๐ Privacy Policy
Our Commitment to Your Privacy
At Compassionate Codes, your privacy is as sacred as your vision. We collect only what's needed to deliver exceptional services, with full transparency and compliance with all applicable laws including GDPR, CCPA, PIPEDA, and the Minnesota Consumer Data Privacy Act (effective July 31, 2025).
๐ Information We Collect
Personal Information:
- Contact Data: Name, email address, phone number, business details via contact forms
- Project Data: File uploads, project requirements, collaboration materials
- Payment Information: Billing address, transaction history (processed securely through third-party payment processors)
- Communication Records: Email correspondence, support tickets, feedback, testimonials
- Account Information: Login credentials, preferences, admin access logs
Technical Information:
- Analytics Data: Anonymous usage statistics, page views, session duration (via Google Analytics 4 - 2025 compliant)
- Device Information: IP address, browser type, operating system, device identifiers
- Cookies & Tracking: Essential cookies for functionality, analytics cookies (with consent)
- Security Logs: Access attempts, authentication events, fraud prevention data
๐ซ What We Don't Do
- No Data Sales: We never sell, rent, or share your personal data with third parties for marketing
- No Payment Storage: Credit card details are processed and stored by PCI-compliant payment processors only
- No Invasive Tracking: We limit tracking to essential analytics and avoid fingerprinting techniques
- No AI Training: Your data is not used to train AI models without explicit consent
- No Spam: We don't send unsolicited marketing emails or share your email with marketers
โก How We Use Your Information
- Service Delivery: Project completion, customer support, account management
- Communication: Order updates, technical support, important service announcements
- Legal Compliance: Tax reporting, fraud prevention, regulatory requirements
- Service Improvement: Anonymous analytics to enhance user experience
- Security: Protecting our platform and users from malicious activities
๐ค Third-Party Data Sharing
We share data only with trusted partners under strict contractual obligations:
- Payment Processors: Stripe, PayPal (PCI-compliant processing)
- Cloud Storage: Firebase, Google Cloud (encrypted storage)
- Email Services: EmailJS, Google Workspace (communication)
- Analytics: Google Analytics 4 (anonymized data only)
- Legal Requirements: When required by law, court order, or regulatory authority
๐ก๏ธ Your Rights Under Privacy Laws
Under GDPR, CCPA, Minnesota Consumer Data Privacy Act, and other applicable laws, you have the right to:
- Access: Request a copy of all personal data we hold about you
- Rectification: Correct inaccurate or incomplete information
- Erasure: Request deletion of your personal data (with certain limitations)
- Portability: Receive your data in a machine-readable format
- Restriction: Limit how we process your data
- Objection: Object to processing based on legitimate interests
- Opt-Out: Withdraw consent for marketing communications or data sales
- Non-Discrimination: We won't discriminate against you for exercising your rights
โฐ Data Retention
- Active Accounts: Data retained while account is active
- Closed Accounts: Personal data deleted within 30 days of closure
- Legal Requirements: Some data retained for tax/legal compliance (up to 7 years)
- Analytics Data: Anonymized data retained for 26 months maximum
- Security Logs: Retained for 24 months for fraud prevention
๐จ Minnesota Consumer Data Privacy Act Notice
Effective July 31, 2025, Minnesota residents have enhanced rights under the Minnesota Consumer Data Privacy Act. We have appointed a Chief Privacy Officer to ensure compliance. Contact us at privacy@compassionatecodes.com to exercise your rights.
๐ก๏ธ Security - How We Protect You
2025 Cybersecurity Standards & Zero-Trust Architecture
Your security is our obsession. Updated for 2025 cybersecurity standards, we implement enterprise-grade security using Zero Trust Architecture, AI-enhanced threat detection, and comprehensive data protection measures that exceed industry requirements.
