### Privacy Policy for CODEWLAB Products **Last Updated April 2026** --- Preamble and Scope This Privacy Policy explains how CODEWLAB collects, uses, stores, protects, discloses, and deletes data in connection with the software products and related services offered by CODEWLAB (the "Products"). It applies to all users worldwide and to all environments in which the Products operate, including desktop clients, installers, test environments, and future platform extensions. By using any CODEWLAB Product you acknowledge that you have read and accepted this Policy. --- Core Commitments and High Level Summary Primary focus on technical data — CODEWLAB’s routine operations rely on technical, diagnostic, security, and anonymized usage data to provide, secure, and improve the Products. Message content and user files — in normal operation, user files and message contents (where applicable) are not accessed or analyzed for product improvement or advertising. No advertising or profiling — we do not sell user data, do not use data for advertising, and do not build marketing profiles. Limited, documented exceptions — narrow exceptions permit access to user data for lawful orders, user‑authorized support, or serious abuse investigations; all such accesses are logged and justified. Developer and privacy contact — for developer and privacy inquiries contact codewhisperlab24@gmail.com. Deleted cloud files — files deleted from optional cloud services may be recoverable for a limited window (see section below) subject to verification and legal review. Products designed for restricted use — many CODEWLAB Products are intended for private or organizational use; minimal moderation and privacy-preserving defaults are applied where relevant. Abuse prevention and sanctions — we may restrict privileges, access data for investigations, or remove accounts when necessary to protect users and the service. --- Definitions and Guiding Principles Definitions - "Products" means CODEWLAB software, installers, and associated services. - "User" means any person using the Products. - "Device" means hardware used to access the Products. - "Personal Data" means any information relating to an identified or identifiable person. - "Processing" means collection, storage, use, disclosure, or deletion of data. Principles - Data minimization — collect only what is necessary for operation, security, and maintenance. - Purpose limitation — use data only for the purposes described in this Policy. - Transparency — disclose categories of data, purposes, retention, and user rights. - Security and accountability — apply safeguards and maintain records of processing activities. - Lawful compliance — respond to lawful requests from authorities and comply with applicable law. --- Categories of Data Collected and Purposes Device and Technical Data - Examples: device model, OS version, app version, language settings, device capabilities. - Purpose: compatibility, update planning, troubleshooting, and performance optimization. Log and Diagnostic Data - Examples: crash reports, error traces, timestamps, connection logs. - Purpose: debugging, stability improvements, and incident analysis. Security and Abuse Data - Examples: IP addresses in security contexts, authentication events, rate limiting records. - Purpose: detect and prevent attacks, fraud, and unauthorized access. Usage Metadata - Examples: timestamps, file sizes, delivery status, pseudonymized identifiers. - Purpose: routing, delivery confirmation, device synchronization, troubleshooting. Aggregated and Anonymized Usage Metrics - Examples: feature usage counts, aggregated performance metrics. - Purpose: product improvement and engineering prioritization; data is aggregated to avoid identifying individuals. Support Data Provided by Users - Examples: screenshots, logs, or descriptions voluntarily submitted to support. - Purpose: resolving user issues; processed only with user consent or clear user action. --- Special Operational Policies and Guarantees Deleted Cloud Files and Recovery Window - Files deleted from optional cloud services are retained in a recoverable state for a standard 30 day window to allow legitimate recovery requests. - Recovery process: users request restoration, provide justification, and pass identity checks. Restoration is performed by authorized personnel, logged in an immutable audit trail, and the user is informed of the decision. After 30 days files are deleted or irreversibly anonymized unless legal obligations require longer retention. Minimal Moderation for Private/Organizational Use - Design intent: many CODEWLAB Products are built for private groups or organizational use with privacy-preserving defaults. - Operational limits: minimal moderation does not mean lawless operation. CODEWLAB enforces rules to comply with law, protect users, and prevent serious harm. Access to Data in Serious Cases - Scope: in serious incidents such as credible threats, large scale abuse, or lawful orders, authorized personnel may access specific user data to investigate and remediate the incident. - Controls: access is limited to personnel with documented need, requires supervisory approval, and is recorded in an immutable audit log that