White Coda

Privacy Policy

Effective: March 25, 2026

1. Who We Are

White Coda Inc. is a Texas-based company providing CRM and project-management services. We are the data controller for personal data processed through our platform.

2. Data We Collect

  • Identity data: name, email address, company name, role
  • Billing data: payment method details (processed by Stripe), invoices, subscription history
  • Usage data: login timestamps, feature interactions, device/browser info, IP address
  • Communication data: messages sent through the platform, support tickets
  • Marketing data: preferences, campaign interactions, referral source
  • Support data: bug reports, feedback, uploaded files related to support

3. How We Collect It

  • Directly: registration forms, profile updates, support requests
  • Cookies & tracking: analytics cookies, session cookies (see our Cookie Policy)
  • Third parties: payment processors, SSO providers, analytics services

4. Why We Collect It

Contract performance

To provide, maintain, and improve the Service; process payments; manage your account.

Consent

Marketing emails, optional analytics, and non-essential cookies require your consent.

Legitimate interest

Security monitoring, fraud prevention, product analytics, and customer support.

5. Who We Share With

  • Stripe: payment processing
  • Supabase: database hosting and authentication
  • Mailgun: transactional email delivery
  • Twilio: SMS notifications
  • GoHighLevel: CRM automation and marketing workflows

We do not sell personal data. Sharing is limited to what is necessary for service delivery.

6. How We Protect It

  • TLS 1.2+ encryption in transit
  • AES-256 encryption at rest
  • Role-based access control (RBAC)
  • SOC 2 Type II compliant infrastructure
  • Regular penetration testing and vulnerability assessments

7. How Long We Keep It

  • Active account data: duration of account plus 30 days after deletion
  • Billing records: 7 years (tax/legal requirements)
  • Server logs: 90 days
  • Support tickets: 3 years after resolution
  • Marketing data: until consent is withdrawn

8. Your Rights

GDPR (Art. 15-22)

Access, rectification, erasure, restriction, portability, and objection. Contact privacy@whitecoda.com to exercise these rights. We respond within 30 days.

CCPA / CPRA (California)

Right to know, delete, correct, opt-out of sale/sharing. We do not sell personal information.

TDPSA (Texas)

Access, correction, deletion, data portability, and opt-out of targeted advertising.

9. Cookies

We use cookies as described in our Cookie Policy. You can manage preferences through our consent banner or browser settings.

10. Children's Privacy

The Service is not directed to individuals under 13. We do not knowingly collect data from children. If we learn we have collected such data, we will delete it promptly.

11. International Transfers

Data may be transferred to and processed in the United States. We use Standard Contractual Clauses and equivalent safeguards for cross-border transfers where required by applicable law.

12. Changes to This Policy

We will notify you of material changes via email or in-app notification at least 14 days before they take effect. Continued use after the effective date constitutes acceptance.

13. Contact

For privacy inquiries: privacy@whitecoda.com

TermsPrivacyCookies
← Back to Login
    Privacy Policy | White Coda