Select Page

Security Measures

Last updated: 

October 30, 2023

October 27, 2023

October 27, 2023

Introduction

Welcome to Codox! Your use of Codox's services, including the services Codox makes available through this website and any other software or services offered by Codox in connection therewith (the "Services") is governed by these terms of service (the "Terms"), so please carefully read them before using the Services. For the purposes of these Terms, "we," "our," "us," and "Codox" refer to Codox, Inc., the providers and operators of the Services.

In order to use the Services, you must first agree to these Terms. If you are registering for or using the Services on behalf of an organization, you are agreeing to these Terms for that organization and promising that you have the authority to bind that organization to these Terms. In that case, "you" and "your" will also refer to that organization, wherever possible.

You must be over 13 years of age to use the Services, and children under the age of 13 cannot use or register for the Services. If you are over 13 years of age but are not yet of legal age to form a binding contract (in many jurisdictions, this age is 18), then you must get your parent or guardian to read these Terms and agree to them for you before you use the Services. If you are a parent or guardian and you provide your consent to your child's registration with the Services, you agree to be bound by these Terms with respect of your child's use of the Services.

You agree your purchases and/or use of the Services are not contingent on the delivery of any future functionality or features or dependent on any oral or written public comments made by Codox or any of its affiliates regarding future functionality or features.

BY USING, DOWNLOADING, INSTALLING, OR OTHERWISE ACCESSING THE SERVICES OR ANY MATERIALS INCLUDED IN OR WITH THE SERVICES, YOU HEREBY AGREE TO BE BOUND BY THESE TERMS. IF YOU DO NOT ACCEPT THESE TERMS, THEN YOU MAY NOT USE, DOWNLOAD, INSTALL, OR OTHERWISE ACCESS THE SERVICES.

Your Account

In the course of registering for or using the Services, you may be required to provide Codox with certain information, including your name, organization name, email, and password ("Credentials"). Codox handles such information with the utmost attention, care and security. Nonetheless, you, not Codox, shall be responsible for maintaining and protecting your Credentials in connection with the Services. If your contact information or other information relating to your account changes, you must notify Codox promptly and keep such information current. You are solely responsible for any activity using your Credentials, whether or not you authorized that activity. You should immediately notify Codox of any unauthorized use of your Credentials or if your email or password has been hacked or stolen. If you discover that someone is using your Credentials without your consent, or you discover any other breach of security, you agree to notify Codox immediately.

Content

A variety of information, reviews, recommendations, messages, comments, posts, text, graphics, software, photographs, videos, data, and other materials ("Content") may be made available through the Services by Codox or its suppliers ("Codox-Supplied Content"). While Codox strives to keep the Content that it provides through the Services accurate, complete, and up-to-date, Codox cannot guarantee, and is not responsible for the accuracy, completeness, or timeliness of any Codox-Supplied Content.

You acknowledge that you will be able to create, transmit, publish or display information (such as data files, written text, computer software, music, audio files or other sounds, photographs, videos or other images) through use of the Services. All such information is referred to below as "User Content." User Content also includes any information or data you include in any messages, invitations that you send or share through the Services.

You agree that you are solely responsible for (and that Codox has no responsibility to you or to any third party for) any User Content, and for the consequences of your actions (including any loss or damage which Codox may suffer) in connection with such User Content. If you are registering for these Services on behalf of an organization, you also agree that you are also responsible for the actions of associated Users and for any User Content that such associated Users might upload, record, publish, post, link to, or otherwise transmit or distribute through use of the Services. Furthermore, you acknowledge that Codox does not control or actively monitor Content uploaded by users and, as such, does not guarantee the accuracy, integrity or quality of such Content. You acknowledge that by using the Services, you may be exposed to materials that are offensive, indecent or objectionable. Under no circumstances will Codox be liable in any way for any such Content. You will: (a) be solely responsible for the nature, quality and accuracy of your User Content; (b) ensure that your User Content complies with these Terms and any and all applicable laws, and regulations; (c) promptly handle and resolve any notices and claims relating to your User Content, including any notices sent to you by any person claiming that any User Content violates any person's rights, such as take-down notices pursuant to the Digital Millennium Copyright Act and any other notices; and (d) maintain appropriate security, protection and backup copies of your User Content, which may include, your use of additional encryption technology to protect the Content from unauthorized access.

Codox may refuse to store, provide, or otherwise maintain your User Content for any or no reason. Codox may remove your User Content from the Services at any time if you violate these Terms or if the Services are canceled or suspended. If User Content is stored using the Services with an expiration date, Codox may also delete the User Content as of that date. User Content that is deleted may be irretrievable. You agree that Codox will have no liability of any kind as a result of the deletion of, correction of, destruction of, damage to, loss of or failure to store or encrypt any User Content.

Codox reserves the right (but shall have no obligation) to remove User Content from the Services, in its discretion. You agree to immediately take down any Content that violates these Terms, including pursuant to a takedown request from Codox. In the event that you elect not to comply with a request from Codox to take down certain Content, Codox reserves the right to directly take down such Content.

By submitting, posting or otherwise uploading User Content on or through the Services you give Codox a worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute such User Content for the purpose of enabling Codox to provide you with the Services, and for the limited purposes stated in our Privacy Policy.

Proprietary Rights

You acknowledge and agree that Codox (or Codox's licensors) own all legal right, title and interest in and to the Services and Content and that the Services and Codox-Supplied Content are protected by copyrights, trademarks, patents, or other proprietary rights and laws (whether those rights happen to be registered or not, and wherever in the world those rights may exist).

Except as provided in Section 3, Codox acknowledges and agrees that it obtains no right, title or interest from you (or your licensors) under these Terms in or to any Content that you create, submit, post, transmit, share or display on, or through, the Services, including any intellectual property rights which subsist in that Content (whether those rights happen to be registered or not, and wherever in the world those rights may exist). Unless you have agreed otherwise in writing with Codox, you agree that you are responsible for protecting and enforcing those rights and that Codox has no obligation to do so on your behalf.

License from Codox and Restrictions on Use

Codox gives you a personal, worldwide, royalty-free, non-assignable and non-exclusive license to use the software provided to you as part of the Services. This license is solely to allow you to access the Services for your (or your organization's) non-commercial or internal business purposes, in the manner permitted by these Terms.

You may not (and you may not permit anyone else to: (a) copy, modify, create a derivative work of, reverse engineer, decompile or otherwise attempt to extract the source code of the Services or any part thereof, unless this is expressly permitted or required by law, or unless you have been specifically told that you may do so by Codox, in writing (e.g., through an open source software license); or (b) attempt to disable or circumvent any security mechanisms used by the Services or any applications running on the Services.

