LEGAL
Last updated: 2026-04-24 · Version: 1.0
This privacy policy describes how Codefunded Services sp. z o.o. processes personal data collected through the website codefunded.com, its subdomains ("Website"), and related communication channels.
Processing is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation - "GDPR") and the Polish Act on Electronic Communication of 12 July 2024.
The controller of personal data is Codefunded Services spółka z ograniczoną odpowiedzialnością, with its registered office at ul. Mogilska 43, 31-154 Kraków, Poland, entered into the Register of Entrepreneurs of the National Court Register under KRS number 0001023704, NIP PL6751779056, REGON 524688835, share capital 5,000 PLN (hereinafter "Codefunded", "we", "us", "our").
Contact:
When you submit the contact form on our Website ("Start a conversation" - name, email, free-text message) or reach out to us by email, we process your personal data to respond to your inquiry and conduct related business communication. The legal basis is our legitimate interest (Article 6(1)(f) GDPR) in handling inbound correspondence, or - where the inquiry initiates pre-contractual steps - Article 6(1)(b) GDPR.
Providing your name and email is voluntary but necessary for us to reply. Data is retained for 12 months from the last message in the exchange. If the inquiry leads to a contractual relationship, retention is extended for the duration of the contract, the limitation period for related claims, and the tax archival period (typically 5 years from the end of the relevant fiscal year).
When you book a call through our scheduling tool (Google Calendar / Google Workspace appointment scheduling), we process your name, email address, the chosen time slot, timezone, and any notes you voluntarily provide. The purpose is to arrange and conduct the meeting. The legal basis is our legitimate interest in responding to a business inquiry (Article 6(1)(f) GDPR) or, where the meeting is part of pre-contractual steps, Article 6(1)(b) GDPR. Retention: 12 months from the meeting date, unless the engagement progresses - in which case the contract-performance retention rule applies.
When you use the Website, we may process your IP address (truncated where possible), device type, browser type and version, pages visited, referrer, interaction events, and - where you have consented - session recordings. The purpose is to understand aggregate Website usage, improve functionality and content, debug issues, and protect against abuse.
Data is retained for 12 months. Session recordings are retained for the lifetime set in the analytics tool (typically up to 12 months).
Where you consent, we may process identifiers set by LinkedIn (LinkedIn Insight Tag) and Google (Google Ads / Google Analytics tags) to measure the performance of our advertising campaigns, attribute conversions, and build audiences for remarketing. The legal basis is your consent (Article 6(1)(a) GDPR). Consent can be withdrawn at any time via the cookie consent mechanism on the Website. Retention follows the default retention of the respective platforms, generally up to 13 months.
When we engage with you as a client, prospect, partner, or supplier, we process business contact data, identifiers, contract details, correspondence, project deliverables, and billing information. The legal bases are:
Retention: duration of the engagement + the limitation period for related claims under Polish civil law + the tax archival period (5 years from the end of the relevant fiscal year).
Your personal data may additionally be processed:
The legal basis is Article 6(1)(c) GDPR (legal obligation) or Article 6(1)(f) GDPR (legitimate interest in the defense of claims and in operational resilience).
We process the following categories of personal data:
We do not knowingly process special categories of personal data (Article 9 GDPR) or data of children under 16. Please do not submit such data via the Website.
We may share your personal data with:
A current master list of processors is maintained internally and can be provided on request by writing to contact@codefunded.com.
Some of our processors are located outside the European Economic Area (EEA), primarily in the United States. Where such transfers occur, they are made on the basis of:
We only transfer data when necessary for the purposes described in this policy and when appropriate safeguards are in place. You may request a copy of the relevant safeguards by contacting contact@codefunded.com.
The Website uses cookies and similar technologies (local storage, pixels) to operate the site, remember your preferences, measure usage, and - subject to your consent - measure advertising performance.
Categories used on the Website:
Non-essential cookies are loaded only after you provide consent through the consent mechanism on the Website. You can change or withdraw your consent at any time via , or by adjusting your browser settings to block or delete cookies. Information on managing cookies is available at allaboutcookies.org.
For details on how individual vendors process cookie data, consult their privacy notices:
| Tool | Cookie / storage | Purpose | Lifetime |
|---|---|---|---|
| PostHog | ph_* cookies and localStorage | Product and website analytics, session recording | Up to 12 months |
| Google Tag Manager / GA4 | _ga, _ga_*, _gid, _gat | Marketing measurement and advertising | Up to 13 months (platform default) |
| Cloudflare Turnstile | Cloudflare challenge cookies | Bot protection (essential, no consent required) | Session |
| Consent decision | cdfd-consent-v1 (localStorage, not a cookie) | Remember your cookie choice | 12 months |
Under the GDPR you have the right to:
To exercise any of these rights, contact us at contact@codefunded.com. We will respond within the statutory period (typically 30 days, extendable by up to two further months for complex requests, with prior notice).
We do not make decisions that produce legal effects concerning you, or similarly significantly affect you, based solely on automated processing, including profiling (Article 22 GDPR).
We operate a company profile on LinkedIn. When you interact with our LinkedIn page or content, LinkedIn processes your data according to its own privacy policy.
For statistical insights about our page (LinkedIn Page Insights), we act as a joint controller with LinkedIn Ireland Unlimited Company within the meaning of Article 26 GDPR. The essence of the joint-controller arrangement is available at:
For all other processing carried out by LinkedIn - including profile, feed, and advertising operations - LinkedIn acts as an independent controller. Please refer to LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy for details.
We do not operate Facebook or Instagram company profiles.
The Website may contain links to third-party websites, services, or resources. We are not responsible for the privacy practices of those third parties. We recommend reading the privacy policy of any external site you visit.
We apply appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, and disclosure, including access controls, encryption in transit, logging, backups, and vendor due diligence for processors.
We may update this privacy policy to reflect changes in our processing activities, legal requirements, or business operations. Updates will be published on this page with an updated "Last updated" date and version number. For material changes, we will display a prominent notice on the Website and, where appropriate, notify affected individuals directly.