Security
CodeStasis runs in secure datacenters in the EU. All data is encrypted in transit and at rest. CodeStasis is always served over HTTPS/SSL.
Third-parties
All our code is served from CodeStasis domains to prevent third-party tracking, except on payment pages where we must make an isolated exception.
To process payments we include Javascript required and served by Stripe. Using Stripe prevents CodeStasis from seeing your sensitive payment details.
By default we do not enable Cloudflare DDOS protection, but we may do so if necessary. Given how DDOS mitigation works your traffic may be seen and logged by Cloudflare (who has its own privacy policy).
We may experiment with Reddit Pixel for advertising.
Analytics
We're only interested in how well our website and products work. We're not interested in snooping on you. We don't use Google Analytics or other third-party services.
We collect aggregated metrics from our short-lived server logs and basic analytics in-house. We don't keep IP addresses or personally identifying details. The most granular level of data we keep is at city and country level.
Cookies
The cookies we ask your browser to store are:
If we need to enable Cloudflare, they may set additional cookies such as:
-
__cfduid
for the security features they provide
Passwords
CodeStasis does not request or require a password. Log in is completed via a link sent to your registered email address and opened on the device where you want to log in.
Control over your data
You can:
- View and amend all the data we hold about you on your account details page.
- Export this data.
- Close your account at any time to irrevocably delete your data. Data is immediately removed from live systems and will be completely removed from backups within 14 days. Payment and subscription history will be retained by us and Stripe as required for accounting and tax purposes.
Contact us for any of the above
Data breaches
If you find or become aware of a data breach or leak, please report it to security@codestasis.com.
If there is a data breach, all users will be notified via email and notice will be posted on the website within 72 hours.