You may not engage in any activity that interferes with or disrupts the Services (or the servers and networks which are connected to the Services).

You may not access the Services in a manner intended to avoid incurring fees or exceeding usage limits or quotas.

You may not access the Services for the purpose of bringing an intellectual property infringement claim against Codox or for the purpose of creating a product or service competitive with the Services. You may not use any robot, spider, site search/retrieval application or other manual or automatic program or device to retrieve, index, "scrape," "data mine" or in any way gather Content from the Services.

You agree that you will not upload, record, publish, post, link to, transmit or distribute User Content, or otherwise utilize the Services in a manner that: (i) advocates, promotes, incites, instructs, informs, assists or otherwise encourages violence or any illegal activities; (ii) infringes or violates the copyright, patent, trademark, service mark, trade name, trade secret, or other intellectual property rights of any third party or Codox, or any rights of publicity or privacy of any party; (iii) attempts to mislead others about your identity or the origin of a message or other communication, or impersonates or otherwise misrepresents your affiliation with any other person or entity, or is otherwise materially false, misleading, or inaccurate; (iv) promotes, solicits or comprises inappropriate, harassing, abusive, profane, hateful, defamatory, libelous, threatening, obscene, indecent, vulgar, pornographic or otherwise objectionable or unlawful content or activity; (v) is harmful to minors; (vi) utilizes or contains any viruses, Trojan horses, worms, time bombs, or any other similar software, data, or programs that may damage, detrimentally interfere with, surreptitiously intercept, or expropriate any system, data, personal information, or property of another; or (vii) violates any law, statute, ordinance, or regulation (including without limitation the laws and regulations governing export control, unfair competition, anti-discrimination, or false advertising).

You may not use the Services if you are a person barred from receiving the Services under the laws of the United States or other countries, including the country in which you are resident or from which you use the Services. You affirm that you are over the age of 13, as the Services are not intended for children under 13.

Pricing Terms

Subject to the Terms, the Services are provided to you without charge up to certain time limits, and usage in excess of these limits may require purchase of additional resources and the payment of fees. Please see Codox's Pricing for details regarding pricing for the Services.

Privacy Policies

These Services are provided in accordance with our Privacy Policy, which can be found at Privacy Policy. You agree to the use of your User Content and personal information in accordance with these Terms and Codox's Privacy Policy.

Modification and Termination of Services

Codox is constantly innovating in order to provide the best possible experience for its users. You acknowledge and agree that the form and nature of the Services which Codox provides may change from time to time without prior notice to you, subject to the terms in its Privacy Policy. Changes to the form and nature of the Services will be effective with respect to all versions of the Services; examples of changes to the form and nature of the Services include without limitation changes to fee and payment policies, security patches, added functionality, automatic updates, and other enhancements. Any new features that may be added to the website or the Services from time to time will be subject to these Terms, unless stated otherwise.

You may terminate these Terms at any time by canceling your account on the Services. You will not receive any refunds if you cancel your account.

You agree that Codox, in its sole discretion and for any or no reason, may terminate your account or any part thereof. You agree that any termination of your access to the Services may be without prior notice, and you agree that Codox will not be liable to you or any third party for such termination.

You are solely responsible for exporting your Content from the Services prior to termination of your account for any reason, provided that if we terminate your account, we will endeavor to provide you a reasonable opportunity to retrieve your Content.

Upon any termination of the Services or your account these Terms will also terminate, but all provisions of these Terms which, by their nature, should survive termination, shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, and limitations of liability.

Changes to the Terms

These Terms may be amended or updated from time to time without notice and may have changed since your last visit to the website or use of the Services. It is your responsibility to review these Terms for any changes. By continuing to access or use the Services after revisions become effective, you agree to be bound by the revised Terms. If you do not agree to the new Terms, please stop using the Services. Please visit this page regularly to review these Terms for any changes.

DISCLAIMER OF WARRANTY

YOU EXPRESSLY UNDERSTAND AND AGREE THAT YOUR USE OF THE SERVICES ARE AT YOUR SOLE RISK AND THAT THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE."

CODOX, ITS SUBSIDIARIES AND AFFILIATES, AND ITS LICENSORS MAKE NO EXPRESS WARRANTIES AND DISCLAIM ALL IMPLIED WARRANTIES REGARDING THE SERVICES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, CODOX, ITS SUBSIDIARIES AND AFFILIATES, AND ITS LICENSORS DO NOT REPRESENT OR WARRANT TO YOU THAT: (A) YOUR USE OF THE SERVICES WILL MEET YOUR REQUIREMENTS, (B) YOUR USE OF THE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE OR FREE FROM ERROR, AND (C) USAGE DATA PROVIDED THROUGH THE SERVICES WILL BE ACCURATE.

NOTHING IN THESE TERMS, INCLUDING SECTIONS 10 AND 11, SHALL EXCLUDE OR LIMIT CODOX'S WARRANTY OR LIABILITY FOR LOSSES WHICH MAY NOT BE LAWFULLY EXCLUDED OR LIMITED BY APPLICABLE LAW.

LIMITATION OF LIABILITY

SUBJECT TO SECTION 10 ABOVE, YOU EXPRESSLY UNDERSTAND AND AGREE THAT CODOX, ITS SUBSIDIARIES AND AFFILIATES, AND ITS LICENSORS SHALL NOT BE LIABLE TO YOU FOR ANY INDIRECT, INCIDENTAL, SPECIAL CONSEQUENTIAL OR EXEMPLARY DAMAGES WHICH MAY BE INCURRED BY YOU, HOWEVER CAUSED AND UNDER ANY THEORY OF LIABILITY. THIS SHALL INCLUDE, BUT NOT BE LIMITED TO, ANY LOSS OF PROFIT (WHETHER INCURRED DIRECTLY OR INDIRECTLY), ANY LOSS OF GOODWILL OR BUSINESS REPUTATION, ANY LOSS OF DATA SUFFERED, COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR OTHER INTANGIBLE LOSS. THESE LIMITATIONS SHALL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.

THE LIMITATIONS ON CODOX'S LIABILITY TO YOU IN THIS SECTION SHALL APPLY WHETHER OR NOT CODOX HAS BEEN ADVISED OF OR SHOULD HAVE BEEN AWARE OF THE POSSIBILITY OF ANY SUCH LOSSES ARISING.

SOME STATES AND JURISDICTIONS MAY NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU. IN NO EVENT SHALL CODOX'S TOTAL LIABILITY TO YOU FOR ALL DAMAGES, LOSSES, AND CAUSES OF ACTION (WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE) EXCEED THE AMOUNT THAT YOU HAVE ACTUALLY PAID FOR THE SERVICES IN THE PAST TWELVE MONTHS, OR ONE HUNDRED DOLLARS ($100.00), WHICHEVER IS GREATER.

Indemnification

You agree to hold harmless and indemnify Codox, and its subsidiaries, affiliates, officers, agents, employees, advertisers, licensors, suppliers or partners (collectively "Codox and Partners") from and against any third party claim arising from or in any way related to (a) your breach of the Terms, (b) your use of the Services, (c) your violation of applicable laws, rules or regulations in connection with the Services, or (d) your User Content, including any liability or expense arising from all claims, losses, damages (actual and consequential), suits, judgments, litigation costs and attorneys' fees, of every kind and nature.

Copyright Policy

We respect the intellectual property rights of others and expect our users to do the same. In accordance with the Digital Millennium Copyright Act, Title 17, United States Code, Section 512(c)(2) (the "DMCA"), we will respond expeditiously to claims of copyright infringement committed using the Services if such claims are reported to our Designated Copyright Agent identified in the sample notice below.

DMCA Notice of Alleged Infringement ("Notice")

  • Identify the copyrighted work that you claim has been infringed, or if multiple copyrighted works are covered by this Notice, you may provide a representative list of the copyrighted works that you claim have been infringed.
  • Identify the material or link you claim is infringing (or the subject of infringing activity) and to which access is to be disabled, including at a minimum, if applicable, the URL of the link or the exact location where such material may be found.
  • Provide your company affiliation (if applicable), mailing address, telephone number, and, if available, email address.
  • Include both of the following statements in the body of the Notice: 
  1. "I hereby state that I have a good faith belief that the disputed use of the copyrighted material is not authorized by the copyright owner, its agent, or the law (e.g., as a fair use)."
  2. "I hereby state that the information in this Notice is accurate and, under penalty of perjury, that I am the owner, or authorized to act on behalf of, the owner, of the copyright or of an exclusive right under the copyright that is allegedly infringed."
  • Provide your full legal name and your electronic or physical signature. Deliver this Notice, with all items completed, to our Designated Copyright Agent:

Copyright Agent,
Codox, Inc.
8047 Central Ave Suite 2032
Newark, CA 94560
support@codox.io

Third-Party Content

The Services may include references or hyperlinks to other web sites or content or resources or email content. Codox has no control over any web sites or resources which are provided by companies or persons other than Codox.

You acknowledge and agree that Codox is not responsible for the availability of any such external sites or resources, and does not endorse any advertising, products or other materials on or available from such web sites or resources.

You acknowledge and agree that Codox is not liable for any loss or damage which may be incurred by you or other users as a result of the availability of those external sites or resources, or as a result of any reliance placed by you on the completeness, accuracy or existence of any advertising, products or other materials on, or available from, such web sites or resources.

Third Party Software

The Services may incorporate certain third party software ("Third Party Software"), which is licensed subject to the terms and conditions of the third party licensing such Third Party Software. Nothing in these Terms limits your rights under, or grants you rights that supersede, the terms and conditions of any applicable license for such Third Party Software.

Feedback

You may choose to or we may invite you to submit comments or ideas about the Services, including without limitation about how to improve the Services or our products. By submitting any feedback, you agree that your disclosure is gratuitous, unsolicited and without restriction and will not place Codox under any fiduciary or other obligation, and that we are free to use such feedback without any additional compensation to you, and/or to disclose such feedback on a non-confidential basis or otherwise to anyone.

Miscellaneous

These Terms, together with our Privacy Policy and Pricing Terms (if available), constitutes the entire agreement between the parties relating to the Services and all related activities. These Terms shall not be modified except in writing signed by both parties or by a new posting of these Terms issued by us. If any part of these Terms is held to be unlawful, void, or unenforceable, that part shall be deemed severed and shall not affect the validity and enforceability of the remaining provisions. The failure of Codox to exercise or enforce any right or provision under these Terms shall not constitute a waiver of such right or provision. Any waiver of any right or provision by Codox must be in writing and shall only apply to the specific instance identified in such writing. You may not assign these Terms, or any rights or licenses granted hereunder, whether voluntarily, by operation of law, or otherwise without our prior written consent. These Terms and any action related thereto will be governed by the laws of the State of California without regard to its conflict of laws provisions. The exclusive jurisdiction and venue of any action with respect to the subject matter of these Terms will be the state and federal courts located in San Francisco, California, and each of the parties hereto waives any objection to jurisdiction and venue in such courts.

Contact Us

If you have any questions about these Terms or if you wish to make any complaint or claim with respect to the Services, please contact us at: support@codox.io

When submitting a complaint, please provide a brief description of nature of your complaint and the specific services to which your complaint relates.

1. Purpose, Scope, and Organization

What is this document, why does it exist, what does it cover, and who is in charge of it?

This policy defines behavioral, process, technical, and governance controls pertaining to security at Codox that all personnel are required to implement in order to ensure the confidentiality, integrity, and availability of the Codox service and data (“Policy”). All personnel must review and be familiar with the rules and actions set forth below.

This Policy defines security requirements for:

  • all Codox employees, contractors, consultants and any other third parties providing services to Codox (“personnel”),
  • management of systems, both hardware and software and regardless of locale, used to create, maintain, store, access, process or transmit information on behalf of Codox, including all systems owned by Codox, connected to any network controlled by Codox, or used in service of Codox’s business, including systems owned third party service providers,
  • circumstances in which Codox has a legal, contractual, or fiduciary duty to protect data or resources in its custody.

In the event of a conflict, the more restrictive measures apply.

1.1 Governance and Evolution

This Policy was created in close collaboration with and approved by Codox executives. At least annually, it is reviewed and modified as needed to ensure clarity, sufficiency of scope, concern for customer and personnel interests, and general responsiveness to the evolving security landscape and industry best practices.

1.2 Security Team

The Codox security team oversees the implementation of this policy, including:

  • Procurement, provisioning, maintenance, retirement, and reclamation of corporate computing resources
  • All aspects of service development and operation related to security, privacy, access, reliability, and survivability
  • Ongoing risk assessment, vulnerability management, incident response
  • Security-related human resources controls and personnel train

2. Personnel and Office Environment

Codox is committed to protecting its customers, personnel, partners, and the company from illegal or damaging actions by individuals, either knowingly or unknowingly in the context of its established employment culture of openness, trust, maturity, and integrity.

