Preamble
The present General Privacy Policy (hereinafter the “Policy”) explicates the manner in which CodeFryDev (hereinafter the “Service Provider”, “we”, “us”, or “our”) collects, uses, stores, discloses, and otherwise processes information in connection with the CodeFryDev Ecosystem—the portfolio of websites, browser-based tools, online games, artificial intelligence interfaces, design utilities, educational platforms, application programming interfaces, and mobile applications accessible via codefrydev.in and related channels.
This Policy applies uniformly across all web-based Digital Properties enumerated in Terms Schedule E unless a Product-Specific Privacy Policy expressly provides otherwise. It should be read in conjunction with the General Terms and Conditions of Use , Cookie Policy , Community Code of Conduct Instrument , and Security Policy .
Dissent and Immediate Cessation of Use
Should the User withhold assent to any provision of this Policy—including the collection of analytics data via Google Analytics and Microsoft Clarity, cross-product session correlation, or international data transfers—the User is under an immediate obligation to cease all use of CodeFryDev Digital Properties: terminate browser sessions, uninstall any Application, and refrain from subsequent access. Continued utilisation shall constitute conclusive acceptance of this Policy to the extent mandated by applicable law.
1. Scope, Applicability, and Data Controller Designation
Data Controller: CodeFryDev
Correspondence: codefrydev@gmail.com
Grievance Officer (India): codefrydev@gmail.com
— subject “Grievance – Privacy”
Governing Terms: General Terms
The Service Provider acts as data controller for Personal Data processed through its proprietary Digital Properties. Third-party analytics providers function as data processors (subprocessors) pursuant to contractual arrangements.
The Service Provider does not sell Personal Data. The Service Provider does not share Personal Data for cross-context behavioural advertising as defined under California law, unless expressly disclosed and consented to in the future.
2. Taxonomy of Information Collected and Processed
2.1 Information Furnished Voluntarily by the Data Subject
Depending upon the Digital Property accessed, the User may furnish:
- account registration particulars (username, electronic mail address, authentication credentials);
- feedback, support enquiries, defect reports, or security disclosures;
- content created, uploaded, or persisted within tools (notes, JSON, text, configurations);
- survey or form responses where such instruments are offered;
- open source contributions (via GitHub/GitLab — governed additionally by those platforms).
2.2 Information Collected Through Automated Modalities
Upon access to any web-based Digital Property, the Service Provider and its Analytics Services automatically collect:
- Internet Protocol (IP) address (which may be truncated or anonymised);
- browser type, version, language, and user-agent string;
- operating system and device category (desktop, mobile, tablet);
- referring URL and exit pages;
- pages viewed, features utilised, clicks, scroll depth, and session duration;
- date and time stamps of access;
- approximate geographic region derived from IP address;
- error logs, crash reports, and performance metrics;
- cookie identifiers and analogous online identifiers.
2.3 Session Recording and Interaction Telemetry (Microsoft Clarity)
Through Microsoft Clarity (Project ID: mxr4hxioh4), the Service Provider collects interaction data that may encompass session replays, heatmaps, rage-click and dead-click indicators, and page element engagement metrics.
Caution: The User is expressly advised against entering authentication credentials, payment information, or sensitive personal identifiers into any CodeFryDev tool whilst session-recording technologies remain operative.
2.4 Statistical Usage Data (Google Analytics)
Through Google Analytics (Measurement ID: G-VM01Q3R43D), the Service Provider collects statistical usage data. See Google’s Privacy Policy
.
2.5 Categories of Information Not Intentionally Collected
The Service Provider does not intentionally collect government identification numbers, payment card numbers, or health records through general-purpose tools. The User must refrain from submitting such data into browser-based utilities.
3. Cross-Product Analytics and Session Correlation
Google Analytics and Microsoft Clarity are deployed at the platform level. User interactions may be correlated across multiple products within a single session. See Cookie Policy for control mechanisms.
4. Purposes of Processing and Corresponding Legal Bases
| Purpose | Examples | Typical Legal Basis |
|---|---|---|
| Service delivery | Operating tools, authentication | Contract performance |
| Analytics & improvement | GA, Clarity, A/B tests | Legitimate interest / consent |
| Security | Abuse detection, vulnerability response | Legitimate interest / legal obligation |
| Communication | Support, security notices | Contract / legitimate interest |
| Legal compliance | Lawful requests, grievances | Legal obligation |
| Open source collaboration | Issue/PR metadata on GitHub | Legitimate interest / platform terms |
5. Cookies, Local Storage, and Analogous Technologies
Particulars appear in the Cookie Policy . The Service Provider employs strictly necessary, analytics, and functional storage mechanisms.
