We have designed our business model around the dignity and privacy of individuals. We have adopted rigorous physical, technical, procedural, and legal safeguards to protect your information. We encrypt your information, we don't sell your information, we limit internal and external access to your information, and if you close your account we remove personally identifiable information from our system.
Codias and our affiliates may collect information about you when you use our applications, websites, other products and services, and through other interactions and communications you have with us (collectively "Services"). We use this information to provide, maintain, protect, and improve our Services.
Personal Information: We may collect personal information about you such as your name, email, phone, address, sex, age, and other similar types of information when you use our Services. Most of this information is used on your profile so other users can find, connect, and interact with you on our network, but we also use it to communicate with you and for other similar purposes. If you ever choose to close your account, we remove your personally identifable information.
Content Information: We may collect content that you create and provide while using our Services such as cables, posts, images, videos, actions you take, and other similar types of information. We use your content primarily to display to other users on our network. When you send a private message, only the recipient(s) can view your content. When you send a cable to your coalition, every member of your coalition can view your content.When you post intelligence, every user on Codias can view your content. Your intelligence headline, intelligence photo, and intelligence URL may be shared outside of Codias, but the body of your intelligence will only be viewable to logged in users of Codias. If you choose to make your intelligence post public, then any user on the Internet can view your content and the body of your intelligence post may be indexable by search engines (by default, we make all intelligence posts private to provide you with additional protection).
Technical Information: We may collect information about your devices, email and SMS usage for our Services, and other similar types of information contained in server logs and related sources. We use this information to understand how you and other users interact with our Services, so we can improve our Services in the future. We also use this information to protect you and other users from external and inside threats, and to resolve technical issues that inevitably arise in the context of software development.
Third-Party Information: We may collect and combine information about you from third-party sources. For example, if you choose to import contacts, integrate your social media accounts, or if you engage with a separate app or website that uses our API (or whose API we use), we may receive information about you or your connections from the third-party. We use this information to deliver and enhance our Services.
Service Information: We may collect information about the planning and execution of any political campaign if you contact or attempt to contact one of our employees or partners online or offline about our campaign design services. We use this information to deliver and improve our Services.
Personnel Information: If you apply for a position with Codias or apply to become a service provider in our network, we may collect information about your identity, background, experience, character, eligibiity, references, credit history, and criminal history directly from you, from professional screening services, and/or from other public sources. We use this information to assess your application and to protect our users.
We are serious about protecting your information and have taken extraordinary steps to protect your information from both external and internal threats.
Physical Premises: Your information must physically reside somewhere and those premises must be protected. We host your information in the physical data centers operated by Amazon Web Services which has developed one of the premier data security regimes in the world and can provide a level of protection for your information that we simply cannot provide on our own at this time.
Data Encryption: We employ a variety of technical safeguards to protect your information. We encrypt all traffic sent to or from our servers (data in motion) using an Extended Verification SSL Certificate issued by DigiCert which features the maximum 256-bit encryption with the SHA-2 hashing algorithm. We encrypt your sensitive information while it is being stored (data at rest) using the AES-256 encryption standard with the bcrypt hashing algorithm.
Strong Passwords: We require all users to use strong passwords which must have 8 or more characters and include upper and lowercase letters, and at least one number. To prevent bruteforce attacks, we limit the number of unsuccessful logins to 10 attempts before you are required to reset your password using your email account that we have on file.
Two-Step Verification: To prevent a third-party who may gain access to your password from accessing your account, we equip you with an advanced security option called "two-step verification" that requires both a password and a secret code that is sent to your device in order to login successfully. In other words, even if someone obtains your password, they would still need access to your device to access your account.
Employee Security: We conduct background checks on prospective employees and we place access controls on our Services so employees can only access information that they "need to know". Employees never have access to your sensitive information. We require all employees to sign non-disclosure agreements and all independent contractors are required to meet minimum privacy standards. We log and monitor all API calls to our servers so we can audit and detect any irregularities. For employees and independent contractors who provide campaign services, we also require them to use encrypted harddrives, two-step verification, and virtual private networks when using third-party networks.
Vendor Security: We require third-party vendors to sign non-disclosure agreements and/or to meet certain minimum privacy standards. We have also sought to limit our reliance on third-party vendors to the maximum extent possible in order to minimize external risks to your information.