๐ Advanced Data Protection & Encryption
- End-to-End Encryption: All data encrypted with AES-256 encryption at rest and in transit
- TLS 1.3 Protocol: Latest encryption standards for all data transmission
- Key Management: Hardware Security Modules (HSM) for cryptographic key protection
- Database Security: Field-level encryption for sensitive data, encrypted backups
- Quantum-Resistant Cryptography: Preparing for post-quantum security threats
- Data Masking: Sensitive data masked in non-production environments
- Secure File Storage: All uploads scanned for malware before storage
๐ Zero Trust Security Architecture (2025 Standard)
- Never Trust, Always Verify: Every access request authenticated and authorized
- Multi-Factor Authentication (MFA): Required for all admin and sensitive account access
- Adaptive Authentication: Risk-based authentication based on location, device, and behavior
- Microsegmentation: Network isolated into secure zones with minimal access
- Principle of Least Privilege: Users granted minimum necessary permissions only
- Identity Verification: Continuous identity validation throughout sessions
- Device Security: All devices must meet security standards before network access
๐ค AI-Enhanced Threat Detection & Response
- 24/7 AI Monitoring: Machine learning algorithms detect anomalous behavior in real-time
- Behavioral Analytics: AI identifies unusual user patterns and potential threats
- Automated Incident Response: Immediate threat isolation and mitigation
- Predictive Security: AI models predict and prevent potential attack vectors
- Advanced Persistent Threat (APT) Detection: Sophisticated attack pattern recognition
- False Positive Reduction: AI reduces security alert fatigue through intelligent filtering
- Threat Intelligence Integration: Real-time global threat intelligence feeds
๐ Comprehensive Monitoring & Logging
- Security Information Event Management (SIEM): Centralized security event monitoring
- User Entity Behavior Analytics (UEBA): Monitor user and entity behavior patterns
- Network Traffic Analysis: Deep packet inspection and anomaly detection
- Database Activity Monitoring: Track all database access and modifications
- File Integrity Monitoring: Real-time detection of unauthorized file changes
- Vulnerability Scanning: Continuous automated security vulnerability assessment
- Compliance Monitoring: Automated compliance checking against security frameworks
๐ฐ Advanced Perimeter & Network Security
- Next-Generation Firewall (NGFW): Application-aware traffic filtering
- Web Application Firewall (WAF): Protection against OWASP Top 10 vulnerabilities
- DDoS Protection: Multi-layered protection against distributed attacks up to 1TB/s
- Intrusion Detection/Prevention (IDS/IPS): Real-time network threat detection
- DNS Security: Malicious domain blocking and DNS over HTTPS (DoH)
- Content Delivery Network (CDN): Global edge protection and caching
- API Security Gateway: Protection for all API endpoints with rate limiting
๐ Incident Response & Business Continuity (2025 Framework)
- Mean Time to Detection (MTTD): Average 3 minutes for critical threats
- Mean Time to Response (MTTR): Security incidents contained within 15 minutes
- Automated Containment: Immediate isolation of compromised systems
- Forensic Capabilities: Complete digital forensics and evidence preservation
- Business Continuity: 99.9% uptime guarantee with disaster recovery
- Data Recovery: Point-in-time recovery with RPO of 15 minutes
- Communication Protocol: 24-hour breach notification as required by law
๐ Security Certifications & Compliance (2025)
- SOC 2 Type II: Service Organization Control security audit certification
- ISO 27001:2022: International information security management standard
- PCI DSS 4.0: Payment Card Industry Data Security Standard compliance
- NIST Cybersecurity Framework: Implementation of all five framework functions
- GDPR Article 32: Technical and organizational security measures
- CCPA Security Requirements: California Consumer Privacy Act compliance
- FISMA Moderate: Federal Information Security Modernization Act standards
๐ฅ Human Security & Training
- Security Awareness Training: Monthly cybersecurity training for all staff
- Phishing Simulation: Regular phishing tests and remedial training
- Background Checks: Comprehensive screening for all security-sensitive roles
- Privileged Access Management: Strict controls for administrative access
- Insider Threat Program: Monitoring and prevention of insider risks
- Security Culture: Security-first mindset embedded in company culture
- Incident Reporting: Confidential security incident reporting system
๐ฌ Continuous Security Testing & Improvement
- Penetration Testing: Quarterly third-party security assessments
- Red Team Exercises: Annual simulated attack scenarios
- Vulnerability Management: Daily scans with immediate critical patching
- Security Code Review: All code reviewed for security vulnerabilities
- Bug Bounty Program: Responsible disclosure program for security researchers
- Threat Modeling: Security risk assessment for all new features
- Security Metrics: KPI tracking for continuous security improvement
