Privacy Policy
CODOCS
Privacy Policy
Last updated: 17/02/26
1. Who We Are
CoDocs is operated by Hostmatters.nl, located in Amsterdam, the Netherlands. We act as the data controller for personal data processed through the Service.
For privacy-related inquiries, contact us at: support@codocs.nl
2. What Data We Collect
| Data | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Email address | Account creation, login verification, share notifications | Contract performance |
| Password (hashed) | Authentication | Contract performance |
| IP address | Security, audit logging, abuse prevention | Legitimate interest |
| User agent | Security, audit logging | Legitimate interest |
| File metadata | File name, size, type — to provide the Service | Contract performance |
| Audit log entries | Uploads, downloads, shares, logins — security and accountability | Legitimate interest |
3. What We Do Not Collect
We do not use cookies for tracking or advertising. We do not use third-party analytics services. We do not collect payment data directly — if payment processing is introduced, it will be handled by a certified third-party payment processor. We do not access or analyse the content of your uploaded files.
4. How We Use Your Data
We use your personal data exclusively to provide and secure the Service: to authenticate you, to deliver files you share, to send share notifications, to log security events, and to prevent abuse. We do not use your data for marketing, profiling, or advertising.
5. File Content
Your files are encrypted at rest using AES-256-GCM with per-file encryption keys. We do not access, view, scan, or analyse the content of your files. File content is only decrypted when you or an authorised recipient downloads a file.
6. Data Sharing with Third Parties
We do not sell, rent, or share your personal data with third parties, except:
a) When you create a share link, the recipient's email address is used to send a notification. The recipient can see your email address as the sender.
b) When required by law, court order, or lawful request from a competent authority.
c) With infrastructure providers strictly necessary to operate the Service (hosting, email delivery), under data processing agreements that ensure GDPR compliance.
7. Where Your Data Is Stored
All data — including your files, account information, and audit logs — is stored on servers located in the European Union (the Netherlands and Germany). Your data does not leave the EU.
8. How Long We Keep Your Data
| Data | Retention |
|---|---|
| Account data | Until you delete your account |
| Uploaded files | Until you delete them, or 30 days after account deletion |
| Soft-deleted files | Permanently removed after 30 days |
| Audit logs | 12 months, then anonymised or deleted |
| Expired OTP codes | Deleted within 24 hours |
9. Your Rights (GDPR)
Under the General Data Protection Regulation, you have the right to:
Access — request a copy of the personal data we hold about you.
Rectification — request correction of inaccurate data.
Erasure — request deletion of your data ("right to be forgotten"). You can delete your account and files at any time.
Data portability — request your data in a structured, machine-readable format.
Restriction — request that we limit processing of your data.
Objection — object to processing based on legitimate interest.
Complaint — lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
To exercise any of these rights, contact us at [EMAIL ADDRESS]. We will respond within 30 days.
10. Security Measures
We protect your data with: AES-256-GCM encryption at rest, bcrypt password hashing, email-based one-time passwords for every login, rate limiting on authentication endpoints, HTTPS enforcement, CSRF protection, and comprehensive audit logging.
11. Children
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the Service after changes constitutes acceptance of the updated policy.
13. Contact
For any privacy-related questions or to exercise your rights:
Hostmatters.nl
Amsterdam, the Netherlands
support@codocs.nl
This Privacy Policy applies solely to the CoDocs service and does not cover third-party websites or services linked from within the Service.