Do Not Track / Global Privacy Control: Where legally mandated and technically feasible, the Service Provider honours browser signals opting out of non-essential tracking.
6. Disclosure, Sharing, and Subprocessor Arrangements
The Service Provider does not sell Personal Data. Subprocessors include:
| Subprocessor | Service | Privacy |
|---|---|---|
| Google LLC | Google Analytics | policies.google.com/privacy |
| Microsoft Corporation | Microsoft Clarity | privacy.microsoft.com |
| GitHub / GitLab (if used) | Source hosting | Platform privacy policies |
| Hosting & CDN providers | Infrastructure | As applicable |
Disclosure also occurs where mandated by law, to protect rights and safety, or during merger or acquisition subject to appropriate safeguards.
7. International and Cross-Border Data Transfers
Personal Data may be processed in India and other jurisdictions where the Service Provider or subprocessors maintain operations. Appropriate safeguards (Standard Contractual Clauses, equivalent measures) are employed where required by GDPR, UK GDPR, or India DPDP.
8. Data Retention and Erasure Schedules
| Data type | Retention |
|---|---|
| Analytics | Vendor defaults or shorter where configured |
| Session recordings | Limited UX review period |
| Accounts | While active + reasonable period after |
| Support tickets | As needed for resolution and compliance |
| Aggregated statistics | Indefinitely in anonymised form |
9. Data Subject Rights and Exercising Entitlements
Subject to applicable law, the User may request:
- access to Personal Data held by the Service Provider;
- rectification of inaccurate data;
- erasure (“right to be forgotten”);
- restriction of processing;
- data portability (structured, machine-readable format where feasible);
- objection to legitimate-interest processing;
- withdrawal of consent where consent constitutes the legal basis;
- lodgement of a complaint with a supervisory authority.
Lodgement of requests: codefrydev@gmail.com — subject “Privacy Rights Request”. The Service Provider may verify identity. Prescribed response period: 30 days.
10. Jurisdiction-Specific Disclosures and Compliance Modalities
10.1 India — Digital Personal Data Protection Act, 2023
Indian data principals may exercise rights of access, correction, erasure, and grievance redressal. Grievance Officer: codefrydev@gmail.com . Data is processed for lawful purposes with appropriate notices.
10.2 European Economic Area & UK — GDPR
Lawful bases encompass consent, contract, legitimate interests, and legal obligation. The User may lodge complaints with the local Data Protection Authority. International transfers rely upon appropriate safeguards.
10.3 California — CCPA / CPRA
California residents may request disclosure of categories collected, deletion, and correction. The Service Provider does not sell or share Personal Data for cross-context behavioural advertising. Non-discrimination applies to the exercise of privacy rights.
10.4 Other Jurisdictions
Additional rights may apply under local law. The Service Provider invites jurisdiction-specific inquiries.
11. Minors and Age-Restricted Processing
Digital Properties are not directed at persons under 16 years of age. The Service Provider does not knowingly collect data from children below applicable thresholds. Deletion requests may be submitted to the contact address above.
12. Security Safeguards and Incident Response
The Service Provider implements reasonable safeguards aligned with industry practice (informed by OWASP and cloud provider best practices). Vulnerabilities should be reported pursuant to the Security Policy . No information system is entirely impervious to compromise.
13. Personal Data Breach Notification Protocol
Where a Personal Data breach likely to affect data subject rights occurs, the Service Provider shall notify affected users and regulators as mandated by applicable law, describing the nature of the breach and remediation measures undertaken.
14. Artificial Intelligence, Automated Processing, and Algorithmic Systems
Artificial intelligence features may process prompts to generate outputs. The Service Provider does not utilise tool inputs to train third-party foundation models unless expressly disclosed for a specific product. Analytics may employ aggregated, anonymised usage patterns. No solely automated legal decisions producing significant effects are rendered concerning users unless expressly disclosed.
15. Third-Party Hyperlinks and Embedded Content
Digital Properties may hyperlink to GitHub, application marketplaces, social media platforms, or external APIs. The privacy practices of such third parties govern upon departure from Service Provider properties or interaction with embedded content.
16. Product-Specific Privacy Instruments
| Product | Policy |
|---|---|
| Water App | Water App Privacy Policy |
17. Amendment and Revision of This Policy
Material amendments shall be communicated via updated effective date and reasonable notice. Continued use constitutes acknowledgment where permitted by applicable law.
18. Open Source Repository Activity and Platform Logging
GitHub/GitLab activity (clones, stars, pull requests) is logged by those platforms. See their respective privacy policies. The Community Code of Conduct Instrument applies to contributions.
Effective Date and Temporal Applicability
This General Privacy Policy is effective as of 24 May 2026.
Disclaimer: Template policy — not legal advice. Consult qualified counsel for regulatory compliance.