Privacy Policy

1. Introduction

Welcome to getcodon.ai. This platform is owned and operated by MindSci.ai Private Limited (“Company”, “we”, “our”, or “us”). We provide an India-based Software-as-a-Service (SaaS) platform specializing in advertising automation, creative management, and performance analytics for e-commerce businesses.

This Privacy Policy explains how we collect, use, and protect information when you create an account, sign in via Google OAuth, or connect third-party platforms like Meta, Google Ads, and Shopify to our services.

2. Our Legal Role

• For Account & Billing Data: MindSci.ai Private Limited acts as a Data Controller.
• For Advertising Data: When we access data via your connected Google or Meta accounts, you remain the Data Controller, and we act as a Data Processor. We process this data strictly to provide the services you have requested.

We process this data strictly to provide the tools and automation as configured by you.

3. Information We Collect

A. Account & Identity Information

When you register or log in via Google OAuth, we collect your name, email address, business name, and profile picture (if provided). We only request the minimum scopes necessary for authentication.

B. API Integration Data

To provide automation, analytics, and reporting features, our platform accesses authorized data through official third-party APIs after you explicitly connect your accounts.

• Meta (Facebook): Ad account IDs, campaign performance metrics (such as spend, ROAS, CTR, impressions, and conversions), creative assets (images or videos), and product catalog data.
• Google APIs (Google Ads, Merchant Center):When a user connects their Google account, our platform may access authorized advertising and product data through Google's official APIs. This may include:
  • Google Ads campaign information (campaign names and identifiers)
  • Advertising performance metrics such as impressions, clicks, conversions, spend, and ROAS
  • Date-based campaign performance analytics used for reporting and insights
  • Merchant Center product feed data including product identifiers, pricing, availability, and performance metrics
  This data is accessed solely to provide analytics dashboards, campaign reporting, performance insights, and AI-generated recommendations within the Codon platform.
• E-commerce Data: If you connect platforms such as Shopify, we may access product and order-level data to provide unified performance analytics and reporting. We do not use this information to market directly to your customers.

We only access data necessary to provide analytics, reporting, and optimization insights to the authenticated user and do not use this data for advertising targeting or resale.

3A. Shopify Integration & Merchant Data

When you connect your Shopify store to Codon, we access your store data through Shopify's official APIs using OAuth authentication. We request only the minimum scopes required: read_products and read_inventory.

Data We Collect from Shopify

• Product titles, descriptions, images, prices, and variants
• Inventory levels and stock information
• Product categories and tags
• Store name and domain (myshopify domain)

Data We Do Not Collect

Codon does not collect, store, or process any Shopify end-customer personal data. This includes customer names, email addresses, phone numbers, shipping addresses, order history, or payment information. We only access merchant store and product data.

How We Use Shopify Data

Shopify store data is used solely to allow merchants to map, structure, and export product feeds as CSV files for use on external advertising and sales platforms (such as Google Shopping and Meta). We do not use this data for advertising targeting, resale, or any purpose beyond the core functionality of the Codon platform.

Data Retention & Deletion

Shopify store data is retained only while your store connection is active. When you disconnect your store or delete your Codon account, all associated Shopify data and access tokens are deleted from our systems within 30 days. You may also request immediate deletion by contacting us at ashima@mindsci.ai.

GDPR Compliance Webhooks

Codon supports Shopify's mandatory privacy compliance webhooks. Upon receiving a shop redact request (merchant uninstalls the app), we delete all associated store data from our systems. Customer data request and customer redact webhooks are acknowledged immediately as we do not store any customer personal data.

4. Google API Services User Data Policy Compliance

getcodon.ai's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

• We do not sell Google user data to third parties.
• We do not use Google data for serving advertisements.
• Human access to your data is strictly prohibited except for troubleshooting with your explicit consent, security investigations, or legal requirements.

5. Google User Data Access, Usage, Storage, and Sharing

When you connect your Google account to Codon via Google OAuth, our platform may access certain Google user data through authorized Google APIs such as Google Ads and Google Merchant Center in order to provide analytics and reporting services.

Data Accessed

With your authorization, Codon may access limited Google account data including:

• Google Ads account identifiers
• Campaign performance metrics such as impressions, clicks, conversions, and cost
• Advertising campaign performance reports and insights
• Google Merchant Center product data and product performance metrics

Data Usage

The Google user data accessed through these APIs is used solely to provide the services requested by the authenticated user. This includes displaying advertising performance analytics, generating reports, and producing AI-based insights to help users understand marketing performance within the Codon dashboard.

Data Sharing

Codon does not sell, rent, or share Google user data with third parties. Google user data may only be processed by secure infrastructure providers strictly for the purpose of operating the Codon platform (such as cloud hosting or analytics processing). These providers are required to maintain strict security and confidentiality standards.

Data Storage & Security

Google user data retrieved through APIs is stored using industry-standard security practices including encrypted connections (HTTPS), secure API token storage, and restricted access controls. Only authorized systems within the Codon platform are able to access this data for the purpose of providing analytics services.

Data Retention & Deletion

Google user data is retained only for as long as necessary to provide Codon services. If a user disconnects their Google account or deletes their Codon account, associated Google data and API tokens are deleted from our systems within 30 days.

Users may also request deletion of their data at any time by contacting our support team at ashima@mindsci.ai.

6. Meta Platform Data Usage

When you connect your Meta (Facebook or Instagram) account to Codon using the Meta OAuth authorization flow, we access limited advertising data through the Meta Marketing API in order to provide analytics and reporting services.

Data Accessed

With your authorization, Codon may access the following Meta data:

• Ad account identifiers
• Campaign, ad set, and ad-level performance data
• Metrics such as impressions, clicks, conversions, spend, and ROAS
• Ad creatives (images and videos) associated with campaigns

Codon does not access or process personal user profile data such as user names, email addresses, friend lists, or personal profile information from Meta.

Data Usage

Meta data is used solely to provide analytics dashboards, performance insights, and reporting features within the Codon platform. This enables users to understand and evaluate their advertising performance.

Data Sharing

Codon does not sell, rent, or share Meta Platform Data with third parties. Meta data may only be processed by secure infrastructure providers (such as cloud hosting services) strictly for the purpose of operating the platform.

Data Storage & Security

Meta data is stored securely using encrypted connections (HTTPS), secure token storage, and restricted access controls. Only authorized systems are allowed to process this data for analytics purposes.

Data Retention & Deletion

Meta data is retained only as long as necessary to provide Codon services. If a user disconnects their Meta account or deletes their Codon account, associated Meta data and access tokens are deleted from our systems within 30 days.

Users maintain full control over their Meta data and can revoke access at any time through their Facebook account settings.

Codon operates in a read-only mode using the ads_read permission and does not create, edit, publish, or manage advertisements on behalf of users.

7. AI & Machine Learning Usage

• We use AI and machine learning to generate performance insights, optimization recommendations, and industry benchmarks.
• We use aggregated and anonymized metrics for system improvement.
• We do not share identifiable client strategies or train models in a way that reveals your proprietary information or creative assets to other users.

8. Data Retention & Deletion

We retain your data as long as your account is active. Upon account termination:

• API-fetched data is deleted within 30 days.
• You may request immediate deletion by contacting us.
• You can revoke our API access at any time through your Google or Meta security settings.

9. Lawful Basis & Security

We process data under the India Digital Personal Data Protection (DPDP) Act, 2023, based on your consent and performance of contract. We implement SSL encryption and encrypted API token storage to safeguard your information.

10. Contact Information

For any privacy-related requests or to exercise your user rights (access, correction, or deletion), please contact our parent company, MindSci.ai Private Limited: