We are fully committed to protecting the privacy and security of our customers. You have the right to know what data we collect (and how we use it), as well as the right to move or delete this data as you see fit. The following policy explains Koddi’s current practices regarding data collection, use, and security.
We collect data that helps us to optimize our clients’ advertising efforts, connecting users to the best possible travel experiences.
This data can include:
• Pages browsed by users
• Timestamps (date, time)
• IP addresses
• Aggregated technical information related to the user’s browser and device
We do not collect or process ‘sensitive data,’ such as any information pertaining to a user’s racial or ethnic origin, political opinions, criminal offenses, religious beliefs, or physical and mental health.
To begin with, we store our users’ email addresses, passwords, and 2-factor secrets for authenticating account logins to provide account notifications and “Forgot your password” functionality. We also store users’ currency preferences to help format reporting values into this preferred currency. Additionally, Koddi verifies its users’ authentication after they log in by utilizing cookies to keep users authenticated and collecting IP addresses, a practice that also prevents brute force attacks. When browsing the Koddi Enterprise Platform, users’ IP addresses are recorded per page view and file uploads. This information is used for security and account auditing; however, this data is not used for remarketing or tracking purposes. Finally, when connecting to a third-party data provider, we store any access tokens associated with connecting to their API.
We rely on data to provide the most efficient, meaningful experiences possible.
That said, we deeply value transparency and accessibility.
Users in the European Union can easily manage the data we collect by:
• Requesting an electronic copy of the personal data we have collected, free of charge.
• Requesting that their data be transmitted to a new controller.
• Requesting that their data be permanently erased.
To make any of the above requests (or to reach out with additional questions) contact us at firstname.lastname@example.org.
We work hard to make sure that your data is protected by the highest levels of security across all of our products and services.
In addition to our internal controls, we also engage third-party specialists to audit our security practices and systems as needed.
We use the following tools to safeguard your information 24/7:
• User passwords and secrets are encrypted using SHA-256 hashing
• Access tokens and secrets for third-party APIs are encrypted using SHA-256 hashing
• All stored IP addresses are encrypted and stored for one year
Personal account information, such as a user’s email addresses and passwords, are stored until the user’s account is removed from Koddi’s Enterprise Platform. Access tokens to third-party APIs vary on a case-by-case basis and are refreshed based on expiration dates sent from the providers. Refresh tokens are stored until the user disables the API connection within the Enterprise platform. Session cookies are destroyed upon logout and are invalidated after 30 minutes of inactivity. Encrypted IP addresses are stored for a year, after which time they are removed from our system.
Koddi may be required to disclose data in response to lawful requests by public authorities, such as national security or law enforcement. We may also disclose your information as required by law to comply with a subpoena, court order, or other legal processes when we believe in good faith that disclosure is necessary for the prevention, detection, or prosecution of criminal acts or to prevent other damage, or in response to legal action, or to enforce our rights and claims.
This policy was last updated on May 14, 2018.
Email us outside the EU: at email@example.com
Within the EU: firstname.lastname@example.org