This section outlines expected personnel behaviors affecting security at Codox. These rules are in place to protect our personnel and Codox itself, in that inappropriate use may expose customers and partners to risks including malware, viruses, compromise of networked systems and services, and legal issues.

2.1 Work Behaviors

The first line of defense in data security is the informed behavior of personnel, who play a significant role in ensuring the security of all data, regardless of format. Such behaviors include those listed in this section as well as any additional requirements specified in the employee handbook, specific security processes, and other applicable codes of conduct.

Training

All employees and contractors must attend the Codox security training program, which will be offered at least annually, to inform all personnel of the requirements of this policy.

Unrecognized Persons and Visitors

It is the responsibility of all personnel to take positive action to maintain physical security. Challenge any unrecognized person present in a restricted office location. Any challenged person who does not respond appropriately should be immediately reported to supervisory staff and the security team. All visitors to Codox offices must be registered as such or accompanied by a Codox employee.

Clean Desk

Personnel should maintain workspaces clear of sensitive or confidential material and take care to clear workspaces of such material at the end of each workday.

Unattended Devices

Unattended devices must be locked. All devices will have an automatic screen lock function set to automatically activate upon no more than fifteen minutes of inactivity.

Use of Corporate Assets

Systems are to be used for business purposes in serving the interests of the company, and of our clients and partners in the course of normal business operations. Personnel are responsible for exercising good judgment regarding the reasonableness of personal use of systems. Only Codox-managed hardware and software is permitted to be connected to or installed on corporate equipment or networks and used to access Codox data. Codox-managed hardware and software includes those either owned by Codox or owned by Codox personnel but enrolled in a Codox device management system. Only software that has been approved for corporate use by Codox may be installed on corporate equipment. All personnel must read and understand the list of prohibited activities outlined in this Policy. Modifications or configuration changes are not permitted without explicit written consent by the Codox security team.

No Backups, Use of Cloud Storage

Personnel may not configure work devices to make backups of device data. Instead, personnel are expected to operate primarily “in the cloud” and treat local storage on computing devices as ephemeral. Making a practice of keeping important work artifacts replicated into company-approved secure cloud storage (e.g. AWS S3) ensures that even in the event of a corporate device being lost, stolen, or damaged, such work artifacts will be immediately recoverable on a replacement device.

Prohibited Activities

The following activities are prohibited. Under certain conditions and with the explicit written consent of the security team, personnel may be exempted from certain of these restrictions during the course of their legitimate job responsibilities (e.g. planned penetration testing, systems administration staff may have a need to disable the network access of a host if that host is disrupting production services).

The list below is by no means exhaustive, but attempts to provide a framework for activities which fall into the category of unacceptable use.

  • Under no circumstances are personnel of Codox authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing Codox-owned resources.
  • Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by Codox.
  • Violating or attempting to violate the terms of use or license agreement of any software product used by Codox is strictly prohibited.
  • Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which Codox or the end user does not have an active license is strictly prohibited.
  • Exporting software, technical information, encryption software or technology may result in a violation of international or regional export control laws. The appropriate management should be consulted prior to export of any material that is in question.
  • Revealing your account password to others or allowing use of your account by others. This includes colleagues, as well as family and other household members when work is being done at home.
  • Making fraudulent offers of products, items, or services originating from any Codox account.
  • Making statements about warranty, expressly or implied, unless it is a part of normal job duties and then only to the extent the warranties are consistent with Codox’s authorized warranties.
  • Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).
  • Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access. For purposes of this section, "disruption" includes, but is not limited to, network sniffing, ping floods, packet spoofing, denial of service, and forged routing information for malicious or unlawful purposes.
  • Except by or under the direct supervision of the security team, port scanning or security scanning, or other such software designed to exploit or find computer, software, or network vulnerabilities.
  • Executing any form of network monitoring which will intercept data not intended for the employee’s host, unless this activity is a part of the employee’s normal job/duty.
  • Circumventing user authentication or security of any host, network or account or attempting to break into an information resource or to bypass a security feature. This includes running password-cracking programs or sniffer programs, and attempting to circumvent file or other resource permissions.
  • Attempting to interfere with or deny service to any other user.
  • Providing information about, or lists of, Codox personnel to parties outside Codox.
  • Installation of software which installs or includes any form of malware, spyware, or adware as defined by the security team.
  • Crashing an information system. Deliberately crashing an information system is strictly prohibited. Users may not realize that they caused a system crash, but if it is shown that the crash occurred as a result of user action, a repetition of the action by that user may be viewed as a deliberate act.
  • Attempts to subvert technologies used to effect system configuration of company-managed devices (e.g. MDM) or personal devices voluntarily used for company purposes (e.g. mobile Work Profiles).

2.2 Personnel Systems Configuration, Ownership, and Privacy

Centralized System Configuration

Personnel devices and their software configuration may be managed remotely by members of the security team via configuration-enforcement technology. Such technology may be used for purposes including auditing/installing/removing software applications or system services, managing network configuration, enforcing password policy, encrypting disks, copying data files to/from employee devices, and any other allowed interaction to ensure that employee devices comply with this Policy.

Retention of ownership

All software programs, data, and documentation generated or provided by personnel while providing services to Codox or for the benefit of Codox are the property of Codox unless otherwise covered by a contractual agreement.

Personnel Privacy

While Codox’s network administration desires to provide a reasonable level of privacy, users should be aware that the data they create on the corporate systems remains the property of Codox. Due to the need to protect Codox’s network, management does not intend to guarantee the privacy of personnel’s personal information stored on any network device belonging to Codox. Personnel are responsible for exercising good judgment regarding the reasonableness of personal use such as general web browsing or personal email. If there is any uncertainty, personnel should consult the security team or their manager.

Personnel should structure all electronic communication with recognition of the fact that the content could be monitored and that any electronic communication could be forwarded, intercepted, printed, or stored by others.

Codox reserves the right, at its discretion, to review personnel’s files or electronic communications to the extent necessary to ensure all electronic media and services are used in compliance with all applicable laws and regulations as well as corporate policies.

Codox reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy. For security and network maintenance purposes, authorized individuals within Codox may monitor equipment, systems and network traffic at any time.

