Codelits Studio Logo

PRIVACY

Codelits Studio Privacy Policy

Effective date: August 26, 2025.

1. Scope and Acceptance

By using our Services, you consent to the collection, use, disclosure, and storage of your information as described in this Privacy Policy. This policy applies whether you access our Services directly or through third-party platforms (including payment platforms) which we use for billing and payments.

2. Definitions

Personal Information: information that identifies or can reasonably identify an individual (e.g., name, email, billing details).
Aggregated/Anonymized Data: data processed so it no longer identifies an individual.
Processors/Service Providers: third parties that process data on our behalf (e.g., payment platforms, hosting, analytics).

3. Information We Collect

We collect information in several ways:

  • Account and Contact Information: name, company name, billing address, email, phone number, username.
  • Payment & Billing Data: payment method, transaction history, billing addresses. Payment card details are processed and stored by our payment platforms and not stored on our systems except where explicitly required and securely tokenized.
  • Usage & Technical Data: IP address, device identifiers, browser and OS, session logs, feature usage, pages visited, API usage logs, timestamps, error reports.
  • AI Interaction Data: inputs you send to AI services (prompts, files, text, voice), model outputs returned to you, metadata about interactions, and logs used for debugging, quality assurance, and improving models — retained as described below.
  • Communications: support requests, emails, chat transcripts, and feedback.
  • Cookies & Tracking: cookies, local storage, pixels and similar technologies for authentication, preferences, analytics and advertising (where applicable).
  • Third-Party Data: information you share from or that is provided by third-parties (e.g., identity verification, company registries, or social login providers).
  • Sensitivity: we do not intentionally collect sensitive personal data (e.g., race, religion, health) except where you voluntarily provide it. If sensitive data is provided, we will only use it consistent with your consent and applicable law.

4. How We Use Personal Information

We use personal information for the following purposes:

  • Service Delivery: create and manage your account, provide Services, and fulfill contracts.
  • Payments & Billing: process subscriptions, invoices, refunds, and prevent fraud.
  • Improvements: analyze usage and feedback to develop and improve features and products.
  • Security & Fraud Prevention: detect and prevent security incidents and malicious activity.
  • Communication: send transactional messages (account notices, receipts), and marketing communications where you have consented.
  • Legal & Compliance: comply with laws, respond to legal requests, enforce our Terms of Service.
  • Research & Model Development: use de-identified or aggregated interaction data to train and evaluate AI models unless you opt out as described below.

5. Legal Bases for Processing (where applicable)

If you are in jurisdictions like the EU, our legal bases include: contract performance (providing the Services), legitimate interests (security, analytics, product improvement), consent (marketing, cookies), and legal obligations. For any processing requiring consent, we will request it explicitly.

6. AI-Specific Processing

For products such as AiSys and any AI features in CloudX, Ascenra or Finsero:

  • Inputs & Outputs: we process the prompts, files, and other inputs you provide and the outputs generated by models. These may be logged for debugging, abuse prevention, and quality improvement.
  • Data Minimization: you should avoid providing sensitive personal data in AI prompts unless necessary. Where you do, we treat such data according to this policy and applicable law.
  • Model Training: de-identified or aggregated interaction data may be used to improve models. If you request exclusion of your data from model improvement, we will provide opt-out mechanisms where feasible.
  • Automated Decisions & Profiling: some features may involve automated processing (e.g., classification or recommendations). You may request explanations or human review where required by law.

7. Cookies and Tracking Technologies

We use cookies and similar technologies for authentication, security, site functionality, analytics, and marketing. You can manage cookie preferences through your browser and in any consent banner we provide. Essential cookies required for service operation may not be disabled without affecting functionality.

8. Sharing and Disclosure

We share personal information with:

  • Payment Processors: Paddle and other authorized payment providers for billing, fraud prevention and refunds.
  • Hosting & Cloud Providers: infrastructure providers for storing and serving data.
  • Analytics & Monitoring: providers for usage analytics, error reporting and performance monitoring.
  • Third-party Integrations: integrations you enable (e.g., CRM, email platforms) which may receive data you authorize.
  • Legal & Safety: when required by law or to protect our rights, users, or the public.
  • Business Transfers: in connection with mergers, acquisitions or asset sales — subject to confidentiality and notice.

We do not sell your personal information. Any sharing is limited to what's necessary and governed by contracts requiring suitable safeguards.

9. International Transfers

We operate globally. Personal data may be transferred to, stored, and processed in countries outside your jurisdiction (including Nepal, India, the USA, and EU members). Where required by law, we implement standard contractual clauses, adequate safeguards, or rely on other lawful transfer mechanisms.

