Legal

Privacy Policy

Last updated · June 1, 2026

This Privacy Policy explains how Konstantin Gäbler ("we", "us") collects, uses, and protects your personal data when you use the Coda software or visit coda-apps.com. We process data in accordance with the EU General Data Protection Regulation (GDPR).

1. Data Controller

Konstantin Gäbler
[Address — to be added once impressum service is activated]
Email: [email protected]

2. Data We Collect

When you purchase or use Coda, we collect:

Email address, for license delivery and account access via magic-link login
Payment information, processed by our payment provider acting as Merchant of Record. We do not store full card details ourselves.
License activation data, including a hardware identifier (used to bind your license to your device) and activation timestamps
Server logs, including IP address and user agent, for security and abuse prevention
Affiliate referral cookies (if applicable), to attribute purchases to referring partners

3. Purpose and Legal Basis

We process data for:

Contract performance: delivering your license, processing payment, providing customer support (Art. 6(1)(b) GDPR)
Legal obligation: tax records and accounting retention (Art. 6(1)(c) GDPR)
Legitimate interest: fraud prevention, abuse mitigation, license enforcement, service improvement (Art. 6(1)(f) GDPR)

4. Third Parties We Share Data With

Recipient	Purpose	Location
Paddle.com Market Limited	Payment processing	EU / US
Resend, Inc.	Transactional email delivery	US
Netcup GmbH	Server hosting	EU (Germany)

All transfers outside the EU are protected by standard contractual clauses or equivalent safeguards.

5. Data Retention

License and purchase records: kept as long as required by German tax law (10 years)
Active session cookies: 30 days
Affiliate referral cookies: 30 days (only set after consent)
Cookie-consent record: 180 days
Server logs: 90 days
Magic-link tokens: 15 minutes (then deleted on use or expiry)

6. Your Rights

Under GDPR, you have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data, subject to legal retention requirements
Object to processing based on legitimate interest
Data portability
Lodge a complaint with a supervisory authority (in Germany: your state's data protection authority)

To exercise these rights, contact us at [email protected].

7. Cookies

We split cookies into two categories. Strictly necessary cookies are required for the service to function and load without prompting. Optional cookies require your consent via the banner shown on your first visit.

Strictly necessary

coda_customer: stores your account session after magic-link login (30 days, HttpOnly)
coda_consent: stores the outcome of the cookie-consent banner (180 days)

Optional (consent required)

coda_ref: stores an affiliate referral code so a partner who referred you is credited if you later purchase (30 days). Set only after you click "Accept".

You can withdraw consent at any time by clearing the coda_consent cookie in your browser settings — the banner will reappear on your next visit.

We also use Plausible Analytics for aggregate visitor counts. Plausible is cookie-free, does not collect personal data, and does not require consent.

8. Security

We use HTTPS for all connections, hash sensitive tokens (magic links) before storage, and follow security best practices. No system is 100% secure; if a breach occurs that affects your data, we will notify you and the supervisory authority as required by GDPR.

9. Children's Privacy

Coda is not intended for use by individuals under 16. We do not knowingly collect data from children.

10. Changes to This Policy

Material changes will be communicated via email or via the Website. The "Last updated" date at the top of this page reflects the latest revision.

11. Contact

[email protected]