2.3. Human Resources Practices

Background Checks

Background checks may be conducted on employees prior to their start date. The consequences of problematic background check results may range from a limitation of security privileges, to revocation of employment offer, to termination.

Training

The security team maintains a company-wide security awareness program delivered to all personnel at least annually. The program covers security awareness, policies, processes, and training to ensure that personnel are sufficiently informed to meet their obligations. Those most responsible for maintaining security at Codox, including the security team itself as well as key engineering/operations staff, undergo more technical continuing education.

Separation

In the case of personnel termination or resignation, the security team coordinates with human resources to implement a standardized separation process to ensure that all accounts, credentials, and access of outgoing employees are reliably disabled.

3. Personnel Identity and Access Management

How does Codox define, control, and maintain user identity and permissions for personnel?

3.1 User Accounts and Authentication

Each individual having access to any Codox-controlled system does so via a G Suite user account denoting their system identity. Such user accounts are required to have a unique username, strong password of at least 8 characters, and two-factor authentication (2FA) mechanism.

Logging into Codox Systems

Authentication is performed by Google’s account management system, details of which can be found at https://gsuite.google.com/security. Codox leverages G Suite’s facilities of detecting malicious authentication attempts. Repeated failed attempts to authenticate may result in the offending user account being locked or revoked.

Logging into Third Party Systems

Whenever available, third-party systems must be configured to delegate authentication to Codox’s G Suite account authentication system (described above) thereby consolidating authentication controls into a single user account system that is centrally managed by the security team.

Revocation and Auditing of User Accounts

User accounts are revoked (that is, disabled but not deleted) immediately upon personnel separation. As a further precaution, all user accounts are audited at least quarterly, and any inactive user accounts are revoked.

3.2. Access Management

Codox adheres to the principle of least privilege, and every action attempted by a user account is subject to access control checks.

Role-based Access Control

Codox employs a role-based access control (RBAC) model utilizing Google-supplied facilities such as organizational units, user accounts, user groups, and sharing controls.

Web Browsers and Extensions

Codox may require use of a specified web browser(s) for normal business use and for access to corporate data such as email. For certain specified roles such as software development and web design, job activities beyond those mentioned above necessitate the use of a variety of browsers, and these roles may do so as needed for those activities.

Any browser that is allowed to access corporate data such as email is subject to a whitelist-based restriction on the which browser extensions can be installed.

Administrative Access

Access to administrative operations is strictly limited to security team members and further restricted still as a function of tenure and the principle of least privilege.

Regular Review

Access control policies are reviewed regularly with the goal of reducing or refining access whenever possible. Changes in job function by personnel trigger an access review as well.

3.3. Termination

Upon termination of personnel, whether voluntary or involuntary, the security team will follow Codox’s personnel exit procedure, which includes revocation of the associated user account and reclamation of company-owned devices, office keys or access cards, and all other corporate equipment and property prior to the final day of employment.

4. Provenance of Technology

How does Codox build, adopt, configure, and maintain technology to fulfill its security intentions and needs?

4.1. Software Development

Codox stores source code and configuration files in private GitHub repositories. The security and development teams conduct code reviews and execute a static code analysis tools on every code commit. Reviewers shall check for compliance with Codox’s conventions and style, potential bugs, potential performance issues, and that the commit is bounded to only its intended purpose.

Security reviews shall be conducted on every code commit to security-sensitive modules. Such modules include those that pertain directly to authentication, authorization, access control, auditing, and encryption.

All major pieces of incorporated open source software libraries and tools shall be reviewed for robustness, stability, performance, security, and maintainability.

The security and development teams shall establish and adhere to a formal software release process.

4.2. Configuration and Change Management

The Codox security and development teams shall document the configuration of all adopted systems and services, whether hosted by Codox or are third party hosted. Industry best practices and vendor-specific guidance shall be identified and incorporated into system configurations. All configurations shall be reviewed on at least an annual basis. Any changes to configurations must be approved by appointed individuals and documented in a timely fashion.

System configurations must address the following controls in a risk-based fashion and in accordance with the remainder of this policy:

  • data-at-rest protection encryption
  • data-in-transit protection of confidentiality, authenticity, and integrity for incoming and outgoing data
  • data and file integrity
  • malware detection and resolution
  • capturing event logs
  • authentication of administrative users
  • access control enforcement
  • removal or disabling of unnecessary software and configurations
  • production data is not used in development or test systems.

4.3. Third Party Services

For every third-party service that Codox adopts, the security team shall review the service and vendor, on an annual basis, to gain assurance that their security posture is consistent with Codox’s for the type and sensitivity of data the service will store.

5. Data Classification and Processing

How does Codox manage data classifications and data processing?

5.1. Data Classification

Codox maintains the following Data Confidentiality Levels:

  • Confidential - Information only available to specific roles within the organization. Data must be encrypted at rest and in transit. Access to data requires 2FA/MFA.
  • Restricted - Access restricted to specific roles within the organization and authorized third parties. Data must be encrypted at rest and in transit. Access to data requires 2FA/MFA.
  • Internal - Information is available to all employees and authorized third parties. Data must be encrypted at rest and in transit.
  • Public - Information is available to the public.

Data Confidentiality is determined by:

  • The value of the information, based on impacts identified during the risk assessment process.
  • Sensitivity and criticality of the information, based on the highest risk calculated for each data item during the risk assessment.
  • Policy, legal, regulatory, and contractual obligations.

Additionally, data may be separated into data type classifications to enforce processing rules for customer data. For each data class, the Codox security and development teams may provision and dedicate specific information systems in Amazon Web Services to store and process data of that class, and only data of that class, unless otherwise explicitly stated. For all classes of customer data, data must be encrypted at rest and in transit. Corresponding systems may store and process data items needed to keep each customer’s data properly segmented, such as Codox customer identifiers.

Customer User Account Data - This is data pertaining to login accounts for the www.codox.io customer web interface, used by Codox customer agents. User account credentials shall be hashed in such a manner that the plaintext passwords cannot be recovered.

Customer Contact Data - This is contact data about Codox customers and customer agents.

Customer Preferences Data - This is data pertaining to the customer-specific preferences and configurations of the Codox service made by customer agents.

Customer Recorded Data - This is data that the Codox service collects during session recording.

Customer Event Transaction Metadata - This is metadata about transactions conducted on all other classes of customer data. This includes customer organization and user identifiers, standard syslog data pertaining to customer users, and instances of Customer Contact Data and Customer Preferences Data. This class does not include Customer Recorded Data.

