Privacy Policy

Effective Date: January 10, 2026

Last Updated: January 10, 2026

This Privacy Policy describes how Qodecraft (“Qodecraft,” “us,” or “we”) collects, uses, and protects personal information through our business operations and Qodecraft.com (the “Website”).

By accessing our Website or engaging our services, you agree to this Privacy Policy. If you do not agree, please discontinue use of our services.

What Information We Collect

Qodecraft collects minimal personal information, primarily through direct business relationships:

Information You Provide:

Contact information (name, email, phone, company, job title)
Project requirements and business needs
Communication records related to our services

Website Analytics (Minimal):

Basic technical data (IP address, browser type, pages visited)
Essential cookies for website functionality only

We do not collect personal data through our website beyond basic analytics. All substantive data collection occurs through direct business communications and client engagements.

How We Use Your Information

We use personal information only for legitimate business purposes:

Responding to inquiries and providing service information
Managing client relationships and delivering contracted services
Fulfilling contractual obligations
Legal and regulatory compliance
Improving our services based on feedback

How We Share Your Information

Qodecraft does not sell, rent, or trade your personal information.

We share information only in these limited circumstances:

Client-Authorized Transfers: Client data may be shared with our Pakistan team only with explicit written client authorization for staff augmentation projects
Partner Collaborations: Information necessary to deliver services, subject to confidentiality agreements
Legal Requirements: When required by law, court order, or government request
Business Transitions: In the event of merger or acquisition (with notification to affected parties)

International Data Transfers

Qodecraft operates from Texas, USA, with presence in Pakistan.

Client data transfers to Pakistan occur only with explicit client authorization
All international transfers are governed by data processing agreements with Standard Contractual Clauses
We transfer only minimum necessary data for authorized project work
For international clients, data is processed primarily in Texas; Pakistan processing requires separate authorization

Data Retention

Active Clients: Duration of business relationship
Completed Projects: 7 years after completion
General Inquiries: 2 years
Legal Requirements: As required by law

Data Security

We implement appropriate security measures including:

Secure storage with access controls
Encryption for data transmission
Employee confidentiality agreements
Regular security assessments
Limited access on need-to-know basis

Data Breach Notification: We will promptly notify affected individuals of any data breach as required by law.

Your Privacy Rights

You have the right to:

Access copies of your personal data
Correct inaccurate or incomplete information
Delete your data (subject to legal retention requirements)
Restrict how we process your data
Object to certain processing activities
Portability of your data in portable format
Withdraw consent at any time

Contact us at info@qodecraft.com to exercise these rights. We will respond within 30 days.

California Privacy Rights (CCPA/CPRA)

California residents have additional rights:

Right to Know: Categories and specific pieces of data collected, sources, purposes, and third parties involved
Right to Delete: Request deletion of personal data (with exceptions)
Right to Correct: Request correction of inaccurate data
Right to Non-Discrimination: No discrimination for exercising privacy rights

We do not sell personal information and have never sold personal information.

Categories We Collect: Identifiers (contact info), professional information (company/role/projects), basic internet activity (website analytics)

Business Purposes: Service delivery, communication, business operations, legal compliance

Submit requests to info@qodecraft.com. We will verify identity and respond within 45 days.

GDPR Compliance (EU/EEA Clients)

While Qodecraft doesn’t operate in the EU, we respect GDPR principles for all clients:

Legal Bases for Processing:

Contract performance
Legitimate business interests
Legal obligations
Explicit consent (where required)

EU/EEA Client Rights:

All rights listed above under “Your Privacy Rights”
Right to lodge complaints with your local Data Protection Authority
Right to object to automated decision-making (we don’t use this)

Data Transfers: EU/EEA client data transferred to the US is protected by Standard Contractual Clauses. Transfers to Pakistan require explicit authorization and additional safeguards.

Pakistan Data Protection (PDPA 2023)

Our Pakistan operations comply with the Personal Data Protection Act 2023:

Data processed in Pakistan limited to authorized client projects only
Security measures compliant with PDPA 2023
Pakistani data subjects have rights to access, correction, deletion, and complaint
We do not process data of individuals under 18

Additional Information

Third-Party Links: Our Website may link to third-party sites. We are not responsible for their privacy practices.

Children’s Privacy: Our services are not directed to individuals under 18. We do not knowingly collect children’s information.

Policy Updates: We may update this policy periodically. Material changes will be communicated via website notice or email, with the “Last Updated” date revised.