Codevertex IT Solutions ("Codevertex", "we", "us") operates the Codevertex SSO identity service at accounts.codevertexitsolutions.com and related subdomains (together, the "Service"). This policy explains what personal information we collect when you sign in, what we do with it, and the rights you have over it.
1. Information we collect
We collect only what we need to authenticate you and issue access tokens:
- Account identifiers — email address, name, profile picture URL, and the unique subject identifier returned by your chosen identity provider (Google, Microsoft, or GitHub).
- Authentication metadata — hashed passwords (for email/password accounts), multi-factor authentication settings, session identifiers, sign-in timestamps, IP addresses, and user-agent strings. Used for security monitoring and abuse prevention.
- OAuth provider tokens — access and refresh tokens returned by Google / Microsoft / GitHub. Stored encrypted at rest (AES-256-GCM) and used solely to verify your identity and, where you consent, fetch basic profile details (email, name, picture).
- Tenant & membership data — the organisations you belong to, your roles, and your permissions within the Codevertex ecosystem.
2. How we use your information
- Authenticate you and issue short-lived JSON Web Tokens (JWTs) for access to Codevertex services.
- Enforce multi-factor authentication and detect anomalous sign-in activity.
- Provision and maintain your organisation membership across the Codevertex microservice ecosystem.
- Respond to support requests and meet legal obligations.
We do not sell your personal data, and we do not use it for advertising or profiling outside the Service.
3. Google user data
When you choose "Sign in with Google", we request the openid, email, and profile scopes only. We use these values to create or locate your Codevertex account. We do not request, access, store, or share any other Google user data (Gmail, Drive, Calendar, Contacts, etc.). Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
4. Sharing & disclosure
We share data only with (a) other Codevertex microservices that you have explicitly granted access to via sign-in, (b) infrastructure providers required to run the Service (cloud hosting, transactional email), and (c) authorities when compelled by law. We do not share OAuth tokens with any third party.
5. Data retention
Account records are retained while your account is active. If you delete your account, we erase personal identifiers within 30 days and retain only anonymised audit logs as required for security and compliance.
6. Security
Secrets are encrypted at rest (AES-256-GCM). Passwords are hashed with Argon2id. Access tokens are short-lived (15 minutes) and refresh tokens rotate on use. All traffic is served over TLS 1.3.
7. Your rights
You may request access to, correction of, or deletion of your personal data by contacting privacy@codevertexitsolutions.com. You can also revoke Codevertex's access to your Google account at myaccount.google.com/permissions.
8. Contact
Codevertex IT Solutions
Email: privacy@codevertexitsolutions.com
9. Changes to this policy
We will post any updates on this page and adjust the effective date above. Material changes will also be notified by email to active account holders.