CodeToday Technologies LLP (operating as codetoday.io) is an engineering consulting firm registered in Bangalore, Karnataka, India. We provide DevOps, MLOps, Data Engineering, Big Data, and AI/LLM Agent services to startups and enterprises worldwide.
For purposes of EU/UK GDPR, codetoday.io acts as the data controller for personal data collected through this website and our direct communication channels.
Registered Address: Bangalore, Karnataka, India
Contact: team@codetoday.io
This Privacy Policy applies to:
This policy does not cover data processed under separate Data Processing Agreements (DPAs) executed with clients as part of contracted engagements. Those are governed by the applicable DPA and Statement of Work.
Note: If you are an EU/EEA resident, you have enhanced rights under the General Data Protection Regulation (GDPR) (EU) 2016/679. If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA. Both are addressed in dedicated sections below.
We collect the minimum data necessary to operate our website and respond to commercial enquiries.
| Data Type | Where Collected | Examples |
|---|---|---|
| Identity data | Contact form, booking form, email | First name, last name, job title |
| Contact data | Contact form, email, LinkedIn DM | Email address, phone number (optional) |
| Professional data | Enquiry forms, discovery calls | Company name, industry, team size, tech stack |
| Message content | Contact form, email | Project description, questions, requirements |
| Marketing preferences | Newsletter sign-up, email footer | Consent to receive content updates |
| Referral data | Partner programme form | Referee name, referred company, relationship |
| Data Type | Tool | Examples |
|---|---|---|
| Usage data | Google Analytics 4 (GA4) | Pages visited, scroll depth, session duration, events |
| Device & browser data | GA4, GTM | Browser type, OS, screen resolution, language |
| Approximate location | GA4 | Country, region (IP-derived, then discarded) |
| Traffic source | GA4, UTM parameters | Referring URL, campaign, search keyword |
| Professional profile inference | LinkedIn Insight Tag | Job function, seniority, industry (aggregate) |
| Tag manager events | Google Tag Manager (GTM) | Form submissions, CTA clicks, scroll milestones |
Data is collected through the following channels:
| Purpose | Legal Basis | Details |
|---|---|---|
| Responding to enquiries and providing quotes | Contract performance / Pre-contractual steps (Art. 6(1)(b)) | Necessary to fulfil your request for information |
| Sending newsletters and engineering content | Consent (Art. 6(1)(a)) | Only when you opt-in; unsubscribe link in every email |
| Website analytics (GA4) | Legitimate interests (Art. 6(1)(f)) | We have a legitimate interest in understanding how visitors use our site to improve it. Balanced against your rights; data is anonymised. |
| LinkedIn retargeting and audience analytics | Consent (Art. 6(1)(a)) | LinkedIn Insight Tag fires only after cookie consent where required |
| Fraud prevention and legal compliance | Legal obligation (Art. 6(1)(c)) | Keeping records required by Indian tax and company law |
| Defending or establishing legal claims | Legitimate interests (Art. 6(1)(f)) | Retaining contract communications for dispute resolution |
| Partner/referral programme administration | Contract performance (Art. 6(1)(b)) | Processing referral payments and tracking introductions |
We use cookies and similar technologies to operate the website, measure performance, and personalise marketing. Below is a summary of cookies deployed on codetoday.io:
These cookies are essential for the website to function and cannot be switched off. They are usually set only in response to actions you take, such as setting privacy preferences or filling in forms.
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
| _ct_consent | codetoday.io | Stores cookie consent preferences | 12 months |
| XSRF-TOKEN | codetoday.io | CSRF protection on form submissions | Session |
These cookies allow us to count visits and traffic sources to measure and improve site performance. All information is aggregated and anonymous.
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
| _ga | Google Analytics 4 | Distinguishes unique users | 2 years |
| _ga_XXXXXXX | Google Analytics 4 | Session state | 2 years |
| _gid | Google Analytics | Distinguishes users (session) | 24 hours |
| _gat_gtag | Google Tag Manager | Throttles request rate | 1 minute |
Set by third-party advertising platforms. These cookies track your activity across sites to deliver relevant adverts.
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
| li_fat_id | Conversion tracking and retargeting via LinkedIn Insight Tag | 30 days | |
| bcookie | Browser identifier for LinkedIn features | 2 years | |
| lidc | Routing, session routing | 24 hours |
You can manage cookies through:
We do not sell your personal data to third parties. We may share data with the following categories of trusted processors and partners:
| Service | Purpose | Data Shared | Safeguards |
|---|---|---|---|
| Google LLC (GA4, GTM, Google Workspace) | Analytics, tag management, email | Usage data, email content | Standard Contractual Clauses (SCCs), EU-US DPF |
| LinkedIn Corporation | Retargeting advertising, Insight Tag analytics | Hashed email (if matched), visit data | SCCs, LinkedIn Privacy Policy |
| Calendly / Cal.com | Discovery call booking | Name, email, calendar availability | DPA in place; SOC 2 certified |
| HubSpot / CRM provider | Lead management, email follow-up | Contact details, enquiry notes | DPA in place; SCCs where applicable |
| AWS (Amazon Web Services) | Website hosting, form backends | Server logs, form submissions | AWS DPA, ISO 27001, SOC 2 |
| Stripe / Razorpay | Invoicing and payment processing | Billing contact info (not card numbers) | PCI-DSS Level 1 compliance |
We may also disclose personal data to: (a) comply with legal obligations, court orders, or regulatory requests; (b) enforce our Terms of Service; (c) protect the rights, property, or safety of codetoday.io, our clients, or others; (d) in connection with a merger, acquisition, or sale of assets, in which case we will notify you.
