GDPR

Codbip processes personal data with care, transparency and data minimization in mind. Only data strictly necessary to deliver the service is collected.

For any data protection request: [email protected]. We respond within 30 days.

Codbip uses the following sub-processors, each providing appropriate GDPR safeguards:

• - Directus CMS: content and user data storage — self-hosted, EU servers
• - Brevo: transactional emails and newsletter — EU servers
• - Vercel: hosting and CDN — edge functions may process data in multiple regions with adequate safeguards
• - Cloudflare Turnstile: bot protection — minimal processing, no personal data retained
• - Rybbit Analytics: privacy-focused audience measurement — self-hosted, no personally identifiable information (PII)
• - Google Analytics 4: audience measurement — activated only after explicit consent, data retained for 14 months

All primary data is stored within the European Union via our self-hosted Directus infrastructure.

Vercel edge functions may process requests in multiple regions; adequate safeguards (Standard Contractual Clauses or adequacy decisions) are in place for any transfer outside the EU.

Under the GDPR, you have the following rights over your personal data:

• - Access: obtain a copy of the data we hold about you
• - Rectification: correct inaccurate or incomplete data
• - Erasure: request deletion of your data (right to be forgotten)
• - Portability: receive your data in a structured, machine-readable format
• - Restriction: limit the processing of your data in certain circumstances
• - Objection: object to processing based on legitimate interest

To exercise your rights, contact: [email protected]. We respond within 30 days. If you are unsatisfied, you may lodge a complaint with the CNIL (cnil.fr).