๐ Cloud Security & Infrastructure (2025 Best Practices)
- Cloud Security Posture Management (CSPM): Continuous cloud configuration monitoring
- Container Security: Runtime protection and image vulnerability scanning
- Serverless Security: Function-level security monitoring and protection
- Infrastructure as Code (IaC): Security-hardened infrastructure templates
- Multi-Cloud Security: Consistent security across cloud providers
- Data Loss Prevention (DLP): Prevent unauthorized data exfiltration
- Backup Security: Encrypted, immutable backups with air-gap storage
๐ Security Contact & Reporting
- Security Team Email: security@compassionatecodes.com
- 24/7 Security Hotline: For critical security incidents
- Responsible Disclosure: Coordinated vulnerability disclosure program
- Bug Bounty Platform: Rewards for legitimate security findings
- Encrypted Communication: PGP key available for sensitive security reports
- Response SLA: 4-hour response for critical security issues, 24-hour for standard
๐จ 2025 Cybersecurity Commitment
Zero Tolerance for Data Breaches: Our 2025 security posture implements defense-in-depth strategies, AI-powered threat detection, and Zero Trust Architecture to ensure your data remains secure. We maintain cyber insurance coverage and follow incident response protocols that exceed regulatory requirements. Security isn't just a featureโit's foundational to everything we do.
๐ Terms & Conditions
Clear Terms for a Trusted Partnership
By using Compassionate Codes services, purchasing products, or accessing our website, you agree to these legally binding terms. These terms are governed by Minnesota, USA law and comply with 2025 digital commerce regulations.
1. ๐ Acceptance of Terms
By accessing our website, purchasing products, or using our services, you acknowledge that you have read, understood, and agree to be bound by these Terms & Conditions. If you do not agree, please discontinue use immediately.
2. ๐ข Company Information
- Business Name: Compassionate Codes
- Jurisdiction: Minnesota, United States
- Contact: info@compassionatecodes.com
- Admin Contact: momanyinyangau30@gmail.com
- Business Type: Digital Products & Web Development Services
3. ๐๏ธ Product Licensing & Usage Rights
Digital Products (Templates, Tools, Courses):
- License Grant: Non-exclusive, non-transferable license for personal or commercial use
- Permitted Uses: Modify, customize, and integrate into your projects
- Prohibited Uses: Resale, redistribution, sublicensing, or claiming ownership
- Attribution: Not required but appreciated for templates
- Updates: Lifetime updates included with purchase
- Support: 30-day email support included
4. ๐ Web Development Services
Service Delivery:
- Timelines: Agreed upon during consultation and confirmed in writing
- Revisions: Starter Package (1 round), Standard Package (2 rounds), Premium (3 rounds)
- Content: Client responsible for providing content, images, and copy
- Testing: Cross-browser testing included for modern browsers
- Training: Basic CMS training provided upon delivery
- Maintenance: Optional monthly/quarterly maintenance plans available
5. ๐ Ownership & Intellectual Property Rights
- Client Content: You retain full ownership of your content, branding, and intellectual property
- Custom Code: Upon final payment, you receive license to use (not ownership of source code)
- Third-Party Components: Some components may be licensed from third parties
- Portfolio Usage: We may showcase completed work in our portfolio with permission
- Methodology: Our development processes and methodologies remain our property
6. ๐ฐ Payment Terms
Payment:
- Digital Products: Full payment required before download access
- Services: 50% deposit required, remainder due upon completion
- Accepted Methods: Credit cards, PayPal, bank transfers
- Currency: USD (US Dollars)
- Taxes: Prices exclude applicable taxes
7. โ๏ธ Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW:
- Service Limitations: We're not liable for third-party service failures (hosting, email, etc.)
- Consequential Damages: Not liable for indirect, incidental, or consequential damages
- Maximum Liability: Limited to the amount paid for services or products
- Business Interruption: Not responsible for lost profits or business interruption
- Force Majeure: Not liable for delays due to circumstances beyond our control
- Data Loss: Clients responsible for maintaining their own backups
8. ๐๏ธ Governing Law & Dispute Resolution
- Jurisdiction: Minnesota, USA law governs these terms
- Venue: Disputes handled in Minnesota state or federal courts
- Mediation: Good faith mediation required before litigation
- Class Actions: Class action lawsuits are waived
- Arbitration: Binding arbitration for disputes over $10,000
- Attorney Fees: Prevailing party may recover reasonable attorney fees
๐ฐ Refund Policy
Fair & Transparent Refund Policy (2025 Consumer Protection Compliant)
We stand behind our products and services. This comprehensive refund policy ensures fair treatment for both customers and our business, complying with 2025 consumer protection laws including CCPA, GDPR consumer rights, and state-specific regulations.
๐ท๏ธ Digital Products Refund Policy
๐ฑ Instant Download Products (Templates, Themes, Tools)
- No Refunds After Download: Digital products cannot be "returned" once accessed due to their intangible nature
- Pre-Purchase Clarity: Detailed descriptions, previews, and demos available before purchase
- Technical Issues Exception: 48-hour refund window if product doesn't work as described
- Compatibility Guarantee: Full refund if product is incompatible with stated requirements
- Defective Product Policy: Replacement or refund for genuinely defective digital items
- Duplicate Purchase Protection: Automatic refund for accidental duplicate purchases
๐ ๏ธ Software & Applications
- 7-Day Evaluation Period: Full refund if software doesn't meet your needs (within 7 days of purchase)
- Critical Bug Policy: Refund or replacement if software has critical functionality issues
- System Compatibility: Refund guaranteed if software doesn't work on stated system requirements
- Feature Guarantee: Refund if advertised core features are missing or non-functional
- License Violation Clause: No refund for violations of End User License Agreement
- Update Protection: Continued updates included; no refund for minor version updates
๐ Educational Content & Courses
- 30-Day Satisfaction Guarantee: Full refund within 30 days if not satisfied with course content
- Progress-Based Refunds: Refund available if less than 25% of content accessed
- Quality Assurance: Refund or replacement for poor quality, inaccurate, or incomplete content
- Completion Policy: No refund available after course completion certificate is issued
- Bulk Purchase Terms: Same refund policy applies to bundled course purchases
- Live Session Policy: Refunds for missed live sessions offered as recorded alternatives
๐ Web Development Services Refund Policy
๐ Custom Development Projects
- Deposit Refund Terms: 50% deposit refunded if project canceled before work commences
- Work-in-Progress Billing: Partial refunds calculated based on percentage of work completed
- Client-Initiated Cancellation: Refund minus completed work, administrative fees, and third-party costs
- Our Cancellation Policy: Full refund if we cannot complete project due to our limitations
- Scope Change Protection: Additional work billed separately; original scope remains refundable
- Timeline Extensions: No refund penalties for reasonable timeline adjustments
โก Maintenance & Support Services
- Monthly Plans: Cancel anytime with refund of unused portion (pro-rated daily)
- Annual Plans: Pro-rated refunds for unused months when canceled early
- Service Level Guarantees: Credits or refunds for guaranteed uptime violations
- Plan Changes: Credit differences for mid-cycle upgrades or downgrades
- Emergency Support Fees: Non-refundable emergency call-out charges
- Performance Guarantees: Refund if service doesn't meet stated performance criteria
๐ซ Non-Refundable Items & Exceptions
- Customized Digital Products: Products specifically modified or created for your unique needs
- Extensively Used Products: Digital products downloaded and used beyond reasonable evaluation period
- Subscription Services: Past billing periods of active subscriptions (future periods refundable)
- Third-Party Costs: Domain registrations, hosting fees, SSL certificates, external license fees
- Consultation Services: Time spent on consultations, planning sessions, and strategy meetings
- License Violations: Refunds voided for terms of service or license agreement violations
- Fraudulent Purchases: No refunds for purchases made with fraudulent payment methods
๐ Refund Request Process (2025 Streamlined)
๐ How to Request a Refund
- Contact Our Refund Team: Email refunds@compassionatecodes.com with your request
- Provide Required Information: Include order number, purchase date, reason for refund
- Submit Supporting Documentation: Screenshots, error messages, or other relevant evidence
- Review Process: We'll review your request within 48 hours (24 hours for urgent cases)
- Decision Notification: You'll receive our decision via email with detailed explanation
- Refund Processing: Approved refunds processed within 5-7 business days
๐ณ Refund Processing Methods
- Original Payment Method: Refunds issued to original payment source when possible
- Credit Card Processing: 3-5 business days to appear on your statement
- PayPal Refunds: Instant refund to your PayPal account
- Bank Transfer Refunds: 5-7 business days for international transfers
- Store Credit Option: Immediate store credit for future purchases (optional)
- Cryptocurrency Refunds: Original crypto method with current exchange rates
๐ International Consumer Protection Compliance
๐ช๐บ European Union (Right of Withdrawal)
- 14-Day Cooling-Off Period: EU customers have 14 days to withdraw from digital purchases
- Waiver of Withdrawal Rights: Explicit consent required before immediate digital delivery
- Consumer Protection Directive: Full compliance with EU consumer protection laws
- Distance Selling Regulations: Clear pre-purchase information and withdrawal forms
๐ฆ๐บ Australia (Consumer Guarantee)
- Australian Consumer Law: Refunds required for products not fit for purpose
- No "No Refunds" Policy: Cannot legally refuse refunds for faulty digital products
- Major vs Minor Failures: Different refund rights based on severity of issues
- Supplier Responsibility: We handle all refunds; customers don't need to contact manufacturers
๐บ๐ธ United States (State-Specific Laws)
- California Consumer Protection: Clear refund policy disclosure required
- New York Digital Rights: Specific protections for digital product purchases
- Federal Trade Commission: Compliance with FTC consumer protection guidelines
- State Variations: Different refund requirements across states
๐ก๏ธ Dispute Resolution & Escalation
- Good Faith Discussion: 30-day discussion period before formal dispute procedures
- Management Review: Escalation to management for complex refund situations
- Third-Party Mediation: Independent mediation for unresolved refund disputes
- Small Claims Court: Option for smaller disputes (under $5,000)
- Chargeback Protection: Detailed evidence provided for credit card disputes
- Arbitration Clause: Binding arbitration for disputes over $1,000
๐ Refund Analytics & Transparency
- Refund Rate Tracking: We maintain less than 3% refund rate across all products
- Reason Analysis: Regular analysis of refund reasons to improve products
- Customer Feedback: Refund requests help us identify improvement opportunities
- Quarterly Reports: Internal refund analytics drive product quality improvements
- Prevention Over Refunds: Focus on preventing issues rather than processing refunds
โ ๏ธ 2025 Consumer Rights Update
Enhanced Consumer Protection: This refund policy is updated for 2025 consumer protection laws and digital rights legislation. Purchases are subject to the refund policy in effect at the time of purchase. We'll notify customers of material changes with 30 days notice. For questions about your refund rights, contact refunds@compassionatecodes.com or review your local consumer protection laws.
โ๏ธ Intellectual Property Protection
Comprehensive IP Protection Framework
Updated for 2025 IP regulations and AI-generated content considerations. Our intellectual property is protected under US copyright, trademark, and trade secret laws.
๐๏ธ Copyright Protection
- Original Works: All code, designs, content, and methodologies are original copyrighted works
- Human Authorship: All works created by human authors (not AI-generated)
- Registration: Key works registered with US Copyright Office
- Duration: Protected for the life of author plus 70 years
- Fair Use: Limited use permitted for criticism, comment, or educational purposes
- DMCA Compliance: Full compliance with Digital Millennium Copyright Act
โข๏ธ Trademark Protection
- Brand Name: "Compassionate Codes" is a protected trademark
- Logo & Design: Visual identity elements are trademark protected
- Service Marks: Service descriptions and taglines protected
- Domain Protection: Trademark rights extend to domain names
- Enforcement: Active monitoring and enforcement of trademark rights
๐ Trade Secrets & Proprietary Methods
- Development Processes: Proprietary development methodologies
- Client Lists: Customer information and relationships
- Pricing Strategies: Confidential pricing and business models
- Source Code: Proprietary algorithms and implementations
- Security Measures: Internal security protocols and procedures
๐ก๏ธ IP Indemnification
For Our Clients:
- Defense Commitment: We'll defend against legitimate IP infringement claims
- Coverage Scope: Applies to unmodified deliverables used as intended
- Exclusions: Does not cover client modifications or unauthorized use
- Remedies: Obtain licenses, replace infringing elements, or provide alternatives
- Limitation: Liability capped at fees paid for specific project
๐ฆ Digital Products & E-commerce Terms
2025 Digital Commerce Compliance
Updated for latest e-commerce regulations, digital goods standards, and consumer protection laws. All digital products comply with international digital commerce standards.
