Privacy Policy

Your privacy is important to us. This policy explains how Code God collects, uses, and protects your personal information in accordance with Uganda's data protection laws and international standards.

ISO/IEC 27001 Certified
NITA-U PDPO Compliant
Data Protection
Table of Contents

1. Introduction

Code God ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services, visit our website, or interact with us.

This policy applies to all services provided by Code God, including software development, training programs, ICT consulting, web hosting, and related services.

Last Updated: July 18, 2025

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

  • Contact Information: Name, email address, phone number, postal address
  • Business Information: Company name, job title, business address, industry
  • Identity Information: Government-issued ID numbers, professional licenses (when required)
  • Financial Information: Billing address, payment preferences, transaction history
  • Professional Information: Resume, portfolio, skills, certifications, work history

2.2 Payment and Financial Data

Credit Card Information: We securely store encrypted credit card details including card numbers, expiry dates, and CVV codes for recurring payments and future transactions. All payment data is processed in compliance with PCI DSS standards.
  • Credit card numbers (encrypted)
  • Expiration dates
  • Cardholder names
  • Billing addresses
  • Payment history and transaction records

2.3 Technical Information

We automatically collect technical information to improve our services:

  • IP Addresses: Your internet protocol address for security and location-based services
  • MAC Addresses: Device hardware addresses for network authentication and service optimization
  • Device Information: Browser type, operating system, device model, screen resolution
  • Usage Data: Pages visited, time spent, clicks, downloads, search queries
  • Location Data: General geographic location based on IP address

2.4 Communication Records

  • Email correspondence
  • Phone call recordings (with consent)
  • Chat messages and support tickets
  • Meeting notes and project communications

3. How We Use Your Information

3.1 Service Delivery

  • Providing software development and consulting services
  • Delivering training programs and educational content
  • Managing web hosting and technical support
  • Processing payments and managing billing

3.2 Service Personalization

Tailored Services: We use IP addresses and MAC addresses to identify your location and device preferences, enabling us to provide customized service recommendations and optimize our offerings for your specific needs.
  • Customizing service recommendations based on your location and preferences
  • Optimizing website performance for your device and connection
  • Providing relevant content and training materials
  • Personalizing communication and marketing messages

3.3 Business Operations

  • Managing customer relationships and support
  • Conducting market research and service improvement
  • Compliance with legal and regulatory requirements
  • Fraud prevention and security monitoring

3.4 Communication

  • Responding to inquiries and support requests
  • Sending service updates and notifications
  • Marketing communications (with your consent)
  • Important policy and terms updates

4. Data Storage & Security

4.1 ISO/IEC 27001 Certification

ISO/IEC 27001 Certified: Code God is certified under ISO/IEC 27001:2013, the international standard for information security management systems. This certification demonstrates our commitment to maintaining the highest levels of information security.

Our ISO/IEC 27001 certification ensures:

  • Systematic approach to managing sensitive information
  • Regular security risk assessments and management
  • Continuous improvement of security controls
  • Regular third-party audits and compliance verification

4.2 Data Storage Practices

  • Location: Data is stored in secure data centers within Uganda and approved international locations
  • Encryption: All sensitive data is encrypted at rest and in transit using industry-standard encryption
  • Access Controls: Strict access controls and authentication mechanisms protect your data
  • Backup and Recovery: Regular backups ensure data availability and integrity

4.3 Security Measures

  • Multi-factor authentication for all administrative access
  • Regular security audits and penetration testing
  • Employee security training and background checks
  • Incident response and breach notification procedures
  • Continuous monitoring and threat detection systems

4.4 Data Retention

We retain your personal information for the following periods:

  • Client Data: 7 years after contract completion (as required by law)
  • Financial Records: 10 years for tax and regulatory compliance
  • Marketing Data: Until you withdraw consent or request deletion
  • Technical Logs: 2 years for security and troubleshooting purposes

5. Information Sharing and Disclosure

5.1 When We Share Information

We may share your information in the following circumstances:

