Privacy Policy

Last updated: March 31, 2026

This Privacy Policy explains how CodePixelfy LLC ("Company", "we", "us", "our") collects, uses, discloses, and safeguards your information when you use the DeployProof service ("Service", "DeployProof").

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Name
• Email address
• Password (encrypted)
• Company name (optional)

1.2 Project Data

When you use our service, we collect:

• URLs you add for screenshot capture
• Screenshots of your web pages
• Client names and email addresses you provide
• Approval records including:
  • Response timestamps (sent, responded, approved/rejected)
  • Client IP address (for verification)
  • Client browser/user agent (for verification)
  • Electronic signature (drawn or typed)
  • Feedback and comments
  • Cryptographic evidence hash (SHA-256)
  • URLs reviewed at time of response

1.3 Payment Information

When you subscribe to a paid plan:

• Payment processing is handled by Stripe
• We store your Stripe customer ID and subscription status
• We do not store credit card numbers

1.4 Automatically Collected Information

• IP address
• Browser type and version
• Device information
• Usage data and analytics

2. How We Use Your Information

We use your information to:

• Provide and maintain our service
• Process your transactions
• Send approval requests to your clients on your behalf
• Generate PDF evidence reports
• Send service-related communications
• Improve our service
• Comply with legal obligations

3. Lawful Basis for Processing

Under the General Data Protection Regulation (GDPR), we process personal data only where we have a lawful basis. The table below sets out the lawful basis for each category of data we process.

4. Client Data Collection

When your clients interact with approval links, we collect the following information:

4.1 Required for All Responses

• IP address (for verification and fraud prevention)
• Browser type and user agent (for verification)
• Response timestamp (when they submitted their response)
• Response type (approved, rejected, or changes requested)
• Feedback or comments provided

4.2 For Approvals

• Electronic signature (canvas-drawn image OR typed name)
• Signature timestamp

4.3 Evidence Integrity

• We generate a cryptographic hash (SHA-256) of the approval data
• This hash proves the record has not been modified after submission
• The URLs being reviewed are captured at the moment of response

4.4 Consent

• Clients must check a consent box before submitting ANY response
• The consent confirms they agree to have their response and information recorded
• This consent is required for approvals, rejections, and change requests

4.5 Disclosure

• All data collection is disclosed on the approval page BEFORE submission
• Clients can see exactly what information will be recorded
• Clients can choose not to submit if they disagree

5. Electronic Signatures

5.1 Signature Collection

DeployProof collects electronic signatures from clients when they approve work. For each approval, we capture:

• Signature (drawn using mouse/touch on a signature pad, or typed name)
• Timestamp (UTC)
• IP address
• Cryptographic evidence hash (SHA-256)
• Consent confirmation

These signatures are collected for commercial project approvals and general business use. DeployProof does not provide signatures intended for documents requiring notarization or any specific certified signature standard.

5.2 Signature Storage

• Drawn signatures are stored as PNG images (base64 encoded)
• Typed signatures are stored as text
• Signatures are associated with the approval record and cannot be modified

5.3 What the Signature Records

The combination of signature, timestamp, IP address, and evidence hash creates a documented audit trail of the signer's identity-presentation, intent, and the contents they approved. These records are suitable for commercial project approvals and general business use. DeployProof does not make any representation about how courts or counterparties in any specific jurisdiction will treat the resulting records.

5.4 Signature Verification

• Each approval record includes a SHA-256 cryptographic hash
• This hash can be used to verify the approval data has not been tampered with
• The hash includes: approval ID, status, client information, signature, timestamps, and URLs reviewed

6. Data Retention

We retain different categories of data for different periods, based on the purpose of processing and legal requirements:

• Account data: Retained until you delete your account, plus 30 days for permanent deletion
• Screenshots and project data: Retained until you delete the project or your account
• Approval records and electronic signatures: Retained permanently as documented proof of client approval
• Evidence hashes: Retained permanently as proof of record integrity
• Payment records: Retained for 7 years after the transaction for tax and legal compliance
• Security logs: Retained for 90 days
• Analytics data: Retained for 26 months (Google Analytics default retention period)

After account deletion, all data except payment records (retained for tax compliance) and anonymized analytics data is permanently deleted within 30 days.

