Codbip
Back to home
GDPR compliant

Privacy policy

How we collect, use and protect your personal data.

Last updated: March 16, 2026

Contents

  1. 1.Data controller
  2. 2.Data we collect
  3. 3.Purposes of processing
  4. 4.Sub-processors and third-party tools
  5. 5.Data sharing
  6. 6.Your rights
  7. 7.Security and retention
1

Data controller

The data controller is Codbip SAS, based in Paris, France.

For any data-related question: [email protected]

2

Data we collect

Contact form

  • - Name, email address, phone number, company, message.

Newsletter subscription

  • - Email address, first name.

Simulator and quote request

  • - Project configuration (type, budget, desired features).
  • - Contact details: name, email, phone, company.

Session data and preferences

  • - Language and theme (light/dark) preferences, stored locally in your browser (localStorage / cookies).
  • - These preferences are not transmitted to our servers.

Technical data

  • - IP address, browser, device, pages visited (via analytics).
3

Purposes of processing

  • - Processing contact and quote requests
  • - Sending newsletters and commercial communications (with consent)
  • - Audience measurement and site improvement
  • - Protection against bots and abusive submissions
  • - Compliance with legal obligations
4

Sub-processors and third-party tools

Directus CMS (self-hosted, European Union)

Our data — contacts, newsletter subscribers, quote requests and blog content — is stored in a Directus instance that we self-host in Europe. No data is sent to any third-party Directus server.

Brevo

Used to send transactional emails (request confirmation, contact replies) and newsletter campaigns. Brevo is a French provider compliant with GDPR. Brevo privacy policy.

Rybbit Analytics (self-hosted)

A privacy-focused analytics tool hosted by us. No tracking cookies are set, and no personally identifiable data is collected or shared with third parties.

Google Analytics 4 (optional)

We may use Google Analytics 4 for site audience measurement. If enabled, explicit consent is requested before any cookie is set. Google privacy policy.

Cloudflare Turnstile

Used on our forms to distinguish human users from bots. Turnstile does not collect personal data and does not use tracking cookies. Cloudflare privacy policy.

Vercel

Our Next.js site is hosted on Vercel. Vercel may process technical data (IP address, request logs) as part of its hosting service. Vercel privacy policy.

5

Data sharing

Your data is never sold or transferred to third parties for commercial purposes. It is only shared with the technical sub-processors listed above, strictly within the purposes described, and only to the extent necessary for service delivery.

6

Your rights

Under the GDPR, you have the following rights regarding your personal data:

  • - Right of access and portability
  • - Right to rectification
  • - Right to erasure ("right to be forgotten")
  • - Right to object and to restriction of processing
  • - Right to withdraw consent at any time (in particular for the newsletter)

To exercise your rights: [email protected]

You may also lodge a complaint with the CNIL (French data protection authority).

7

Security and retention

We implement appropriate security measures: encrypted communications (HTTPS/TLS), restricted data access, and European hosting for sensitive data.

Data is retained only for as long as necessary for its purpose:

  • - Contact and quote requests: 3 years from the last interaction
  • - Newsletter subscribers: until unsubscription
  • - Aggregated analytics data: 13 months maximum

Questions about this document?

[email protected]