10. Data Retention

We retain personal data only as long as necessary to provide Services, comply with legal obligations, resolve disputes, enforce agreements, or for the legitimate business purposes described above. Example retention periods:

  • Account and billing records: 7 years (or as required by tax law).
  • Support logs and transcripts: 2 years.
  • AI interaction logs for quality and safety: default 1 year (may vary; request opt-out where offered).
  • Analytics and aggregated data: retained as aggregated indefinitely.

Adjust these default retention periods to meet local legal requirements and specific internal policies.

11. Security Measures

We employ administrative, technical and physical measures to protect data, including:

  • Encryption in transit (TLS) and at rest where appropriate.
  • Access controls and role-based permissions for employees and contractors.
  • Regular security assessments, vulnerability scanning, and patching.
  • Employee training on data protection and incident response playbooks.
  • Use of reputable subprocessors who meet security standards.

No system is perfectly secure. In the event of a data breach likely to cause risk to rights and freedoms, we will notify affected users and authorities as required by applicable law.

12. Your Rights & Choices

Depending on your jurisdiction, you may have rights including:

  • Access: request a copy of your personal data we hold.
  • Correction: correct inaccurate or incomplete data.
  • Deletion: request deletion of your personal data, subject to legal retention requirements.
  • Portability: receive your data in a commonly used, machine-readable format.
  • Restriction/Objection: request restriction of processing or object to direct marketing.
  • Consent Withdrawal: withdraw consent for processing where consent was the lawful basis.

To exercise rights, contact us at privacy@codelitsstudio.com. We may require identity verification before fulfilling requests. We will respond within applicable legal timeframes.

13. Children's Privacy

Our Services are not intended for children under 13 (or higher age where local law requires). We do not knowingly collect personal information from children. If we learn we have collected such data, we will promptly delete it and notify the guardian where required.

14. Payment Processing & Refunds

We use various payment platforms to process payments. These platforms store and transmit payment information under their own privacy and security policies. We only store payment tokens or minimal billing details necessary for invoicing and recurring billing. Refunds and chargebacks are handled per our Terms of Service and each platform's policies.

15. Third-Party and Subprocessor List

Examples of categories of subprocessors we use (subject to change): payment processors (Paddle), cloud providers (e.g., AWS, Azure, GCP), email providers, customer support providers, analytics platforms, CDN providers, and identity providers. A current list of subprocessors is available upon request by emailing info@codelitsstudio.com.

16. International & Local Law Compliance

We aim to comply with international privacy laws (e.g., GDPR, CCPA) where applicable. If you are an EU data subject, the legal bases and your rights are explained above. California residents may have additional rights under the CCPA — contact us to exercise those rights.

17. Data Breach Response

We maintain an incident response plan. If a personal data breach occurs that is likely to result in a high risk to your rights and freedoms, we will notify you and relevant supervisory authorities as required by applicable law without undue delay.

18. Account Deletion, Export & Portability

You may delete your account or export your data. Account deletion removes access to Services and may not remove copies retained for legal or legitimate business reasons. Data export will be provided in a machine-readable format where technically feasible.

19. Marketing & Communications

We may send newsletters and promotional messages if you opt in. You can opt out via links in emails or contacting us. Service-related communications (e.g., account notices) are not optional.

20. Changes to This Policy

We may update this policy. Material changes will be posted with a new effective date and, where appropriate, notified directly. Continued use of Services after changes implies acceptance.

21. Contact & Data Protection Officer

For questions, requests, or to obtain the current list of subprocessors, contact:
Privacy Team — Codelits Studio Pvt. Ltd.
Email: info@codelitsstudio.com

If you are an EU resident and prefer to contact a DPO or designated representative, we will supply the contact when requested.

22. Legal Notices & Remedies

This policy does not create contractual rights for third parties. Remedies and disputes are addressed in our Terms of Service and governed by applicable law (our Terms will specify governing law and dispute resolution).

23. Additional Notes & Practical Steps

Practical suggestions to stay compliant:

  • Maintain and publish an up-to-date subprocessor list; notify users of material changes.
  • Keep your data retention schedule documented and defensible.
  • Provide an easy-to-find privacy contact and a small privacy summary in UI/footers for non-legal readers.
  • Offer explicit opt-out for using AI interaction data for model training where feasible.
  • Ensure contracts with Paddle and other vendors include data processing terms and adequate safeguards for international transfers.

24. Sample Quick Summary (for UI or footer)

We are Codelits Studio. We collect basic account, payment, and usage data to provide and secure our services. Payments are processed by Paddle. You can request access, correction, export, or deletion of your data via info@codelitsstudio.com.

25. Acknowledgement

By using our Services, you acknowledge that you have read and understood this Privacy Policy.

Related Softwares

Additional Privacy Policies

PlayXio Privacy Policy

Privacy policy for esports platform and mobile app.