We retain personal data only as long as necessary for the purposes described in this policy, or as required by applicable law.
| Data Category | Retention Period | Rationale |
|---|---|---|
| Enquiry form submissions (no engagement) | 2 years from last contact | Legitimate interest in future follow-up; right to be forgotten applies |
| Client contract correspondence | 7 years from engagement end | Indian tax law (CGST/IT Act) and contractual dispute window |
| Invoice and billing records | 8 years | Statutory accounting requirements under the Companies Act 2013 |
| Newsletter subscriber data | Until unsubscribe + 30 days | Consent-based; immediately honoured on withdrawal |
| GA4 analytics data | 14 months (GA4 default) | Analytical purposes; automatically purged by Google after retention period |
| Server access logs | 90 days | Security monitoring and debugging |
| Partner / referral records | 3 years from last transaction | Payment reconciliation and dispute resolution |
At the end of the applicable retention period, data is securely deleted or anonymised. Where data is anonymised, it may be retained indefinitely for aggregate statistical purposes.
codetoday.io is based in India. We work with clients and use service providers globally, which means your personal data may be transferred to and processed in countries outside your country of residence, including the United States, the European Economic Area, and India.
For transfers of personal data from the EEA/UK to third countries without an adequacy decision, we rely on:
India's Digital Personal Data Protection Act (DPDPA) 2023 governs processing of personal data within India. We are committed to compliance as implementing rules come into force.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:
Important: No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security. If you believe your data has been compromised, please contact us immediately at team@codetoday.io.
If you are located in the European Union, European Economic Area, or United Kingdom, you have the following rights under the GDPR (and the UK GDPR where applicable):
To exercise any of these rights, contact us at team@codetoday.io. We will respond within 30 days (extendable to 90 days for complex requests with notice). We do not charge a fee for exercising your rights unless the request is manifestly unfounded or excessive.
You also have the right to lodge a complaint with your local supervisory authority. If you are in the EEA, you can find your national authority at edpb.europa.eu. In the UK, contact the Information Commissioner's Office (ICO).
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you specific rights regarding your personal information.
In the past 12 months, we have collected the following categories of personal information as defined by the CCPA: Identifiers (name, email), Internet or other electronic network activity information (browsing history on our site via GA4), Professional or employment-related information (company, job title), and Geolocation data (approximate, country-level only).
Email us at team@codetoday.io with the subject line "California Privacy Request". We will verify your identity and respond within 45 days (extendable by an additional 45 days with notice). You may designate an authorised agent to make a request on your behalf by providing written authorisation.
California Civil Code Section 1798.83 permits California residents to request information about disclosures of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.
Our website and services are directed at business professionals and are not intended for individuals under the age of 16 (or under 13 in the United States). We do not knowingly collect personal data from children.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us at team@codetoday.io and we will promptly delete such information.
Our website may contain links to third-party websites, including our client case studies, engineering blog references, partner sites, and social media platforms. We are not responsible for the privacy practices or content of those sites.
We encourage you to review the privacy policies of any third-party site you visit. Our inclusion of a link does not constitute endorsement of their privacy practices.
Specifically, our site links to:
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
We encourage you to review this policy periodically. Your continued use of the website after the effective date of a revised policy constitutes your acceptance of the changes, to the extent permitted by applicable law.
Previous versions of this policy are available on request by emailing team@codetoday.io.
For all privacy-related enquiries, requests to exercise your rights, or concerns about our data practices, please contact us through the following channels:
| Primary contact | team@codetoday.io |
| Subject line for privacy requests | Privacy Request — [Your Name] — [Request Type] |
| Postal address | CodeToday Technologies LLP, Bangalore, Karnataka, India |
| Response SLA | We aim to acknowledge all privacy requests within 72 hours and resolve them within 30 days. |
While we are not currently required to appoint a formal Data Protection Officer under applicable Indian law, the individual responsible for overseeing data protection compliance at codetoday.io can be reached at the contact details above. EU/EEA data subjects may also contact us via our primary email for GDPR-specific requests.
Our team will respond to any privacy enquiry within 72 hours.
📧 Email team@codetoday.io