Legal · Privacy

Privacy Policy

We treat your information the way we'd want ours treated — with restraint, transparency, and a working brain. This page is the long version of that promise.

Last updated2026-05-08Effective2026-05-08
01

Introduction

CodeCabs (“CodeCabs”, “we”, “our”, or “us”) is an IT solutions company headquartered in Colombo, Sri Lanka. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit codecabs.com, contact us, or engage us for services.

By using our website or services, you confirm that you have read and agree to the practices described in this policy. If you do not agree, please refrain from using our services.

02

Information we collect

Information you provide

  • Contact form submissions: name, work email, company, phone number, project type, budget range, and the details you write in the message field.
  • Project engagements: business information, project briefs, technical specifications, brand assets, login credentials you choose to share, and any other materials required for the work.
  • Communications: emails, calls, meeting notes, and messages exchanged via WhatsApp, LinkedIn, or scheduling tools.

Information collected automatically

  • Usage data: pages visited, session duration, referring URLs, and interactions with our website.
  • Device data: browser type, operating system, language, and device identifiers.
  • Network data: IP address and approximate location (city / country level).
  • Cookies and similar technologies — see Section 9.

Information from third parties

We may receive information about you from analytics providers, identity verification services, payment processors, and publicly available business directories — used only to support our legitimate business operations.

03

How we use your information

We use the information we collect to:

  • Respond to inquiries and provide quotes.
  • Deliver, maintain, and improve our services under signed Statements of Work.
  • Communicate project updates, milestones, invoices, and support.
  • Operate, secure, and enhance our website and internal systems.
  • Comply with legal, regulatory, and contractual obligations.
  • Send marketing communications — only if you have explicitly opted in, and you may unsubscribe at any time.
  • Detect and prevent fraud, abuse, or unauthorized activity.

We do not use your information for automated decision-making that produces legal or similarly significant effects.

05

How we share information

We do not sell or rent personal information. We share information only in the limited circumstances below:

  • Service providers we rely on to run our business — cloud hosting, email delivery, analytics, customer relationship management, and project tools. They are contractually bound to confidentiality and to use information only as instructed.
  • Professional advisors — legal, accounting, and insurance advisors operating under professional confidentiality obligations.
  • Authorities — when required by law, regulation, court order, or to protect our rights, property, or safety.
  • Business transfers — in connection with a merger, acquisition, financing, or sale of assets, with safeguards to preserve confidentiality.
06

Data security

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit (TLS), access controls based on the principle of least privilege, periodic credential rotation, secrets management, and monitoring of unusual activity.

No system is 100% secure. If we become aware of a breach affecting your personal information, we will notify you and the appropriate authorities as required by law.

07

Data retention

We retain personal information only as long as necessary for the purpose for which it was collected:

  • Inquiries that do not become engagements: 12 months, then deleted unless you request earlier removal.
  • Active client records: for the duration of the engagement and up to 3 years after final invoice for tax, audit, and warranty purposes.
  • Marketing data: until you withdraw consent.
  • Legal records: for the period required by applicable law.

When the retention period ends, we delete or irreversibly anonymize the data.

08

Your rights

Subject to applicable law, you have the following rights over your personal information:

  • Access — obtain a copy of the data we hold about you.
  • Correction — request that we fix inaccurate or incomplete data.
  • Deletion — request erasure where no overriding obligation requires us to keep it.
  • Restriction — limit how we use your data while a request is being resolved.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests or for direct marketing.
  • Consent withdrawal — at any time for processing based on consent.
  • Complaint — lodge a complaint with the relevant data protection authority.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

09

International data transfers

We are based in Sri Lanka and may use service providers located in other jurisdictions, including the European Economic Area, the United Kingdom, the United States, and Asia-Pacific. Where personal information is transferred outside its country of origin, we take reasonable measures to ensure it remains protected at a level consistent with this policy and applicable law — including standard contractual clauses where required.

10

Cookies and tracking

We use the following categories of cookies and similar technologies:

  • Essential cookies — required for the website to function (security, session, preferences). These cannot be disabled.
  • Analytics cookies — help us understand how visitors use the site so we can improve it. Used only with consent.
  • Marketing cookies — used to measure the effectiveness of campaigns. Used only with explicit consent.

You can control cookies through your browser settings. Disabling essential cookies may affect site functionality.

11

Children’s privacy

Our website and services are not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal data, contact us and we will delete it.

12

Third-party links and services

Our website may link to third-party websites or embed third-party services (e.g., LinkedIn, Calendly, WhatsApp, Google services). Their privacy practices are governed by their own policies, and we are not responsible for their content or data handling.

13

Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. Material changes will be communicated through a notice on our website or by email at least 30 days before they take effect.

14

Contact us

For privacy-related questions, requests, or complaints, contact us:

Read next

Terms of Service

How we engage, what we deliver, and the rules that govern our work together.

Continue reading