Customer Contact Data, Customer Preferences Data, and Customer Event Transaction Metadata may be stored and processed in systems hosted in environments other than Amazon Web Services, as approved by the security team.

Resources must maintain accurate data classification tagging policies for their entire lifecycle, including during decommissioning or when removed from service temporarily.

5.2 Codox Employee Access to Customer Data

Codox employees may access Customer Data only under the following conditions:

  • For the purpose of incident response, customer support, or feature testing.
  • For no longer than is needed to fulfill the purpose of access.
  • In an auditable manner.
  • Customer Data is not used in development or test system.

5.3 Customer Access

Codox provides web user interfaces (UIs) to provide customers access to their data.

5.4 Exceptional Cases

The security team in conjunction with executive management may approve emergency exceptions to any of the above rules, in response to security incidents, service outages, or significant changes to the Codox operating environment, when it is deemed that such exceptions will benefit and protect the security and mission of Codox and Codox customers.

5.5 Data Encryption

Codox  protects all data in transit with TLS 1.2 and all data at rest with AES-256 encryption from Amazon KMS. Cryptographic keys are assigned to specific roles based on least privilege access and keys are automatically rotated yearly. Usage of keys is monitored and logged.

Resources must maintain data encryption at rest and in transit for their entire lifecycle, including during decommissioning or when removed from service temporarily.

5.6 Data Retention

Each customer is responsible for the information they create, use, store, process and destroy.

On expiration of services, customers may instruct Codox to delete all customer data from Codox systems in accordance with applicable law as soon as reasonably practicable, unless applicable law or regulations require otherwise.

5.7 Data Sanitization and Secure Disposal

Codox uses Amazon Web Services for all infrastructure. AWS provides the following guidance regarding their data lifecycle policies:

Media storage devices used to store customer data are classified by AWS as Critical and treated accordingly, as high impact, throughout their life-cycles. AWS has exacting standards on how to install, service, and eventually destroy the devices when they are no longer useful. When a storage device has reached the end of its useful life, AWS decommissions media using techniques detailed in NIST 800-88. Media that stored customer data is not removed from AWS control until it has been securely decommissioned.

6. Vulnerability and Incident Management

How does Codox  detect, and respond to vulnerabilities and security incidents?

6.1. Vulnerability Detection and Response

The Codox security and development teams shall use all of the following measures to detect vulnerabilities that may arise in Codox’s information systems.

  • Cross-checking vulnerability databases with all systems and software packages that support critical Codox services.
  • Automated source code scanners on every code commit.
  • Code reviews on every security-sensitive code commit.
  • Vulnerability scanning on Codox services.

The Codox security team shall evaluate the severity of every detected vulnerability in terms of the likelihood and potential impact of an exploit, and shall develop mitigation strategies and schedules accordingly. Suitable mitigations include complete remediation or implementing compensating controls.

6.2. Incident Detection and Response

The Codox team shall use all of the following measures to detect security incidents:

  • Continuous monitoring of AWS network traffic and workloads for malicious or unauthorized activities.
  • Continuous monitoring of logs to detect potentially malicious or unauthorized activity.
  • Conduct reviews on the causes of any service outages.
  • Respond to notices of potential incidents from employees, contractors, or external parties.

The Codox security team shall make a determination of whether every indicator is representative of an actual security incident. The severity, scope, and root cause of every incident shall be evaluated, and every incident shall be resolved in a manner and timeframe commensurate with the severity and scope.

In the event that a data breach affecting a customer has been detected, Codox will maintain communication with the customer about the severity, scope, root cause, and resolution of the breach.

7. Business Continuity and Disaster Recovery

How will Codox  prevent and recover from events that could interfere with expected operations?

7.1 Availability and Resiliency

Codox services shall be configured in such a manner so as to withstand long-term outages to individual servers, availability zones, and geographic regions. Codox infrastructure and data is replicated in multiple geographic regions to ensure this level of availability.

7.2 Disaster Recovery

Codox targets a Data Recovery Point Objective (RPO) of near-zero for at least 7 days, and up to 24 hours beyond 7 days.

Due to the distributed nature of Codox services, Recovery Time Objectives (RTO) are near-zero for geographic disasters. RTO for systemic disasters involving data recovery is targeted at 6 hours.

7.3 Business Continuity

Business Risk Assessment and Business Impact Analysis

Codox risk assessment committee will include business risk assessment and business impact analysis for each Key Business System that is used by the organization. The outcome of ongoing risk assessments will update or create recovery plans for Key Business Systems and update prioritization of systems compared to other key systems.

Distribution, Relocation, and Remote Work

Codox prioritizes policies, tools, and equipment which enables independent, distributed remote work for all staff if emergencies or disasters strike. If the organization’s primary work site is unavailable, staff can work from home or an alternate work site shall be designated by management.

Questions about security or compliance?

Keeping our clients' data secure is an absolute top priority at Codox. Our goal is to provide a secure environment, while also being mindful of application performance and the overall user experience.

If you have any questions or concerns about security, please email support@codox.io.

Codox, Inc.
8047 Central Ave Suite 2032
Newark, CA 94560

Codox, Inc. ("we" or "us") is committed to protecting your privacy. This Privacy Policy describes how we collect, store, use and distribute information through our software, website, documentation, and related services (together, the "Services").

Capitalized terms not defined in this Privacy Policy have the meaning as set forth in the Terms of Service for the Services, which can be found at Terms and Conditions.

Consent

By using the Services, you consent to the use of your Personal Information as described in this Privacy Policy. If you are not of legal age to form a binding contract (in many jurisdictions, this age is 18), you may only use the Services and disclose information to us with your parent’s or legal guardian’s express consent. Furthermore, children under the age of 13 cannot use or register for the Services in any way. Review this Privacy Policy with your parent or legal guardian make sure you understand it. Except as set forth in this Privacy Policy, your Personal Information will not be used for any other purpose without your consent. We do not actively collect Personal Information for the purpose of sale of such information in a way that specifically identifies the individual (i.e. we don’t sell customer lists). You may withdraw your consent to our processing of your Personal Information at any time. However, withdrawing consent may result in your inability to continue using some or all of the Services.

Collection of Information

1. Personal Information

When registering to use the Services, we may require or ask you to provide certain personally identifiable information (these are referred to below as your "Personal Contact Information"). The Personal Contact Information that we require you to provide may include, but is not limited to, the following:

  • E-mail
  • Full name or alias (can be fictitious)
  • Company name
  • Company subdomain

When purchasing the Services, we will require you to provide financial and billing information, such as billing name and address, and credit card number ("Billing Information"). Your Personal Contact Information and your Billing Information, together with any other information we gather through the Services that may be used to identify, contact, or locate you individually, are collectively referred to herein as your "Personal Information."

