Skip to Content

Politica de confidențialitate

Last updated: May 2026

Last updated: May 2026

1. Who We Are (Controller Identity)

CodifyAI ("we", "us", "our") is an independent software services provider offering Odoo Community implementation, custom module development, managed hosting, and related technical services.

CodifyAI is operated by CODIFY AI SRL, a Romanian limited liability company registered with CUI 51174729 and Trade Register number J2025004646003. Registered address: 681 CAM. 2, 307102, Sat Checea, Timiș, Romania.

  • Trading name: CodifyAI
  • Legal entity: CODIFY AI SRL
  • CUI: 51174729
  • Trade Register: J2025004646003
  • Country: Romania (EU)
  • Registered address: 681 CAM. 2, 307102, Sat Checea, Timiș, Romania
  • Privacy contact: [email protected]
  • General contact: [email protected]
  • Data Protection Officer: CodifyAI has not designated a separate Data Protection Officer. Privacy and data protection requests may be submitted to [email protected].

CodifyAI acts as data controller for personal data collected through this website, customer accounts, shop, and contact forms. CodifyAI may act as data processor when hosting Odoo environments on behalf of customers — see Section 10.

2. Data We Collect and Why

a) Contact and enquiry data

When you submit a contact form or email us, we collect: name, company name, email address, phone number (if provided), and the content of your message.

Purpose: Responding to your enquiry and providing requested information.
Lawful basis: Legitimate interests (Art. 6(1)(f)) — responding to business enquiries.

b) Account and customer data

When you create an account, purchase a module, or subscribe to a hosting plan, we collect: name, email address, company name, billing address, VAT number (if applicable), and a hashed login password.

Purpose: Account management, service delivery, invoicing, subscription management.
Lawful basis: Contract performance (Art. 6(1)(b)).

c) Order and payment data

We collect order details, invoice records, and payment references. Full payment card data is processed exclusively by our payment service provider — CodifyAI does not store payment card numbers.

Purpose: Processing payments, issuing invoices, fulfilling orders, tax compliance.
Lawful basis: Contract performance (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c)) for accounting records.

d) SaaS tenant provisioning data

When you purchase a hosted Odoo plan, we collect the information needed to create and manage your instance: subdomain or database name, tenant owner name and email, and technical configuration choices.

Purpose: Creating and operating your hosted Odoo environment.
Lawful basis: Contract performance (Art. 6(1)(b)).

e) Cookie and consent data

We record your cookie consent preferences (see Section 6 and our Cookie Policy).

Lawful basis: Consent (Art. 6(1)(a)) for optional cookies; legitimate interests for consent record-keeping.

f) Technical / server log data

Our servers automatically record IP addresses, timestamps, HTTP request paths, user agent strings, and error codes.

Purpose: Security monitoring, abuse prevention, performance optimisation.
Lawful basis: Legitimate interests (Art. 6(1)(f)).

3. Who We Share Your Data With

We share personal data only where necessary to provide our services:

  • Payment processor: CodifyAI may use a third-party payment service provider to process payments. Your payment card data is not stored by CodifyAI.
  • Hosting infrastructure provider: CodifyAI uses EU-based server infrastructure to host the website, customer databases, and SaaS environments.
  • Email delivery provider: A third-party email delivery service may be used to send transactional emails such as invoices and account confirmations.
  • Tax and legal authorities: We may share data with Romanian fiscal or legal authorities where required by applicable law.
  • Professional advisors: Accountants, lawyers, and auditors — under strict confidentiality obligations.

We do not sell personal data. We do not share personal data with advertisers or data brokers.

Further information about the providers CodifyAI uses is available on our Data Processing Information page.

4. International Transfers

CodifyAI primarily processes personal data within the EU/EEA using EU-based hosting infrastructure. Where any service provider operates outside the EU/EEA, CodifyAI takes steps to ensure appropriate transfer mechanisms are in place, such as adequacy decisions recognised by the European Commission or Standard Contractual Clauses. Provider details may be found on the Data Processing Information page and may be updated from time to time.

5. Data Retention

Retention periods depend on the type of data, the purpose of processing, contractual needs, security requirements, legal obligations, accounting rules, and the need to establish or defend legal claims. CodifyAI keeps personal data only for as long as reasonably necessary for these purposes, unless a longer retention period is required by applicable law.

  • Contact form messages: Up to 3 years from last contact, unless you request earlier deletion.
  • Customer accounts: Duration of active relationship, then retained as long as required for accounting and legal obligations.
  • Invoices and financial records: Up to 10 years in accordance with applicable Romanian fiscal and accounting law.
  • SaaS tenant data: Active subscription period, then up to 30 days after termination for data export before deletion, unless a different period is stated in the applicable agreement.
  • Cookie consent records: Up to 3 years.
  • Server logs: Up to 90 days.

6. Cookies

We use cookies and similar technologies. Necessary cookies enable core site functionality (login, cart, CSRF protection) and do not require consent. Optional cookies (functional, analytics, marketing) are only activated after you give consent via the cookie consent banner.

Full details including cookie names, providers, and expiry are in our Cookie Policy. You can manage your preferences at any time using the Cookie Settings tool.

7. Security

We implement technical and organisational measures appropriate to the risks, including:

  • SSL/TLS encryption for all data in transit
  • Secure password hashing
  • EU-hosted infrastructure with access controls
  • Daily encrypted backups
  • Restricted staff access on a need-to-know basis

In the event of a personal data breach that is likely to result in a risk to individuals, we will notify the ANSPDCP within 72 hours of becoming aware, as required by GDPR Article 33.

8. Your Rights

Under GDPR, you have the rights of: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection (Art. 21). You also have the right to withdraw consent at any time where processing is based on consent, and the right to lodge a complaint with the ANSPDCP (www.dataprotection.ro).

Full details and how to submit a request: Your Data Rights. Registered customers can also submit requests via the customer portal.

9. Automated Decision-Making

CodifyAI does not currently make automated decisions that produce legal or similarly significant effects on individuals. If this changes, this Privacy Policy will be updated accordingly.

10. CodifyAI as Data Processor (Hosted Tenants)

When CodifyAI provides managed hosting for your Odoo environment, your organisation is the data controller and CodifyAI acts as a data processor for personal data stored inside your tenant. CodifyAI processes that data only to provide the hosting and support service. Customers are responsible for ensuring lawful processing of personal data inside their tenant. A Data Processing Agreement can be provided — see our Data Processing Information page.

11. Children's Data

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact [email protected].

12. Changes to This Policy

We may update this Privacy Policy. Material changes will be communicated via the website or by email to registered customers. The date at the top of this page reflects the most recent update.

13. Contact

For privacy questions or to exercise your data rights: [email protected]

Supervisory authority: ANSPDCP — www.dataprotection.ro

Odoo® is a registered trademark of Odoo S.A. CodifyAI is an independent services provider and is not affiliated with, endorsed by, sponsored by, or officially connected with Odoo S.A. The use of "Odoo" on this website refers solely to the open-source Odoo Community software published under the LGPL-3 licence.