CoDevs AIGet Estimate
Not sure which service fits? We will help you figure it out.Talk to Us
CoDevs AI
Get Estimate
Legal

Privacy Policy

Effective Date: March 9, 2026 | Last Updated: March 9, 2026

CoDevs AI ("we," "our," or "us") operates the website codevsai.com (the "Site"). This Privacy Policy explains how we collect, use, store, and protect your information when you visit our Site, use our services, or interact with our AI-powered estimation tools. By using our Site, you agree to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily submit through our Site, including:

  • Contact Form Data: When you submit a contact or inquiry form, we collect your full name, email address, phone number, company name, country, budget range, message content, and selected service type.
  • AI Estimation Chat Data: When you use our AI-powered project estimation feature, we collect the project requirements, descriptions, preferences, and technical specifications you provide during the interactive chat session. This includes all messages exchanged during the estimation conversation.
  • NDA and Digital Signature Data: If you choose to sign a Non-Disclosure Agreement (NDA) through our estimation tool, we collect your name, job title, company name, email address, and digital signature image.
  • Communication Data: Any information you provide when contacting us via email or other communication channels.

1.2 Information Collected Automatically

When you visit our Site, we may automatically collect certain technical and usage information:

  • Session and Authentication Data: We use session cookies to manage your authentication state when accessing protected areas of our Site.
  • Attribution and Referral Data: We collect first-touch attribution data including UTM parameters (source, medium, campaign), referring website URL, landing page URL, and the page from which a form was submitted. This data helps us understand how visitors find our Site.
  • Ad Click Identifiers: If you arrive at our Site through an advertising link, we may capture click identifiers such as Google Click ID (gclid), Facebook Click ID (fbclid), or Microsoft Click ID (msclkid).
  • Browser and Device Information: Standard technical information transmitted by your browser, such as your IP address, browser type, operating system, and device type, may be collected through server logs or analytics services.

1.3 Information from Third-Party Analytics

We may use Google Tag Manager (GTM) and associated analytics services to collect aggregated usage data about how visitors interact with our Site. These services may set their own cookies and collect data according to their respective privacy policies.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To respond to your inquiries, provide project estimates, prepare proposals, and deliver our web application development services.
  • AI-Powered Estimation: To generate automated project cost and timeline estimates using artificial intelligence. Your project descriptions are processed by AI language models to produce estimation reports.
  • Lead Management: To track and manage business inquiries through our internal CRM system, including assigning lead statuses, recording activity history, and facilitating follow-up communications.
  • Client Relationship Management: To convert qualified leads into client records and manage ongoing project relationships.
  • Marketing Attribution: To analyze how visitors discover our Site and to measure the effectiveness of our marketing efforts.
  • Communication: To send you project updates, proposals, estimates, and other service-related communications. We do not send unsolicited marketing emails unless you have explicitly opted in.
  • Site Improvement: To analyze usage patterns and improve the functionality, content, and user experience of our Site.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.

3. AI Processing and Third-Party AI Services

Our AI estimation feature uses third-party artificial intelligence services to process your project requirements and generate cost estimates. This involves the following:

  • AI Language Models: Your project descriptions and chat messages are sent to third-party AI providers (such as OpenAI, Anthropic, Google, or other large language model providers) for processing. These providers process the data to generate responses, research, and estimation outputs.
  • Research Services: We may use AI-powered research services (such as Perplexity AI) to gather market data and technical information relevant to your project estimation. Your project descriptions may be included in research queries.
  • Data Minimization: We send only the information necessary for generating your estimate. We do not share your personal contact details (email, phone number) with AI processing services -- only project-related descriptions and requirements.
  • No AI Training: We use API-tier access to AI services, which means your data is not used to train the AI models under the terms of service of these providers.

4. Cookies and Tracking Technologies

4.1 Essential Cookies

We use essential cookies that are strictly necessary for the operation of our Site:

  • Session Cookies: We use a session cookie (managed by NextAuth.js) to maintain your authentication state if you log in to any protected area of our Site. This cookie is essential for security and cannot be disabled.
  • Session Storage: We use browser session storage (not cookies) to store first-touch attribution data. This data is not persistent and is cleared when you close your browser tab.

4.2 Analytics Cookies

If Google Tag Manager is configured on our Site, third-party analytics cookies may be set by Google Analytics or similar services. These cookies collect anonymized usage data to help us understand how visitors use our Site. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

4.3 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse cookies or to alert you when cookies are being sent. Please note that disabling essential cookies may impair the functionality of certain features on our Site.

5. Data Storage and Security

  • Data Storage: Your information is stored in a PostgreSQL database hosted on a secured virtual private server (VPS). The server is protected by SSL/TLS encryption (HTTPS), firewall rules, and access controls.
  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
  • Access Controls: Access to personal data within our admin systems is restricted to authorized personnel only, protected by role-based access controls and secure authentication.
  • Password Security: Administrative passwords are securely hashed and never stored in plain text.
  • Audit Logging: We maintain immutable audit logs of lead status changes and key system events for accountability and traceability.

While we implement industry-standard security measures, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

  • Lead and Client Data: We retain lead and client information for as long as necessary to fulfill the purposes for which it was collected, including maintaining ongoing business relationships, completing projects, and complying with legal obligations. Inactive lead data is retained for up to 3 years from the last interaction unless you request earlier deletion.
  • Estimation Session Data: AI estimation chat sessions, including conversation history and generated reports, are retained for up to 2 years to support project follow-ups and service improvement.
  • NDA Records: Signed NDAs and associated digital signatures are retained for the duration specified in the NDA terms, or for at least 5 years, to meet contractual and legal obligations.
  • Attribution Data: Marketing attribution data is retained as part of the lead record for the same duration as lead data.
  • Audit Logs: System audit logs are retained indefinitely for compliance and accountability purposes.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

  • AI Service Providers: As described in Section 3, project-related data is sent to AI service providers for estimation processing.
  • Infrastructure Providers: Our hosting provider has physical access to the servers where data is stored, subject to their own security and privacy obligations.
  • Email Services: If we send you emails (e.g., proposals, estimates, or project updates), your email address is processed by our SMTP email service.
  • Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity, subject to the same privacy protections.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right to Access: You may request a copy of the personal information we hold about you.
  • Right to Correction: You may request that we correct any inaccurate or incomplete personal information.
  • Right to Deletion: You may request that we delete your personal information, subject to our legal obligations and legitimate business interests. Note that certain records (such as signed NDAs and audit logs) may be exempt from deletion requests due to legal retention requirements.
  • Right to Restriction: You may request that we restrict the processing of your personal data under certain circumstances.
  • Right to Data Portability: You may request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to Object: You may object to the processing of your personal data for specific purposes, including direct marketing.

To exercise any of these rights, please contact us using the information provided in Section 11 below. We will respond to your request within 30 days.

9. International Data Transfers

Our servers are hosted in a single location. If you access our Site from outside the country where our servers are located, your data will be transferred internationally. By using our Site and submitting your information, you consent to this transfer. We take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

10. Children's Privacy

Our Site and services are designed for businesses and are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete it promptly.

11. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your information is handled, please contact us:

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this Privacy Policy periodically. Your continued use of our Site after any changes constitutes your acceptance of the updated Privacy Policy.