Skip to Content

Data Processing Information

Last updated: May 2026

CodifyAI as Data Controller

CodifyAI acts as the data controller for personal data collected through the CodifyAI.ro website, customer accounts, shop, and contact forms. This means we determine the purposes and means of processing that data.

CodifyAI is operated by CODIFY AI SRL, CUI 51174729, Trade Register no. J2025004646003, registered in Romania.

Full details are in our Privacy Policy.

CodifyAI as Data Processor — Hosted SaaS Tenants

When CodifyAI provides managed Odoo hosting ("SaaS"), the customer organisation is the data controller for all personal data stored inside their Odoo tenant environment. CodifyAI acts as a data processor, providing:

  • Server infrastructure and hosting
  • Database management and configuration
  • Automated daily backups
  • Security updates and monitoring
  • Technical support (access to tenant environment on request only)

CodifyAI does not process personal data inside customer tenants for its own purposes.

Data Processing Agreement (DPA)

Where required by GDPR Article 28, a Data Processing Agreement governs the relationship between CodifyAI (processor) and the customer (controller). The following standard DPA terms apply automatically to all CodifyAI SaaS customers. Customers requiring a separately signed DPA document may contact [email protected].

Standard Data Processing Terms (GDPR Art. 28)
  1. Subject matter and duration: CodifyAI processes personal data stored in the customer's Odoo tenant solely to provide the managed hosting service, for the duration of the active subscription plus the 30-calendar-day data retention period after termination.
  2. Nature and purpose: Providing and maintaining a hosted Odoo Community environment, including server operations, daily backups, security updates, and technical support.
  3. Type of data: Any personal data the customer chooses to store in their Odoo tenant (determined solely by the customer as controller).
  4. Controller's instructions: CodifyAI processes tenant data only on documented instructions from the customer. Providing the hosting service constitutes the instruction. CodifyAI will inform the customer if it believes an instruction infringes GDPR.
  5. Confidentiality: CodifyAI ensures that authorised personnel are bound by appropriate confidentiality obligations.
  6. Security: CodifyAI implements appropriate technical and organisational measures including encrypted connections, isolated tenant databases, access controls, and daily encrypted backups. See our Security Policy.
  7. Sub-processors: CodifyAI uses the sub-processors listed below. By using the service, the customer provides general authorisation for use of these sub-processors. CodifyAI will provide at least 30 days' notice before adding new sub-processors.
  8. Data subject rights: CodifyAI assists the customer in responding to data subject requests to the extent technically feasible, given the nature of the processing.
  9. Security incidents: CodifyAI notifies the customer without undue delay after becoming aware of a personal data breach affecting tenant data.
  10. Data deletion: Upon termination, the customer may export their data within 30 calendar days. After this period, CodifyAI will securely delete or anonymise tenant data.
  11. Audits: CodifyAI makes available information necessary to demonstrate compliance and cooperates with reasonable customer audits or inspections, subject to confidentiality.

Sub-processors

CodifyAI uses the following sub-processors. All are required to meet appropriate data protection standards consistent with GDPR.

Provider Service Location Transfer Basis
Hetzner Online GmbH Server infrastructure, SaaS hosting, off-site backups Germany (EU) EU/EEA — no transfer
Payment Processor Secure payment processing (card data not stored by CodifyAI) EU/EEA or SCCs Standard Contractual Clauses where applicable
Transactional Email Provider Sending invoices, account notifications, system emails EU/EEA or SCCs Standard Contractual Clauses where applicable

Last updated: May 2026. For the current full list of named providers, contact [email protected]. We will notify customers at least 30 days before adding new sub-processors.

International Transfers

CodifyAI primarily hosts data within the EU/EEA (Hetzner, Germany). Where any sub-processor operates outside the EU/EEA, CodifyAI ensures appropriate transfer safeguards are in place, such as EU Standard Contractual Clauses (SCCs) approved by the European Commission under GDPR Article 46.

Contact

For DPA requests, sub-processor questions, or processor-related GDPR enquiries: [email protected]

See also: Privacy Policy · Your Data Rights · Cookie Policy