CodeHaven Solutions ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains in clear, accessible language how we collect, use, store, disclose, and safeguard your personal information when you interact with our website, services, team members, or any digital channel we operate.

We believe transparency is the foundation of trust. This document is written to help you make genuinely informed decisions about your privacy when engaging with CodeHaven Solutions. We take privacy seriously and apply it as a real operational standard, not merely as a legal checkbox.

This Privacy Policy applies to all personal information collected through our digital channels, service engagements, business communications, marketing activities, and any other interactions between you and CodeHaven Solutions. By using our services, you acknowledge that you have read and understood this policy.

We collect information in several ways depending on how you interact with CodeHaven Solutions.

Information you provide directly:

• Name, email address, phone number, and business name when submitting contact forms, project inquiries, or consultation requests
• Project details, technical requirements, business context, and goals shared during onboarding or consultation sessions
• Payment details processed through secure third-party payment processors — we do not store raw credit card numbers or banking credentials
• System credentials, API keys, and access tokens that you grant us temporarily as part of service delivery — these are stored securely and deleted upon project conclusion
• Communications sent to us via email, telephone, contact forms, or any messaging channel
• Feedback, survey responses, testimonials, or reviews you choose to submit

Information collected automatically:

• IP address, browser type and version, device type, and operating system
• Pages visited on our website, time spent on individual pages, scroll depth, and navigation patterns
• Referring URLs showing how you arrived at our website
• Cookie data and similar tracking technologies (detailed in Section 7)
• Geographic location data at the city or region level derived from IP address
• Session timestamps and interaction logs

Information from third parties:

• Business information from publicly available sources when conducting research on prospective clients
• Analytics and behavioral data from platforms such as Google Analytics
• Referral information when you were directed to us through a partner, affiliate, or colleague

We use the information we collect solely for legitimate business purposes. Specifically:

• To deliver, manage, and improve all services contracted with us
• To communicate with you about your project status, deliverables, and account matters
• To process payments, issue invoices, and manage billing and financial records
• To send service-related notifications, including updates, security alerts, and policy changes
• To respond to your support inquiries, questions, and feedback promptly and effectively
• To analyze aggregate usage patterns and improve our website, service delivery, and client experience
• To detect, investigate, and prevent fraudulent, unauthorized, or otherwise harmful activity
• To comply with applicable legal obligations, including tax reporting and regulatory requirements
• To enforce our contractual agreements and protect the rights of CodeHaven Solutions and our clients
• To send marketing communications where you have provided explicit consent, as described in Section 8
• To conduct internal business analysis, planning, and development activities

We will never use your personal information for any purpose incompatible with those stated above without first obtaining your informed consent. If we intend to use your information in a new way, we will inform you and, where required by law, obtain your permission.

Where applicable privacy law requires a documented legal basis for processing personal data, CodeHaven Solutions relies on the following bases:

• Contract performance: Processing that is necessary to fulfill our service obligations and honor the terms of any agreement between you and CodeHaven Solutions
• Legitimate interests: Processing necessary to pursue our legitimate business interests — such as improving our services, preventing fraud, maintaining business records, and communicating with prospective clients — where those interests are not overridden by your fundamental privacy rights
• Consent: Processing based on your explicit, informed consent, which you are free to withdraw at any time without affecting the lawfulness of prior processing
• Legal obligation: Processing required to comply with applicable laws, regulations, court orders, or governmental authority directives

If you have questions about the specific legal basis we rely on for any particular processing activity, please contact us using the information at the bottom of this document.

