Legal
/ Your Data

Privacy Policy

Last updated: January 30, 2026

/ Summary

We don't sell your data. We don't use your documents to train models. Documents are processed in memory and discarded. Payments are handled by Paddle -- we never see your card details.

01

Overview

This Privacy Policy explains how CodeSOTA, operated by Kacper Wikiel (“we”, “us”, “our”), collects, uses, and protects your personal information when you use our website at codesota.com and our document intelligence API (collectively, the “Service”).

02

Data Controller

The data controller for the purposes of GDPR and applicable data protection laws is:

Kacper Wikiel

kacper@codesota.com
03

Information We Collect

Account information

Name, email address, and authentication credentials managed via Clerk.

Payment information

Collected and processed exclusively by Paddle.com. We do not store payment card details.

Documents you submit

Processed in memory and not stored after processing completes, unless you explicitly enable document retention.

Usage data

API call timestamps, endpoints used, response sizes, and error rates. Used for billing, debugging, and service improvement.

Analytics data

Anonymized usage statistics via Vercel Analytics and PostHog. No personal identifiers.

04

How We Use Your Information

  • --Provide and operate the Service, including processing your documents
  • --Manage your account and subscription
  • --Send transactional emails (account confirmation, billing receipts, API key changes)
  • --Monitor and improve Service performance and reliability
  • --Detect and prevent abuse, fraud, and security threats
  • --Comply with legal obligations

We do not sell your personal information. We do not use documents you submit to train machine learning models.

05

Legal Basis for Processing (GDPR)

Contract

Processing necessary to provide the Service you subscribed to

Legitimate interest

Service improvement, security monitoring, fraud prevention

Legal obligation

Tax records, regulatory compliance

Consent

Marketing communications (opt-in only)

06

Third-Party Services

We share data with the following processors, only as necessary to operate the Service:

Paddle.com

Payment processing, invoicing, tax compliance (Merchant of Record)

Clerk

Authentication and user account management

Vercel

Website hosting and analytics

PostHog

Product analytics (anonymized usage patterns)

07

Data Retention

Account

Duration of account + 30 days after deletion

Documents

Not retained after processing. Retained documents deleted when you disable retention or delete your account.

Usage logs

90 days for debugging and billing reconciliation

Payments

5-7 years as required by tax law, managed by Paddle

08

Your Rights

Under GDPR and applicable data protection laws, you have the right to:

Access

Request a copy of your personal data

Rectification

Correct inaccurate personal data

Erasure

Request deletion of your data

Portability

Receive data in machine-readable format

Restriction

Limit how we use your data

Objection

Object to legitimate interest processing

To exercise any of these rights, email kacper@codesota.com. We respond within 30 days.

09

Cookies

Essential

Authentication and session management (Clerk)

Analytics

Anonymized usage tracking (Vercel Analytics, PostHog)

We do not use advertising or tracking cookies. Control cookie settings through your browser.

10

Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), secure authentication, and access controls. No method of transmission or storage is 100% secure.

11

International Transfers

Your data may be processed outside your jurisdiction, including the United States (Vercel, Clerk) and the United Kingdom (Paddle). Where data is transferred outside the EEA, we ensure appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

12

Children

The Service is not directed at individuals under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

13

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the Service. The “Last updated” date at the top reflects the most recent revision.

14

Contact

For privacy inquiries or data subject requests:

You also have the right to lodge a complaint with your local data protection authority.

Kacper Wikiel

kacper@codesota.com