captures who accessed what, when, and why. - Notification: where legally permitted, affected users will be notified of access and the reasons. Sanctions, Privilege Restrictions and Account Removal - Temporary measures: on detection of suspicious or abusive behavior CODEWLAB may temporarily restrict account privileges or disable specific features. - Permanent measures: for severe or repeated violations CODEWLAB may permanently restrict access to features or remove accounts from the service. - Due process: actions follow documented internal procedures; users are informed and may appeal. --- Legal Bases, Retention and Deletion Legal Bases for Processing - Contractual necessity: processing required to provide software functionality, updates, synchronization, and authentication. - Legitimate interests: security, fraud prevention, abuse detection, service improvement, and platform integrity. - Consent: obtained where required for optional diagnostics or non-essential cookies. - Legal obligations: compliance with lawful requests from authorities or court orders. Retention Examples - Log and diagnostic data: typically 90 days, extended for incident investigation as needed. - Security and abuse data: typically 180 days, extended for ongoing investigations. - Support case data: retained until case resolution plus a defined retention period, e.g., 12 months. - Deleted cloud files: recoverable for 30 days; thereafter deleted or anonymized. User Deletion Requests - Users may request deletion of their account and personal data; we comply subject to verification and legal constraints. Some data may remain in anonymized or aggregated form for legitimate purposes. --- Security Measures and Risk Mitigation Encryption - CODEWLAB uses strong end-to-end and at-rest encryption where applicable. Cryptographic details and algorithms are documented for enterprise customers on request. Access Controls - Role based access control for staff and least privilege principles. - Multi factor authentication for administrative access. Monitoring, Incident Response and Audits - Continuous monitoring for anomalies and automated alerts. - Defined incident response procedures and forensic capabilities. - Regular internal and external security assessments including penetration tests. Design for Misuse Reduction - Rate limiting, anomaly detection, and automated defenses to make misuse difficult. Technical controls are combined with human review and legal processes. --- Third Party Processors, Transfers and Cookies Third Party Processors - We engage processors for hosting, monitoring, analytics (limited and anonymized), and support. Processors act only on our instructions and are contractually bound to protect data. We do not share data with third parties for advertising or profiling. International Transfers - Where data is transferred across borders we implement appropriate safeguards such as contractual clauses or technical protections. Cookies and Similar Technologies - Types used: essential cookies for session management and optional analytics cookies for aggregated performance metrics. - Consent: non-essential cookies are set only after user consent; users can change cookie preferences. --- User Rights, Transparency and Contact User Rights - Rights where applicable include access, rectification, deletion, restriction, objection, portability, and withdrawal of consent. Users may also lodge complaints with supervisory authorities. How to Exercise Rights - Contact: codewhisperlab24@gmail.com for privacy and developer inquiries. - Postal contact: CODEWLAB Privacy Team, [insert postal address]. - We verify requests to prevent unauthorized disclosures and respond within applicable legal timeframes. Transparency and Accountability - We maintain records of processing activities and access logs. - We perform periodic audits of security and privacy practices and document remediation actions. - Significant incidents are reported to affected users and authorities as required by law. --- Law Enforcement, Children and Policy Changes Law Enforcement and Legal Requests - We respond to lawful requests from public authorities to the extent required by law. Requests are reviewed for legal sufficiency; we push back on overbroad requests where permitted and notify users unless prohibited by law. All disclosures are logged. Children and Minors - CODEWLAB Products are not intended for children under 16 unless parental consent is provided where required by law. We do not knowingly collect data from children without appropriate consent. Changes to This Policy - We may update this Policy. Material changes will be communicated to users and posted with a revised Last Updated date. Continued use after changes constitutes acceptance. --- Closing Summary - CODEWLAB primarily processes technical, diagnostic, security, and anonymized usage data. - User content is not used for analytics in normal operation. - Deleted cloud files can be restored within a limited recovery window subject to verification. - In cases of suspicious or abusive behavior CODEWLAB may restrict privileges, access data for investigation, or remove accounts following documented procedures. - Developer and privacy contact: codewhisperlab24@gmail.com