  • Service Providers: With trusted third-party vendors who assist in service delivery
  • Legal Compliance: When required by law, regulation, or legal process
  • Business Transfers: In case of merger, acquisition, or sale of assets
  • Protection of Rights: To protect our rights, property, or safety, or that of others
  • Consent: When you provide explicit consent for specific sharing

5.2 Third-Party Service Providers

We work with the following types of service providers:

  • Payment processors and financial institutions
  • Cloud hosting and infrastructure providers
  • Email and communication service providers
  • Analytics and marketing platforms
  • Security and fraud prevention services

5.3 International Transfers

When transferring data internationally, we ensure:

  • Adequate protection through approved transfer mechanisms
  • Compliance with Uganda's data protection requirements
  • Contractual safeguards with international partners
  • Regular monitoring of international data handling practices

6. Your Rights

6.1 Data Subject Rights

Under Uganda's data protection laws, you have the following rights:

  • Right to Access: Request copies of your personal information
  • Right to Rectification: Request correction of inaccurate information
  • Right to Erasure: Request deletion of your personal information
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Request transfer of your data to another service
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for specific processing activities

6.2 How to Exercise Your Rights

To exercise your rights, contact us at:

  • Email: privacy@codegod.africa
  • Phone: +256 704 210 672
  • Address: Data Protection Officer, Code God, PoBox 312442 Mbale City, Uganda

6.3 Response Time

We will respond to your requests within 30 days of receipt. Complex requests may take up to 90 days, and we will inform you of any delays.

7. Regulatory Compliance

7.1 NITA-U Personal Data Protection and Privacy Ordinance (PDPO)

NITA-U PDPO Compliance: Code God is fully compliant with Uganda's Personal Data Protection and Privacy Ordinance (PDPO) as administered by the National Information Technology Authority Uganda (NITA-U).

Our compliance includes:

  • Registration with NITA-U as a data controller and processor
  • Implementation of technical and organizational security measures
  • Appointment of a qualified Data Protection Officer
  • Regular compliance audits and assessments
  • Incident reporting and breach notification procedures
  • Staff training on data protection requirements

7.2 International Standards

In addition to local compliance, we adhere to international standards:

  • ISO/IEC 27001: Information security management systems
  • PCI DSS: Payment card industry data security standards
  • GDPR Principles: Where applicable for international clients
  • SOC 2 Type II: Security, availability, and confidentiality controls

7.3 Legal Basis for Processing

We process your personal information based on the following legal grounds:

  • Consent: When you provide explicit consent
  • Contract: To fulfill contractual obligations
  • Legal Obligation: To comply with legal requirements
  • Legitimate Interests: For business operations and service improvement

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

  • Essential Cookies: Required for website functionality
  • Performance Cookies: Help us improve website performance
  • Functional Cookies: Remember your preferences and settings
  • Marketing Cookies: Used for targeted advertising (with consent)

8.2 Tracking Technologies

We use various tracking technologies to improve our services:

  • Web Beacons: Small transparent images to track email opens
  • Pixel Tags: Monitor user behavior and conversions
  • Local Storage: Store preferences and session information
  • Analytics Tools: Google Analytics, heat mapping, and user session recording

8.3 Managing Cookies

You can control cookies through:

  • Browser settings to block or delete cookies
  • Our cookie preference center
  • Opt-out tools provided by third-party services
  • Industry opt-out mechanisms

9. Children's Privacy

Our services are not directed to children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

For training programs involving minors, we require:

  • Written parental or guardian consent
  • Limited data collection to essential information only
  • Enhanced security measures for minor's data
  • Regular consent verification

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our services or business practices
  • Updates to applicable laws and regulations
  • Improvements to our security measures
  • Feedback from users and stakeholders

We will notify you of significant changes through:

  • Email notifications to registered users
  • Prominent notices on our website
  • Updates to our mobile applications
  • Direct communication for material changes

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Officer

Email: privacy@codegod.africa
Phone: +256 704 210 672
Address: PoBox 312442 Mbale City, Uganda

Company Information

Company: Code God
Registration: Uganda Company Registry
URSB Business Registration No: 80034615346741

Response Time: We aim to respond to all privacy-related inquiries within 72 hours. Complex requests may take up to 30 days for full resolution.