Privacy Policy

Effective date: 2026-03-01 · Last updated: 2026-03-01

This Privacy Policy describes how Codreum (“we”, “us”) collects, uses, shares, and protects information when you use our websites, customer portal, and related Services (collectively, the “Services”).

Product architecture (enterprise design)

Codreum does not collect your customers’ production DNS query traffic. Our product is designed so operational telemetry and logs used for monitoring remain inside your AWS account (for example, in Route 53 and CloudWatch) under your control.
We may process limited account, portal, licensing, and security data needed to operate the customer portal, subscriptions, and support (for example, authentication identifiers, billing status, support submissions, and security logs).
If you enable optional features that send data to Codreum-managed services, or if you submit content to us (for example, support messages/attachments), we process that data as described in this Policy.

Contents 1. Scope 2. Information we collect 3. How we use information 4. Legal bases (where applicable) 5. How we share information 6. Cookies and analytics 7. Data retention 8. Security 9. Your choices and rights 10. International transfers 11. Children’s privacy 12. Changes 13. Contact

Quick view

We collect account, portal usage, and security logs to operate and secure Codreum.
Operational telemetry for monitoring is designed to remain inside your AWS account (no collection of customer production DNS query traffic).
We don’t sell personal information and we don’t share it for cross-context behavioral advertising.

1. Scope

This Policy applies to information collected through our websites and customer portal (including pages such as Contact, Knowledge Base, Documentation, and My Cases) and through the Services we provide. It does not apply to third-party websites, products, or services that may be linked or integrated with Codreum.

2. Information we collect

We collect information in the following categories:

Category	Examples	Why we collect it
Account information	Name, email address, organization name, authentication identifiers, role/permission data	To create and manage accounts, provide authentication, authorize access, and communicate with you
Portal usage & telemetry	Feature usage, pages viewed, configuration metadata, API calls, UI events, performance metrics	To operate, maintain, and improve the Services; to troubleshoot and provide support
Monitoring configuration & results	Targets you choose to monitor, check parameters, alert destinations, status and timing data	To deliver monitoring, alerting, and reporting features. Operational telemetry for monitoring is designed to remain in your AWS account under your control.
Device & log data	IP address, user agent, timestamps, diagnostic logs, security events	To secure the Services, prevent abuse, and investigate incidents
Support communications	Messages, attachments, and details you provide when contacting support	To respond to requests and improve support quality
Billing and transaction data	Subscription status, invoices, billing address, tax/VAT information (as applicable)	To process payments, manage subscriptions, handle taxes, and maintain accounting records

Payment details: Payments are processed by a third-party processor or marketplace. We receive confirmation and limited transaction details (e.g., plan, status, and timestamps) but do not store full card numbers.

3. How we use information

We use information to:

Provide, operate, and maintain the Services (including DNS monitoring, alerting, and reporting).
Authenticate users, manage access, and enforce security controls.
Process subscriptions, invoices, renewals, and (where applicable) taxes.
Detect, prevent, and investigate fraud, abuse, and security incidents.
Improve and develop new features, including performance and reliability improvements.
Communicate with you about service updates, security notices, and support responses.
Comply with legal obligations and enforce our Terms.

4. Legal bases (where applicable)

If you are in a jurisdiction that requires legal bases (such as the EEA/UK), we process personal information on the following bases:

Contract: to provide the Services you request.
Legitimate interests: to secure, maintain, and improve the Services, and prevent fraud/abuse.
Consent: where we ask (e.g., certain cookies or marketing messages, if enabled).
Legal obligation: to comply with applicable laws (tax, accounting, lawful requests).

We may share information as follows:

Service providers: vendors who help operate the Services (hosting, monitoring, email delivery, analytics, support tooling).
Payment processors and marketplaces: to process payments and manage subscriptions.
Legal and safety: when required by law, subpoena, court order, or to protect rights, safety, and security.
Business transfers: in connection with a merger, acquisition, financing, or sale of assets (with appropriate safeguards).

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

6. Cookies and analytics

We may use cookies and similar technologies to keep you signed in, remember preferences, and understand how the Services are used. Some cookies are necessary for the Services to function.

Where required by law, we will ask for your consent before using non-essential cookies (for example, certain analytics cookies). You can also control cookies through your browser settings.

7. Data retention

We retain information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, and for legitimate business purposes. Retention periods vary based on the type of data and context.

Typical retention targets (may vary)

Security logs (including IP address and user agent): typically retained for up to 90 days, and longer if needed for an active investigation.
Support communications: typically retained for up to 24 months after the last interaction, or longer if attached to an ongoing case/contract.
Account data: retained while your account is active; after closure we delete or anonymize within a reasonable period unless retention is required by law or for security.
Billing/tax records: retained for the period required by applicable law.

If these targets don’t match your internal retention policy, update them to your actual operational/legal requirements.

8. Security

We implement commercially reasonable safeguards designed to protect information against unauthorized access, alteration, disclosure, or destruction. No method of transmission or storage is 100% secure.

9. Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, or restrict processing of your personal information, and to object or request portability. We will not discriminate against you for exercising privacy rights.

EEA/UK (GDPR/UK GDPR)

Access, rectification, erasure, restriction: request a copy, correct, delete, or restrict use of your personal data.
Objection: you may object to certain processing (including processing based on legitimate interests).
Portability: you may request a portable copy of certain information.
Withdraw consent: where we rely on consent, you may withdraw it at any time (it won’t affect prior processing).
Complaint: you may lodge a complaint with your local supervisory authority.

United States (state privacy laws, where applicable)

Access/know: you may request information about the personal information we collect and how we use it.
Delete: you may request deletion of certain personal information.
Correct: you may request correction of inaccurate personal information.
Opt-out: where applicable, you may opt out of certain processing such as targeted advertising. Codreum does not sell personal information and does not share it for cross-context behavioral advertising.
Authorized agent: you may use an authorized agent to submit a request where permitted by law.
Non-discrimination: we will not deny services or provide a different quality of service because you exercise your rights.

How to exercise rights

Account settings: you can update certain profile information through the portal.
Requests: email us using the contact details below. We may need to verify your identity before fulfilling requests.
Marketing: if we send marketing emails, you can opt out using the unsubscribe link.

10. International transfers

We may process and store information in countries other than your own, including where our service providers operate. Where required, we use appropriate safeguards for cross-border transfers.

11. Children’s privacy

The Services are not directed to children under 16 (or the age of digital consent). We do not knowingly collect personal information from children.

12. Changes

We may update this Policy from time to time. We will post the updated version and update the “Last updated” date. If changes are material, we may provide additional notice.

13. Contact

Codreum
Address: [Company Address]
Email: support@codreum.com