๐ Purchase Process
- Account Creation: Optional but recommended for order tracking
- Secure Checkout: PCI-compliant payment processing
- Confirmation: Email confirmation with download instructions
- Access Period: Download links active for 30 days minimum
- Re-downloads: Account holders can re-download purchases
- Support: 30-day email support included with all products
๐ Product Categories & Licenses
๐จ Templates & Themes
- License Type: Extended commercial license
- Usage: Unlimited projects for single purchaser
- Modifications: Full customization permitted
- Resale: Prohibited as standalone products
- Updates: Lifetime updates included
๐ง Tools & Software
- License Type: Single-user software license
- Installation: Up to 3 devices per license
- Commercial Use: Permitted for license holder's business
- Source Code: Included where applicable
- Support Period: 1 year of updates and support
๐ Courses & Educational Content
- Access: Lifetime access to purchased content
- Usage: Personal learning and implementation
- Sharing: Not permitted - individual licenses only
- Certificates: Completion certificates available
- Updates: Course material updates included
๐ก๏ธ DMCA Compliance & Copyright Protection
Digital Millennium Copyright Act Compliance
We fully comply with the DMCA and respect intellectual property rights. This policy outlines our procedures for handling copyright infringement claims and protecting legitimate content.
๐ฎ DMCA Designated Agent
For copyright infringement notifications, contact our designated agent:
- Email: dmca@compassionatecodes.com
- Alternative: legal@compassionatecodes.com
- Subject Line: "DMCA Takedown Notice"
- Response Time: 24-48 hours for valid notices
- Business Hours: Monday-Friday, 9 AM - 5 PM CST
๐ Filing a DMCA Takedown Notice
To file a valid DMCA notice, include ALL of the following information:
- Copyrighted Work: Detailed description of the copyrighted work you believe is being infringed
- Infringing Material: Specific location (URL) of the allegedly infringing content on our site
- Contact Information: Your name, address, telephone number, and email address
- Good Faith Statement: Statement that you have a good faith belief that the use is not authorized
- Accuracy Statement: Statement that the information is accurate and you are the copyright owner or authorized to act
- Signature: Physical or electronic signature of the copyright owner or authorized agent
๐ Counter-Notification Process
If your content was removed and you believe it was a mistake, you may file a counter-notification:
- Identification: Identify the material that was removed and its previous location
- Contact Information: Provide your name, address, telephone number, and email
- Good Faith Statement: State that you have a good faith belief the removal was due to mistake or misidentification
- Jurisdiction Consent: Consent to federal court jurisdiction in your judicial district
- Signature: Include your physical or electronic signature
๐ Legal Contact Information
๐ง Privacy Inquiries
Email: privacy@compassionatecodes.com
Subject: Privacy Request - [Type]
Response Time: 72 hours maximum
Types: Data access, deletion, correction, portability
โ๏ธ Legal Matters
Email: legal@compassionatecodes.com
Subject: Legal Notice - [Matter Type]
Response Time: 48 hours for urgent matters
Types: DMCA, IP disputes, contract issues
๐ฐ Refund Requests
Email: refunds@compassionatecodes.com
Subject: Refund Request - [Order Number]
Response Time: 48 hours
Types: Product refunds, service cancellations
๐ก๏ธ Security Reports
Email: security@compassionatecodes.com
Subject: Security Report - [Severity]
Response Time: 24 hours for critical issues
Types: Vulnerabilities, data breaches, incidents
๐ Business Address
Compassionate Codes
Jurisdiction: Minnesota, United States
Business Registration: Compliant with Minnesota business laws
Tax ID: Available upon legitimate request
โฐ Response Times & Service Level
- Critical Security Issues: 24 hours maximum
- DMCA Notices: 24-48 hours
- Privacy Requests: 72 hours (30 days for complex requests)
- Refund Requests: 48 hours review, 5-7 days processing
- Legal Notices: 48 hours for urgent, 5 business days for standard
- General Inquiries: 24-48 hours during business days