We have designed our business model around the dignity and privacy of individuals. We have adopted rigorous physical, technical, procedural, and legal safeguards to protect your information. We encrypt your information when in transit, we don't sell your information, we limit internal and external access to your information, and if you ever need to close your account we remove your personally identifiable information.
Codias and our affiliates may collect information about you when you use our applications, websites, other products and services, and through other interactions and communications you have with us (collectively "Services"). We use this information to provide, maintain, protect, and improve our Services.
2.1 Personal Information
We may collect personal information about you such as your name, email, phone, address, sex, age, and other similar types of information when you use our Services. Most of this information is used on your profile so other users can find, connect, and interact with you on our network, but we may also use it to communicate with you and for other similar purposes. If you ever choose to close your account, we remove your personally identifable information.
2.2 Content Information
We may collect content that you create and provide while using our Services such as updates, news, blogs, messages, images, videos, actions you take, and other similar types of information. We use your content primarily to display to other users on our network. When you send a message, the only member that can view your message is the recipient(s). When you post an update, the only members who can view your post are allies who you have chosen to connect with. When you post news or a blog, every member on Codias can view your post. When you post news and blogs, you may choose to make them visible to the public Internet. If you choose to make your content viewable by the public Internet, any user on the Internet can view your content and your content may be indexable by search engines.
2.3 Sensitive Information
2.4 Technical Information
We may collect technical information about your usage of our Services, such as your device, browser, and other similar types of information contained in server logs and related sources. We use this information to understand how you and other users are using and interacting with our Services, so we can optimize and improve our Services in the future. We also use this information to protect you and other users from external and inside threats, and to resolve technical issues that inevitably arise in the context of software development.
2.5 Third-Party Information
We may collect and combine information about you from third-party sources. For example, if you choose to import contacts, integrate your social media accounts, or if you engage with a separate app or website that uses our API (or whose API we use), we may receive information about you or your connections from the third-party. We use this information to deliver and enhance our Services.
2.6 Cookie Information
We are serious about protecting your information and have taken extraordinary steps to protect your information from both external and internal threats.
3.1 Physical Premises
Your information must physically reside somewhere and those premises must be protected. We host your information in the physical data centers operated by Amazon Web Services which has developed one of the premier data security regimes in the world and can provide a level of protection for your information that we simply cannot provide on our own at this time.
3.2 Data Encryption
We employ a variety of technical safeguards to protect your information. We encrypt all traffic sent to or from our servers (data in transit) using an Extended Verification SSL Certificate issued by DigiCert which features the maximum 256-bit encryption with the SHA-2 hashing algorithm. We encrypt your sensitive information while it is being stored (data at rest) using the AES-256 encryption standard with the bcrypt hashing algorithm.
3.3 Strong Passwords
We require all users to use strong passwords which must have 6 or more characters and include upper and lowercase letters, and at least one number. To prevent bruteforce attacks, we limit the number of unsuccessful logins to 10 attempts before you are required to reset your password using your email account that we have on file.
3.4 Two-Step Verification
To prevent a third-party who may gain access to your password from accessing your account, we equip you with an advanced security option called "two-step verification" that requires both a password and a secret code that is sent to your device in order to login successfully. In other words, even if someone obtains your password, they would still need access to your device to access your account.
3.5 Employee Security
We place strict access controls on our Services so employees can only access information that they "need to know". Employees never have access to your sensitive information. We require all employees to sign non-disclosure agreements and all independent contractors are required to meet minimum privacy standards. We log and monitor all API calls to our servers so we can audit and detect any irregularities.
3.6 Vendor Security
We require third-party vendors to sign non-disclosure agreements and/or to meet certain minimum privacy standards. We have also sought to limit our reliance on third-party vendors to the maximum extent possible in order to minimize external risks to your information.