7. Data Sharing

We do not sell your personal information. We share data with the following processors, each of whom processes data on our behalf under a data processing agreement:

We may also share data when required by law, such as in response to a subpoena, court order, or other valid legal process.

8. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your data
• Export your data
• Object to processing
• Withdraw consent

To exercise these rights, contact us at office@codepixelfy.com.

9. California Privacy Rights (CCPA/CPRA)

This section applies to California residents and supplements our Privacy Policy in accordance with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

9.1 Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information:

9.2 Sources of Personal Information

We collect personal information from:

• Directly from you (registration, profile updates)
• Automatically (cookies, analytics, server logs)
• Third parties (payment processors)

9.3 Use of Personal Information

We use personal information for the business purposes described in our Privacy Policy, including:

• Providing and improving our Service
• Processing payments
• Communicating with you
• Security and fraud prevention

9.4 Sale or Sharing of Personal Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

9.5 Your California Privacy Rights

As a California resident, you have the right to:

• Right to Know: Request what personal information we collect, use, and disclose about you
• Right to Delete: Request deletion of your personal information, subject to certain exceptions
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt out of the sale or sharing of personal information (not applicable as we do not sell/share)
• Right to Limit: Limit use of sensitive personal information (not applicable as we do not use sensitive information for secondary purposes)
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising your rights

9.6 Exercising Your Rights

To exercise your California privacy rights, you may:

• Email us at office@codepixelfy.com
• Use the account deletion feature in your dashboard
• Submit a request through our support system

We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf.

9.7 Response Timing

We will respond to verifiable consumer requests within 45 days. If we need more time, we will notify you of the extension and the reason.

10. Data Security

We implement appropriate security measures including:

• Encrypted data transmission (HTTPS)
• Encrypted password storage (bcrypt)
• Secure authentication (NextAuth.js)
• Cryptographic evidence hashes (SHA-256) for approval record integrity
• Signature image validation to prevent malicious content
• Rate limiting on sensitive operations
• Regular security updates

11. Cookies

We use essential cookies for:

• Authentication (session cookies)
• Security (CSRF protection)

See our Cookie Policy for more details.

12. Analytics and Advertising

We use LinkedIn Insight Tag to measure the effectiveness of our advertising campaigns and understand how visitors interact with our website. This tool may collect information such as:

• Pages visited
• Referring URL
• Device and browser information
• IP address (anonymized)

This data is processed by LinkedIn according to their Privacy Policy. You can opt out of LinkedIn's tracking at: LinkedIn Retargeting Opt-Out.

13. International Transfers

Your data may be processed in countries outside the European Economic Area (EEA). We transfer data to the following destinations:

• Germany:Hetzner (server hosting) — no additional transfer mechanism required (EU member state)
• United States: Stripe, MongoDB Atlas, Resend, Sentry, Google Analytics, LinkedIn

For transfers to the United States, we rely on the following safeguards:

• Stripe: EU-US Data Privacy Framework
• Google Analytics: EU-US Data Privacy Framework
• Sentry: Standard Contractual Clauses (SCCs)
• Resend: Standard Contractual Clauses (SCCs)
• MongoDB Atlas: Standard Contractual Clauses (SCCs)
• LinkedIn: EU-US Data Privacy Framework

You have the right to request a copy of the Standard Contractual Clauses by contacting us at office@codepixelfy.com.

14. Confidential Mode

DeployProof offers a Confidential Mode feature for projects. When enabled by a project owner, project details (including project name, client name, client email, page URLs, and descriptions) are masked from DeployProof staff in administrative views. All administrative access to projects is logged in an audit trail, including the accessing user, timestamp, and IP address. Confidential Mode restricts internal staff access to your data — the data itself remains stored in our systems and is subject to the retention policies described in Section 6.

15. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect data from children.

16. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes via email or service notification.

17. Contact Us

For privacy-related inquiries:

• Email: office@codepixelfy.com
• Company: CodePixelfy LLC
• Address: 1111B S Governors Ave STE 28859, Dover, DE 19904, United States