Privacy Policy
Plain-English version: we collect only what we need to do our work, we don't sell your data, and you can reach out any time to see, correct, or delete what we hold.
Information We Collect
We collect only what we need to deliver our services and run a small business responsibly.
When you reach out through the contact form or by email, we collect the details you choose to share — typically your name, work email, company, project description, and any context you provide about budget or timeline.
When you use our client portal, we collect basic account data (email, role) and the operational data tied to your engagement: project status, QA reports, security findings, deployment events.
When you browse the site, we collect standard request metadata: IP address, browser type, device type, pages visited, and approximate location at the country level. This is used for diagnostics and aggregate usage analytics — never to build a profile of you as an individual.
How We Use Your Information
We use the information you give us to respond to inquiries, scope projects, deliver agreed-upon services, send invoices, and provide support after launch.
We use site analytics in aggregate to understand which content is useful, which pages have problems, and where to invest. We do not sell or rent personal data, and we do not share it with third parties for their own marketing.
Legal Bases for Processing
We process personal data on one of these grounds:
- Contract — to deliver the engagement you've signed up for.
- Legitimate interest — to operate our business, secure our systems, and improve our services in ways you would reasonably expect.
- Consent — for optional cookies and any marketing you specifically opt into. You can withdraw consent at any time.
- Legal obligation — to comply with tax, accounting, and other applicable law.
Data Security
We treat your data the way we'd want our own treated. That means encryption in transit (TLS) and at rest where supported by the storage provider, role-based access on internal systems, audit logs on production access, and a documented incident-response process.
Security is central to our business — we apply the same discipline and practices we recommend to clients. No system is perfectly safe, but we take deliberate steps to keep risk low and to tell you quickly if something goes wrong.
Data Retention
We keep personal data only as long as we need it for the purpose it was collected, plus any period required by law (typically tax and accounting records: up to 7 years).
Project data is retained for the duration of the engagement and for a defined period afterwards as set out in your contract. After that, we delete or anonymise it on request or on our schedule, whichever comes first.
Your Rights
Depending on where you live, you may have some or all of these rights:
- Access the personal data we hold about you.
- Correct anything that's wrong or out of date.
- Ask us to delete data we no longer need to keep.
- Receive a copy of your data in a portable format.
- Object to certain types of processing, or restrict it.
- Withdraw consent for any processing that depends on it.
To exercise any of these rights, email us at contact@qodetrust.com. We respond within 30 days. We may need to verify who you are first — that's a feature, not a bug.
Third-Party Services
We use a short list of vendors to run our business. Each is bound by their own contracts and privacy obligations:
- Hosting and email — to serve this site and our work email.
- Analytics — to understand site usage at an aggregate level.
- Payments and accounting — for invoicing clients (no card data touches our servers).
We're happy to share the current list on request — email contact@qodetrust.com.
International Data Transfers
QodeTrust is based in Accra, Ghana, and we work with clients worldwide. Some of the providers we use to run the business store or process data outside Ghana — for example, in the European Union or the United States.
Where personal data leaves Ghana, we rely on providers that offer appropriate safeguards (for example, EU Standard Contractual Clauses or equivalent). If you have questions about how a specific provider handles your data, contact us.
Changes to This Policy
This is the MVP version of our privacy policy. As our services evolve, we may update this policy to reflect new practices or changes in applicable law. When we make material changes, we'll update the effective date and notify you directly where appropriate.
Contact Us
Questions, requests, or concerns? Email contact@qodetrust.com.
QodeTrust is operated from Accra, Ghana.
Last updated: 20 May 2026
Questions about your data?
Email us at contact@qodetrust.com. We answer privacy and data-rights requests within 30 days.
Email Privacy Team