Privacy Policy

Last Updated on January 1, 2020

We are fully committed to protecting the privacy and security of our customers. You have the right to know what data we collect (and how we use it), as well as the right to move or delete this data as you see fit. The following policy explains Koddi’s current practices regarding data collection, use, and security.

We also process data on behalf of our clients. Please refer to the appropriate client privacy policy for more information about 1) how this data is collected and used and 2) your rights in relation to this data.

What kinds of data does Koddi collect?

We collect data that helps us to optimize our clients’ advertising efforts, connecting users to the best possible travel experiences.

This data can include:

  • Pages browsed by users
  • Timestamps (date, time)
  • IP addresses
  • Aggregated technical information related to the user’s browser and device

We do not collect or process ‘sensitive data,’ such as any information pertaining to a user’s racial or ethnic origin, political opinions, criminal offenses, religious beliefs, or physical and mental health.

How does Koddi use this data?

To begin with, we store our users’ email addresses, passwords, and 2-factor secrets for authenticating account logins to provide account notifications and “Forgot your password” functionality. We also store users’ currency preferences to help format reporting values into this preferred currency. Additionally, Koddi verifies its users’ authentication after they log in by utilizing cookies to keep users authenticated and collecting IP addresses, a practice that also prevents brute force attacks. When browsing the Koddi Enterprise Platform, users’ IP addresses are recorded per page view and file uploads. This information is used for security and account auditing; however, this data is not used for remarketing or tracking purposes. Finally, when connecting to a third-party data provider, we store any access tokens associated with connecting to their API.

How can Koddi users control and manage their data?

We rely on data to provide the most efficient, meaningful experiences possible.
That said, we deeply value transparency and accessibility.

Users in California have:

  • The right to know whether their personal information is being collected about them
  • The right to request the specific categories of information a business collects upon verifiable request
  • The right to know what personal information is being collected about them
  • The right to say “no” to the sale of personal information
  • The right to delete their personal information
  • The right to equal service and price, even if they exercise their privacy rights

To make any of the above requests (or to reach out with additional questions) contact us at

Users in the European Union can easily manage the data we collect by:

  • Requesting an electronic copy of the personal data we have collected, free of charge
  • Requesting that their data be transmitted to a new controller
  • Requesting that their data be permanently erased

To make any of the above requests (or to reach out with additional questions) contact us at

How does Koddi protect this data?

We work hard to make sure that your data is protected by the highest levels of security across all of our products and services.
In addition to our internal controls, we also engage third-party specialists to audit our security practices and systems as needed.

We use the following tools to safeguard your information 24/7:

  • User passwords and secrets are encrypted using SHA-256 hashing
  • Access tokens and secrets for third-party APIs are encrypted using SHA-256 hashing
  • All stored IP addresses are encrypted and stored for one year

How long does Koddi retain data?

Personal account information, such as a user’s email addresses and passwords, are stored until the user’s account is removed from Koddi’s Enterprise Platform. Access tokens to third-party APIs vary on a case-by-case basis and are refreshed based on expiration dates sent from the providers. Refresh tokens are stored until the user disables the API connection within the Enterprise platform. Session cookies are destroyed upon logout and are invalidated after 30 minutes of inactivity. Encrypted IP addresses are stored for a year, after which time they are removed from our system.

Cookies and Tracking Tools:

We use cookies in addition to third-party tracking tools. When we set cookies, they will expire within 30 days.

Legal Notice:

Koddi may be required to disclose data in response to lawful requests by public authorities, such as national security or law enforcement. We may also disclose your information as required by law to comply with a subpoena, court order, or other legal processes when we believe in good faith that disclosure is necessary for the prevention, detection, or prosecution of criminal acts or to prevent other damage, or in response to legal action, or to enforce our rights and claims.

Changes to Privacy Policy:

We may need to update or revise this privacy policy. If we do make any alterations or additions, we will post these changes here and notify our users.

Last Updated:

This policy was last updated on January 1, 2020.

Contact Us:

Questions about this privacy policy or our data practices?
Email us outside the EU: at
Within the EU: