CodeCudos

Privacy Policy

Last updated: March 2026

1. Data We Collect

  • Account data: name, email address, profile image, and (if using OAuth) GitHub username or Google account ID
  • Transaction data: order history, amounts, listing IDs, and payout requests. Payment processing is handled entirely by Stripe — we never store card numbers or financial credentials
  • Content: listings, descriptions, code files, and reviews you post on the platform
  • Usage data: pages visited, search queries, access timestamps, and browser/device type collected via server logs
  • Communications: messages you send to our support team

2. How We Use Your Data

  • To operate the marketplace and process transactions
  • To send transactional emails (purchase confirmations, sale notifications, refund updates) via Resend
  • To detect and prevent fraud or abuse
  • To improve the platform through aggregated analytics
  • To comply with legal obligations

We do not use your data for advertising or sell it to third parties.

3. Third-Party Services

We share data only with the following processors as necessary to provide the service:

  • Stripe — payment processing (Stripe Privacy Policy)
  • Vercel — hosting and infrastructure (Vercel Privacy Policy)
  • Resend — transactional email delivery
  • Vercel Blob — file storage for uploaded code and images

4. Cookies

We use session cookies required for authentication (NextAuth.js) and no tracking or advertising cookies. You may disable cookies in your browser, but this will prevent you from signing in.

5. Data Retention

We retain account data for as long as your account is active. Order and transaction records are retained for 7 years to comply with financial record-keeping obligations. You may request deletion of non-financial data at any time (see Section 6).

6. Your Rights (GDPR & CCPA)

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of personal data we hold about you
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your account and associated data
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing based on legitimate interests
  • Restriction — request we limit how we process your data

To exercise any of these rights, email [email protected] with your request. We will respond within 30 days. California residents may also submit requests under the CCPA to the same address.

7. Data Security

We use HTTPS for all data in transit, bcrypt for password hashing, HMAC-signed access tokens, and Stripe for all payment credential handling. No system is completely secure; if you discover a vulnerability, please disclose it responsibly to [email protected].

8. Children

CodeCudos is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us data, contact [email protected] and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify registered users by email and update the date above. Continued use after changes take effect constitutes acceptance.

10. Contact

For privacy-related questions or requests: