Privacy Policy
Last Updated: 10th April 2026
Who we are
Codebii is a limited company registered in Guernsey, Channel Islands (Company No. 77918).
- Website: www.codebii.dev
- Contact email: collab@codebii.dev
We are the data controller for the personal data collected through this website. Codebii is registered as a data controller with the Office of the Data Protection Authority (ODPA).
What this policy covers
This policy explains what personal data we collect when you visit our website, how we use it and your rights in relation to it.
We are committed to protecting your privacy and handling your data responsibly in accordance with the Data Protection (Bailiwick of Guernsey) Law, 2017.
Guernsey has been granted adequacy status by both the European Union and the United Kingdom, meaning our data protection standards are recognised as equivalent to those of the EU and UK respectively.
The data protection principles we follow
Under the Data Protection (Bailiwick of Guernsey) Law, 2017 we are committed to ensuring that personal data is:
- Processed lawfully, fairly and transparently
- Collected for specified, explicit and legitimate purposes
- Limited to what is necessary for those purposes
- Accurate and kept up to date where necessary
- Retained only for as long as necessary
- Processed securely and protected against unauthorised access
What data we collect and why
Contact form submissions
When you submit an enquiry via our contact form we collect:
- Your name
- Your email address
- The business or organisation you are representing (if supplied)
- Your approximate budget range
- The services you are interested in
- Any details you provide about your enquiry
Why we collect this
To respond to your enquiry and assess how we can fulfil your requirements.
Legal basis
Legitimate interests; processing the information you provide is necessary to respond to your enquiry and take steps at your request prior to entering into a contract.
How long we keep it
Contact form submissions are retained for up to 2 years from the date of submission, after which they are automatically and permanently deleted from our database. Automated deletion runs on the first of every month. Notification emails received in our inbox are also retained for up to 2 years and reviewed periodically for deletion. You may request deletion at any time by contacting us at privacy@codebii.dev.
Cookies
We do not set any cookies on this website. However Cloudflare, which provides security and performance services for this site, may set a cookie named __cf_build for the purpose of identifying trusted web traffic and protecting against bots. This is a strictly necessary cookie and does not track you for advertising purposes. For more information, see Cloudflare's privacy policy at www.cloudflare.com/en-gb/privacypolicy.
Analytics
We do not use any dedicated analytics tools on this website and do not actively track visitor behaviour.
However, as part of providing website security and performance services, Cloudflare automatically processes certain technical data about visitors - including IP addresses, request metadata and geographic location. This data is processed by Cloudflare in accordance with their privacy policy, available at www.cloudflare.com/en-gb/privacypolicy.
Aggregated and anonymised visitor location data - which cannot identify individual visitors - may be used to inform our marketing strategy, such as identifying regions where our services are in demand.
How we store and protect your data
Contact form data
Contact form submissions are stored securely in a database provided by Supabase, hosted within the European Union. Access is strictly limited and protected by technical security controls including encryption at rest and in transit.
Email notifications
When you submit the contact form, a notification email containing your enquiry details is sent to us via Amazon Web Services Simple Email Service (AWS SES) and stored in our Microsoft 365 business inbox. These emails are retained for up to 2 years and reviewed periodically for deletion in line with our data retention policy. Emails are only accessible to the individual operating this business.
Security measures
We take reasonable technical and organisational steps to protect your personal data against unauthorised access, loss or destruction. These include encrypted data storage, access controls and secure data transmission over HTTPS. Automated data deletion is enforced at the database level and an audit log is maintained recording every deletion run for accountability purposes.
Third parties we use
We use the following third party services to operate this website. Each acts as a data processor on our behalf and is bound by contractual obligations to protect your data:
| Service | Purpose | Location | Privacy Policy |
|---|---|---|---|
| Supabase | Contact form data storage | EU | supabase.com/privacy |
| AWS SES | Email notification delivery | EU | aws.amazon.com/privacy |
| AWS Amplify / Cloudfront | Website hosting and delivery | Global CDN | aws.amazon.com/privacy |
| Cloudflare | DNS, security, performance and bot protection | Global | www.cloudflare.com/en-gb/privacypolicy |
| Microsoft 365 | Business email and enquiry storage | EU | www.microsoft.com/en-gb/privacy/privacystatement |
We do not sell your personal data to any third party. We do not use your personal data for advertising purposes.
International data transfers
Some of our third party service providers operate globally, meaning your data may be processed outside of Guernsey. Where this occurs we ensure that appropriate safeguards are in place in accordance with the Data Protection (Bailiwick of Guernsey) Law, 2017 to protect your data to an equivalent standard.
Data breach notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms we will notify the Office of the Data Protection Authority (ODPA) without undue delay and, where required, notify you directly.
Your rights
Under the Data Protection (Bailiwick of Guernsey) Law, 2017 you have the following rights:
- Right of access - you can request a copy of the personal data we hold about you (known as a Subject Access Request)
- Right to rectification - you can ask us to correct inaccurate or incomplete data
- Right to erasure - you can ask us to delete your personal data where there is no compelling reason for us to continue processing it
- Right to restrict processing - you can ask us to limit how we use your data
- Right to object - you can object to our processing where we rely on legitimate interests as our legal basis
- Right to data portability - you can request your data in a structured, commonly used and machine readable format
To exercise any of these rights please contact us at privacy@codebii.dev. We will respond within one month of receiving your request. In complex cases we may extend this by a further two months and will notify you accordingly.
There is no charge for making a Subject Access Request. We reserve the right to charge a reasonable administrative fee where a request is manifestly unfounded or manifestly excessive, particularly where it is repetitive in nature. We will notify you of any applicable fee before proceeding.
Complaints
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with The Office of the Data Protection Authority (ODPA):
- Website: www.odpa.gg
- Email: info@odpa.gg
- Phone: +44 (0)1481 742074
We would appreciate the opportunity to address your concerns before you approach the ODPA - please contact us first at privacy@codebii.dev.
Changes to this policy
We may update this policy from time to time to reflect changes in our practices or legal requirements. The date at the top of this page will always reflect when this policy was last updated. We recommend checking this page periodically. Continued use of this website following any changes constitutes acceptance of the updated policy.
Contact us
If you have any questions about this privacy policy or how we handle your data, please contact us at: privacy@codebii.dev