Privacy Policy

MVP & Turnkey Product Development
AI Workflows & Automations
Design That Converts

Book a Consultation
Book a Consultation
Get Instant Quote
Get Instant Quote

1) Who We Are

This Privacy Policy explains how Codemix (real company name Whitebox Studio SIA), Reg. No. 50103955581,Ezerparka iela 8, Berģi, Garkalnes pag., Ropažu nov., LV-1024 (the “Company”, “we”, “us” or “our”) collects, uses, and stores personal data.

For privacy questions, contact: privacy@codemix.dev,+371 20570057.
Data Protection Officer (DPO): Aleksejs Popjonoks.

2) How we collect data

  • Meta Lead Ads forms (Facebook/Instagram): when you submit your name, phone, email, company details, and project ideas. Meta acts as a separate controller for its platform; we are the controller for subsequent processing.
  • Website forms: contact, consultation booking, demo requests.
  • Email/phone/meetings: when you voluntarily provide information.
  • Cookies and similar technologies: technical and analytics data (e.g., IP address, device, browser, pages viewed).
  • Public sources/partners: where needed to process your request (e.g., to prepare an application for a state support program).

    • 3) Categories of Personal Data

  • Identification & contact: name, surname, email, phone.
  • Company information: company name, registration number, industry, role, team size.
  • Project information: your goals and project description (e.g., ERP integration, AI chatbot, RPA).
  • Communications: emails, meeting notes, proposals, contracts.
  • Technical/analytics: IP, device type, browser, session IDs, referral source, cookie consent preferences.
  • Billing/contract data (for clients): invoices, payments, contract details.

    • 4) Purposes and Legal Bases (GDPR)

  • Responding to inquiries & pre-contract steps (Art. 6(1)(b)): to contact you, prepare proposals, ROI estimates, or grant applications.
  • Contract performance & client support (Art. 6(1)(b)): project delivery, implementation, and ongoing support.
  • Marketing with consent (Art. 6(1)(a)): emails, calls, campaign segmentation. You can withdraw consent at any time.
  • Legitimate interests (Art. 6(1)(f)): sales-funnel analytics, service quality improvement, information security, fraud prevention, permitted remarketing (according to your cookie settings).
  • Legal obligations (Art. 6(1)(c)): accounting, tax, and regulatory requirements.

    • 5) Cookies & Tracking

    We use:
    • Strictly necessary cookies – site functionality and security.
    • Analytics cookies – aggregated usage statistics (e.g., GA4).
    • Marketing cookies – to deliver more relevant ads (e.g., Meta Pixel).

    6) Sharing Your Data

    We share data only when necessary and with appropriate safeguards:

    • Hosting & IT maintenance (cloud services, email, backups).
    • CRM & marketing tools (e.g., CRM, email service providers, calling tools).
    • Analytics & advertising platforms (e.g., Meta, Google) — typically as separate controllers.
    • Accounting/legal — to meet legal requirements.
    • Public authorities/partners — if required to fulfill your request (e.g., submitting an application to a state program).

    We sign GDPR-compliant processor agreements (Art. 28) with all processors that handle personal data on our behalf.

    7) International Data Transfers

    If data is transferred outside the EEA, we ensure appropriate safeguards under GDPR, such as EU Standard Contractual Clauses (SCCs) and, where necessary, additional measures. We will inform you of specific non-EEA recipients upon request.

    8) Retention Periods

    We keep data only as long as needed for the stated purposes or as required by law:

    • Leads/inquiries (no contract): up to 24 months from last interaction or until consent is withdrawn.
    • Marketing consents: until withdrawn.
    • Contractual data (clients): for the contract term + 5–10 years to meet accounting and limitation requirements.
    • Cookie data: according to your consent settings and each cookie’s lifetime.

    9) Security

    We apply technical and organizational measures: encrypted transmission (and, where applicable, encrypted storage), access controls on a need-to-know basis, audit logs, staff training, regular backups, and incident response procedures.

    10) Your Rights

    Subject to GDPR, you have the right to access, rectify, erase (“right to be forgotten”), restrict processing, object to processing based on legitimate interests (including direct marketing), and data portability.To exercise your rights or withdraw marketing consent, contact privacy@codemix.dev or use the unsubscribe link in our emails.

    11) Automated Decision-Making & Profiling

    We may build audiences/segments (e.g., remarketing, lookalike) and personalize offers. We do not make decisions producing legal or similarly significant effects solely by automated means.

    12) Children’s Data

    Our services are not directed to children. We do not knowingly collect children’s data. If you believe a child’s data reached us, contact us and we will delete it.

    13) How to Contact Us or Lodge a Complaint

    To exercise your rights or ask questions, email privacy@codemix.dev.You also have the right to lodge a complaint with your local supervisory authority. In Latvia, this is the Data State Inspectorate (Datu valsts inspekcija).

    14) Changes to This Policy

    We may update this policy from time to time. We will post the revised version here and indicate the effective date.

    Effective date: 07.08.2025

    Last updated: 12.08.2025

    Contact

    Ready to turn your idea into reality? We look forward to hearing from you.

    Get in touch with us
    Get in touch with us
    Thank you! Your submission has been received!
    Oops! Something went wrong while submitting the form.

    Reach out to our team, and let’s discuss how we can address your specific business needs.