We do not sell, rent, or trade your personal information to any third party. We share your information only in the following limited and specific circumstances:

• Service providers: Trusted third-party vendors who assist us in operating our business and delivering our services, including payment processors, cloud hosting providers, project management and collaboration tools, and business communication platforms. All such vendors are contractually required to protect your information and are prohibited from using it for any purpose beyond the specific service they provide to us
• Legal requirements: When disclosure is required by applicable law, enforceable regulation, valid court order, subpoena, or directive from a governmental authority with jurisdiction
• Business transfers: In the event of a merger, acquisition, asset sale, or similar corporate transaction, your information may be transferred to the acquiring entity, subject to equivalent privacy protections and notification to you
• Protection of rights and safety: When disclosure is reasonably necessary to protect the rights, property, or safety of CodeHaven Solutions, our clients, team members, or the general public
• With your explicit consent: In any other circumstance where you have provided clear, specific, and informed permission for a particular sharing activity

We maintain an internal list of all third-party service providers who process personal data on our behalf. This list is reviewed regularly to ensure all providers maintain appropriate security standards.

We retain your personal information only for as long as is necessary to fulfill the purposes for which it was collected. Specific retention periods by category:

• Active client project data: Retained for the duration of the engagement plus 3 years from project close date
• Financial records and invoices: Retained for 7 years in accordance with United States tax reporting and accounting requirements
• Business communications (email, notes): Retained for 3 years from the date of last meaningful interaction
• Website analytics data: Retained in aggregated or anonymized form for up to 2 years; individual session data is shorter-lived
• Marketing consent records: Retained until consent is withdrawn plus 12 months for compliance documentation
• System credentials granted during service delivery: Deleted promptly upon project conclusion or upon Client request

When personal information is no longer required for any legitimate purpose, we securely delete or irreversibly anonymize it in accordance with our internal data destruction procedures. We do not retain personal information "just in case" it might be useful in the future.

Our website uses cookies and similar tracking technologies to enhance your experience and collect analytical data about how our site is used. A cookie is a small text file stored on your device by your browser when you visit a website.

We use the following categories of cookies:

• Essential cookies: Strictly necessary for the website to function properly. These include session management and security tokens. They cannot be disabled without breaking core site functionality.
• Analytics cookies: Help us understand how visitors interact with our site, including which pages are most visited, where traffic originates, and how users navigate. Analytics data is aggregated and anonymized where possible.
• Preference cookies: Remember settings and preferences that personalize your experience, such as language or display preferences.
• Marketing cookies: Used to deliver relevant content or advertising when you have consented to marketing communications. These may track your activity across websites.

You can control or disable non-essential cookies through your browser settings. Please note that disabling certain cookies may affect the functionality and user experience of our website. For detailed information about specific cookies we use, contact us directly.

We may send marketing communications — including company updates, service announcements, and industry insights — only to individuals who have explicitly opted in to receive such communications. We do not send unsolicited marketing emails.

Every marketing communication we send includes a clear and functional unsubscribe mechanism. You may opt out at any time by using that link or by contacting us directly. We process all unsubscribe requests within 10 business days.

Opting out of marketing communications does not affect transactional or service-related communications. We may still contact you regarding active projects, billing matters, security notices, or important policy changes as necessary to manage your account or engagement.

We implement and continuously maintain reasonable physical, technical, and administrative safeguards designed to protect your personal information against unauthorized access, loss, destruction, alteration, and misuse. Our security measures include:

• Encrypted data transmission using TLS/SSL protocols for all web communications
• Restricted internal access to personal information on a strict need-to-know basis
• Use of reputable, independently security-audited third-party platforms for data storage and business communications
• Secure handling and prompt deletion of credentials and access tokens granted during service engagements
• Regular internal review and updating of security practices and access controls
• Team member training on data handling responsibilities and privacy obligations

No method of electronic data transmission or storage is 100% secure. While we apply industry-standard protections and take your privacy seriously, we cannot guarantee absolute security against all possible threats. In the event of a data breach that materially affects your personal information, we will notify you as required by applicable law, including the nature of the breach, the information affected, and steps we are taking to address it.