We may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send. While there are limited circumstances in which we may give third parties access to your Personal Information, the purposes of which are described below, we do not permit any third parties with whom we may share your Personal Information to contact you with their own marketing or promotional materials.

You may also be provided the ability to provide us with the name and email address of your coworkers to allow us to send them a referral link to sign up for our Services. Applicable law may require you obtain consent from your coworker before sharing their name and email address with us and authorizing us to communicate with them. Such communications may contain web beacons that provide us information about your coworkers’ interaction with the emails we send them. By submitting any third-party personal information to us and allowing us to communicate with such third party, you agree that you have all required authorization and consents required under applicable law.

2. Personal Information Collected from Connected Third Party Accounts

If you connect your third party account to your Codox account, we may collect certain information stored in your third party account such as:

Google+. Codox may allow you to use a Google+ profile to create your Codox account, in which case we will access certain information from Google regarding your account. In particular, we may collect profile image, display name, username / profile ID, access tokens and contacts. This data will only be used by us to provide you with the Service you expect and will not be shared with any third parties. Registering for our Services through Google+ is voluntary.

Zendesk Support. You may choose to integrate with our Service from your Zendesk Support account, in which case we will access certain information from Zendesk Support regarding your account. In particular, we may collect display name, username, user ID, access token and email address of your Zendesk Support team. This data will only be used by us to provide you with the Service you expect and will not be shared with any third parties.

3. Data, Diagnostic & Login Information

You may be able to create, upload, publish, transmit, distribute, display, store or share information, data, text, graphics, video, messages or other materials using our Services (this is collectively referred to below as "Data"). We do not store such Data on our servers.

If you run into technical errors in the course of using the Services, we may automatically obtain a crash report along with certain logging information from your system documenting the error ("Diagnostic Information"). Such information may contain information regarding your Operating System version, hardware, browser version, and your e-mail address, if provided. In some instances, we may request your permission to obtain some of your user-generated content to which the technical error may relate. This is strictly optional. We will only use such content to diagnose the error and help improve our Services to avoid such errors in the future.

Additionally, certain login information may be maintained in a cookie stored locally on your personal computing device (i.e. not on a server) in order to streamline the login process ("Login Information").

4. Usage and Analytics Information

As you use our Services, we may also collect information through the use of commonly-used information-gathering tools, such as cookies, log files, Web tokens, and Web beacons. Collectively, this information is referred to as "Usage and Analytics Information."

5. Cookie

Some of our Service Providers use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to enhance your user experience.

Cookies allows you, as a user, to navigate between pages efficiently, storing your preferences, and generally improving your experience on our sites. As a user, your web browser places cookies on your hard drive for record-keeping purposes and sometimes to track information about you.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

5.1 Log Files

As is true of most websites, we gather certain information automatically to analyze trends in the aggregate and administer the Services. This information may include your Internet Protocol (IP) address (or the proxy server you use to access the World Wide Web), your browser type, the pages and files you viewed, your operating system, and date/time stamps associated with your usage. Due to Internet communications standards, when you visit or use our websites and Services, We automatically receive the URL of the website from which you came and the website to which you go when you leave our website. This information is used to analyze overall trends, to help us improve the Services, to track and aggregate non-personal information, and to provide the Services. For example, we use IP addresses to monitor the regions from which customers and visitors navigate the Sites.

5.2 Web Beacons

We use web beacons alone or in conjunction with cookies to compile information about your usage of the Services and interaction with emails from us. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular website or Service tied to the web beacon, and a description of a website or Service tied to the web beacon. For example, we may place web beacons in marketing emails that notify us when you click on a link in the email that directs you to one of our websites. We also use web beacons to operate and improve the Services and our email communications.

5.3 Geo-Location Information

We do not use GPS technology to collect any information regarding your precise real-time geo-location while using the Services. However, we may use elements of your Usage and Analytics Information (such as your IP address) to determine your generalized location. This information is referred to as "Generalized Geo-Location Information."

6. Use of Information

We use the information we collect in the following ways:

6.1 Personal Contact Information

We use this information to manage your account, to provide the Services, to maintain our customer/visitor lists, to respond to your inquiries or request feedback, for identification and authentication purposes, for service improvement, and to address issues like malicious use of the Services. We may also use Personal Contact Information for limited marketing purposes, namely, to contact you to further discuss your interest in the Services, and to send you information about us or our partners. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send.

6.2 Billing Information

We use Billing Information to manage your account, to provide the Services, and to check the financial qualifications of prospective customers and to collect payment for the Services. We may use a third-party service provider to manage credit card processing. If we do so, such a service provider will not be permitted to store, retain, or use Billing Information except for the sole purpose of credit card processing on our behalf.

6.3 Data, Diagnostic Information and Login Information

We use this information for the purpose of administering and improving our Services to you. We may also use this information in a de-identified, anonymous way in conjunction with an analytics service such as Google Analytics to monitor and analyze use of the Services, for the Services’ technical administration, and to increase the Services’ functionality and user-friendliness.

6.4 Usage and Analytics Information

We may use your Usage and Analytics Information in a de-identified, anonymous way in conjunction with an analytics service such as Google Analytics to monitor and analyze use of the Services, for the Services’ technical administration, to increase the Services’ functionality and user-friendliness, and to verify users have the authorization needed for the Services to process their requests.

6.5 Generalized Geo-Location Information

We may use this information for the purpose of administering and improving our Services to you, such as by providing you with relevant advertisements and promotions. We may also use your Generalized Geo-Location Information in an anonymized manner in conjunction with an analytics service such as Google Analytics to monitor and analyze use of the Services, for the Services’ technical administration, and to increase the Services’ functionality and user-friendliness.

If we plan to use your Personal Information in the future for any other purposes not identified above, we will only do so after informing you by updating this Privacy Policy. See further the section of this Privacy Policy entitled "Amendment of this Privacy Policy".

7. Do Not Track

We do not support Do Not Track. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

8. Disclosures & Transfers

We have put in place contractual and other organizational safeguards with our agents to ensure a proper level of protection of your Personal Information (see further "Security" below). In addition to those measures, we will not disclose or transfer your Personal Information to third parties without your permission, except as specified in this Privacy Policy (see further "Important Exceptions" below).

Please note that if you are using the Services at the request or as part of an organization, your organization’s account administrator may be able to view certain activity and content associated with use of the Services, including, but not limited to, elements of your Personally Identifiable Information.

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

Codox Inc is based in the United States. If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

9. Important Exceptions

From time to time we may employ third parties to help us provide and/or improve the Services. These third parties may have limited access to databases of user information or registered member information solely for the purpose of helping us to provide and/or improve the Services and they will be subject to contractual restrictions prohibiting them from using the information about our users for any other purpose. Such agents or third parties do not have any rights to use Personal Information beyond what is absolutely necessary to assist us.

We may disclose your Personal Information to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users of the Services, or anyone else (including the rights or property of anyone else) that could be harmed by such activities. We may disclose Personal Information when we believe in good faith that such disclosure is required by and in accordance with the law.

If we are involved in a merger, acquisition or asset sale, your Personal Information may be transferred. We will provide notice before your Personal Information is transferred and becomes subject to a different Privacy Policy.

10. Security

The security of your Personal Information is important to us. We use commercially reasonable efforts to store and maintain your Personal Information in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Personal Information that you provide to us. We have implemented procedures designed to limit the dissemination of your Personal Information to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you.

Please keep in mind that risk can never be eliminated but can be significantly mitigated and reduced. All measures which Codox has taken significantly reduce the risk.

Security measures adopted by Codox include:

  • Access to the information stored within Codox's servers is restricted to a limited number of Codox employees and Third Parties who can access the information only in specific and limited circumstances and are bound by confidentiality.
  • Codox's servers are protected by (1) firewalls establishing a barrier between Our trusted, secure internal network and the Internet and (2) IP restrictions, limiting access to whitelisted IP addreeses.
  • Each User may only access information pertaining to its Codox account.
  • We use HTTPS for the Services to provide secure transfer of data, prevent wiretapping and man-in-the-middle attacks.

You are also responsible for helping to protect the security of your Personal Information. For instance, never give out your password, and safeguard your user name, password and personal credentials when you are using the Services, so that other people will not have access to your Personal Information. Furthermore, you are responsible for maintaining the security of any personal computing device on which you utilize the Services.

11. Sharing Information with Third Parties

We use the information we collect in the following ways:

11.1 Inviting Others to Use Our Services

Our Services allow you to send invitations for your friends or coworkers to use our Services. We offer you the ability to send these invitations by email or through certain social media platforms. We do not store or retain any personal information (including names, emails, or social media information) about the people to whom you send invitations, nor do we store any custom messages you may include in these invitations.

We rely on you not to abuse this feature. You are not permitted to use this feature to send spam, harass others, or contact people who you do not have the right to contact electronically. You are also not permitted to use this feature to send personal information about third parties. So, please do not include such information in any custom messages.

11.2 Other Information Sharing

You may be able to direct that Personal Information be shared with third parties through use of the Services. We will not permit any such transfer without your express opt-in consent. The privacy policies of these third parties are not under our control and may differ from ours. The use of any information that you may provide to any third parties will be governed by the privacy policy of such third party or by your independent agreement with such third party, as the case may be. Further, such third parties may store the transferred Personal Jurisdiction in a location with privacy and other laws different than those that apply to Codox. If you have any doubts about the privacy of the information you are providing to a third party, we recommend that you contact that third party directly for more information or to review its privacy policy.

12. Retention

We will keep your Personal Information only for as long as it remains necessary for the purposes set forth in this Privacy Policy, which may extend beyond the termination of our relationship with you. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. All retained Personal Information will remain subject to the terms of this Privacy Policy.

13. Updates to this Privacy Policy

We reserve the right to change this Privacy Policy at any time. If we decide to change this Privacy Policy in the future, we will post or provide appropriate notice. Except as explained below, any non-material change (such as clarifications) to this Privacy Policy will become effective on the date the change is posted, and any material changes will become effective 30 days from their posting on Privacy Policy or via email to your listed email address. Unless stated otherwise, our current Privacy Policy applies to all Personal Information that we have about you and your account. The date on which the latest update was made is indicated at the top of this document. We recommend that you print a copy of this Privacy Policy for your reference and revisit this policy from time to time to ensure you are aware of any changes. Your continued use of the Services signifies your acceptance of any changes.

If applicable law requires your opt in consent to any particular amendment to this Privacy Policy, the amendment will not apply to your Personal Information until we receive such consent from you. To the extent we cannot provide some or all of the Services without your consent to such amendment to the Privacy Policy, your decision not to consent may result in our having to limit your ability to use certain aspects of the Services.

14. Access and Accuracy

You have the right to access the Personal Information we hold about you in order to verify the Personal Information we have collected in respect to you and to have a general account of our uses of that information. Upon receipt of your written request, we will provide you with a copy of your Personal Information, although in certain limited circumstances we may not be able to make all relevant information available to you, such as where that information also pertains to another user. In such circumstances we will provide reasons for the denial to you upon request. We will endeavor to deal with all requests for access and modifications in a timely manner.

We will make every reasonable effort to keep your Personal Information accurate and up-to-date, and we will provide you with mechanisms to correct, amend, delete or limit the use of your Personal Information. As appropriate, this amended Personal Information will be transmitted to those parties to which we are permitted to disclose your information. Having accurate Personal Information about you enables us to give you the best possible service.

In certain circumstances, you have the right:

  • To access and receive a copy of the Personal Data we hold about you
  • To rectify any Personal Data held about you that is inaccurate
  • To request the deletion of Personal Data held about you

You have the right to data portability for the information you provide to us. You can request to obtain a copy of your Personal Information in a commonly used electronic format so that you can manage and move it.

Please note that we may ask you to verify your identity before responding to such requests.

15. Your California Privacy Rights

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of Personal Information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: legal@codox.io.

16. Service Providers

We may employ third party companies and individuals to facilitate our Services ("Service Providers"), to provide the Services on our behalf, to perform Service-related services or to assist us in analyzing how our Services is used. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

A list of our current Service Providers can be found at Service Provider List. The Service Provider List will be updated from time-to-time, as Service Providers are added and removed. The Service Provider List contains instructions on how to find out when updates are made the Service Provider List.

How to Contact Us

You can help by keeping us informed of any changes such as a change of email address or telephone number. If you would like to access your information, if you have any questions, comments or suggestions, if you find any errors in our information about you, or if you have a complaint concerning our compliance with applicable privacy laws, please contact us at legal@codox.io or by mail at:

Codox, Inc.
8047 Central Ave Suite 2032
Newark, CA 94560