely to be minor, Nevercode may change its Privacy Policy from time to time, and at Nevercode's sole discretion. If we make any material changes to this Privacy Policy, we will either notify you by email (sent to the email address specified in your account) or by means of a notice on the Website and/or within the Platform prior to the change becoming effective, or as otherwise required by the applicable law. We encourage you to periodically review the Website for the latest information on our privacy practices. Your continued use of the Website and the Service after any change in this Privacy Policy takes effect will constitute your acceptance of such change.
  12. GOVERNING LAW AND JURISDICTION
    This Privacy Policy shall be governed by the laws of the Republic of Estonia. Any disputes arising from these Privacy Policy shall be settled in the Harju County Court in the Republic of Estonia, unless you have a right to turn to the court of your residence pursuant to statutory law.
  13. CONTACTS
    If you have any questions about this Privacy Policy or Cookie Policy or if you have any concerns about how we use your personal or if you want to exercise your rights as described above, you may contact us via e-mail or in writing using the following contact information:
    Nevercode
    AddressAkadeemia st 3, 51003, Tartu Estonia
    E-mailinfo@codemagic.io