Depending on your jurisdiction and applicable privacy law, you may have the following rights regarding your personal information held by CodeHaven Solutions:

• Right to access: Request a copy of the personal information we hold about you, including information about how it is being used
• Right to correction: Request correction of any inaccurate, outdated, or incomplete personal information we hold
• Right to deletion: Request deletion of your personal information, subject to our legal retention obligations and legitimate business necessity
• Right to restrict processing: Request that we limit how we use your information in certain circumstances, such as while you contest its accuracy
• Right to data portability: Request a copy of certain personal information in a structured, machine-readable format suitable for transfer to another service provider
• Right to object: Object to processing based on legitimate interests, or object to receiving direct marketing communications at any time
• Right to withdraw consent: Withdraw any consent previously given for data processing activities, without affecting the lawfulness of processing conducted prior to withdrawal

To exercise any of these rights, submit a written request using the contact information provided at the bottom of this document. We will acknowledge your request within 5 business days and provide a substantive response within 30 calendar days. We may request reasonable verification of your identity before fulfilling any rights request to protect your information from unauthorized access.

Our services are designed exclusively for business use by adults and are not directed to any person under the age of 18. We do not knowingly collect, process, or store personal information from minors.

If we become aware that we have inadvertently collected personal information from a person under 18 without appropriate parental consent, we will take immediate steps to delete that information from our records. If you believe we may have collected information from a minor, please contact us immediately using the information below and we will investigate and respond promptly.

Our website may contain links to external third-party websites. Our service delivery may also involve integration with or reference to third-party platforms such as CRM systems, automation tools, hosting providers, and payment processors. These third-party services operate under their own independent privacy policies and practices.

CodeHaven Solutions is not responsible for the privacy practices, data collection methods, or security standards of any third-party website or service. We encourage you to review the privacy policies of any external platform you interact with as a result of our services or through links on our website.

When we recommend third-party tools as part of a service engagement, we make every effort to recommend reputable platforms with strong privacy and security track records. However, your use of those platforms is governed by your separate agreement with them.

CodeHaven Solutions is headquartered in Newport, Kentucky, United States of America. All primary operations and data processing activities occur within the United States. If you are accessing our services from a jurisdiction outside the United States, please be aware that your personal information may be transferred to, stored in, and processed within the United States.

The data protection and privacy laws of the United States may differ from those of your home jurisdiction. By engaging with our services, you acknowledge and consent to this transfer. We take reasonable steps to ensure that any such transfers are conducted in a manner consistent with applicable privacy law and that your information receives an adequate level of protection regardless of where it is processed.

If you are a resident of the State of California, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

• Right to know: The specific categories and pieces of personal information we have collected about you, the purposes for collection, and the categories of third parties with whom we share it
• Right to delete: Request deletion of personal information we have collected, subject to certain exceptions
• Right to correct: Request correction of inaccurate personal information
• Right to opt out of sale or sharing: We do not sell or share personal information for cross-context behavioral advertising purposes, so this right is not currently applicable
• Right to limit use of sensitive personal information: Where applicable, limit the use of certain sensitive categories of personal information
• Right to non-discrimination: We will not discriminate against you for exercising any of your California privacy rights

To submit a verifiable California privacy rights request, contact us using the information below. We will respond within 45 calendar days as required under California law, with the option to extend by an additional 45 days with notice where reasonably necessary.

We may update this Privacy Policy from time to time to reflect changes in our data practices, technology, legal requirements, regulatory guidance, or the nature of our business operations. We are committed to keeping this document current and accurate.

When we make material changes to this policy — meaning changes that meaningfully affect how we collect, use, or share your personal information — we will update the "Last Updated" date at the top of this document. Where we have your contact information and the change is significant, we will also attempt to provide direct written notification to active clients prior to the effective date.

Your continued use of our services after any changes become effective constitutes acceptance of the revised Privacy Policy. If you do not agree to a modified version of this policy, you should discontinue use of our services and notify us of your intent to terminate the engagement.

We encourage you to review this Privacy Policy periodically, particularly before beginning a new service engagement with us. Previous versions of this policy are available upon written request.