WorkSolutionsServicesTech for HireAbout usBlog

Privacy Policy

Codigo Private Limited · Last Updated: April 2026

Codigo Private Limited (“Codigo”, “we”, “us”, “our”) is a Singapore-based software development agency. This Privacy Policy explains how we collect, use, protect, and handle personal data in the course of providing our software development and related services. It applies to personal data belonging to our clients, and also to the end-users and customers of the applications and systems we build on behalf of our clients.

We are committed to handling all personal data responsibly, in compliance with the Singapore Personal Data Protection Act 2012 (PDPA) and applicable data protection obligations.

1. Scope of This Policy

This policy covers two categories of data subjects:

  • Client Data: Personal data provided by or belonging to our direct clients (companies and individuals who engage Codigo for development services).
  • End-User Data: Personal data belonging to end-users and customers of the applications, platforms, or systems that Codigo develops on behalf of clients.

The same data protection standards apply to both categories.

2. Data We Handle

In the course of our work, we may handle the following categories of personal data:

  • Contact and identification information (names, email addresses, phone numbers) provided during project scoping and engagement.
  • Sample or obfuscated data sets provided for development and testing purposes.
  • End-user data within production systems, accessible only to the extent required to perform contracted maintenance, support, or infrastructure services.
  • Technical metadata (logs, error reports, analytics) used for debugging and performance monitoring, processed in accordance with client instructions.

3. How We Collect Data

We collect data through the following means:

  • Directly from clients during requirements gathering, onboarding, and project communication.
  • Through access granted to client systems, databases, or infrastructure as part of contracted development or support work.

We follow a need-to-know principle and do not request or collect data beyond what is necessary for the delivery of contracted services.

For platforms and applications developed on behalf of clients, the collection of end-user data must be agreed to by the end-user in accordance with the client’s own privacy policy for that platform. Codigo does not collect end-user data independently of the client’s stated purposes and consent framework.

4. Purpose of Data Processing

We process personal data for the following purposes:

  • Delivering software development, testing, and deployment services as contracted.
  • Performing quality assurance, debugging, and performance monitoring.
  • Managing project communications and meeting contractual obligations.
  • Complying with applicable legal and regulatory requirements.

5. Infrastructure and Hosting

Infrastructure and hosting choices are discussed and agreed upon with clients prior to implementation. Codigo primarily uses Amazon Web Services (AWS) for cloud infrastructure, though alternative providers may be used based on client requirements or regulatory constraints.

Clients retain control over their hosting environment. Where Codigo manages infrastructure on behalf of a client, we implement appropriate access controls, network segmentation, and security configurations in line with industry best practices.

6. Development and Testing

Where possible, development and testing are conducted using synthetic or anonymised data. Where real data is required for testing purposes, this is done only with explicit client authorisation and under the following controls:

  • Access is restricted to authorised team members working on that specific project.
  • Data is not retained in development or staging environments beyond what is necessary.
  • Test environments are logically separated from production environments.

7. Source Code and Intellectual Property

Client source code and related assets are hosted in private version-controlled repositories with access restricted to team members assigned to that project. Access rights are reviewed and revoked when team members are reassigned or leave the organisation. Clients retain ownership of their source code and data in accordance with their contractual agreements with Codigo.

8. Security Measures

Codigo implements security measures appropriate to the nature and sensitivity of the data we handle. These include:

  • Encryption of data in transit (TLS) and at rest where applicable.
  • Role-based access controls and multi-factor authentication for internal systems.
  • Regular security assessments and vulnerability management.
  • Endpoint protection and device management controls for staff devices.
  • A documented incident response process for responding to suspected security breaches.

The specific controls applied to any engagement may be adjusted based on the client’s data classification requirements and applicable regulatory obligations.

9. Third-Party Vendors and Subprocessors

Where Codigo engages third-party vendors or subcontractors as part of a project, we:

  • Share only the minimum data necessary for the vendor to perform their function.
  • Inform clients of all material third-party vendors involved in their engagement.
  • Require vendors to maintain appropriate data protection standards through contractual obligations.
  • Do not permit vendors to use client data for any purpose other than the contracted service.

10. Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes described in this policy or as required by law. In practice:

  • Project data is retained for the duration of the engagement and any applicable warranty or maintenance period.
  • Upon project completion or contract termination, data is returned to the client or securely deleted upon request.
  • Specific retention schedules may be agreed upon with clients in the contract or data processing addendum.

11. Your Rights

Under the Singapore PDPA, individuals have the right to:

  • Access their personal data held by Codigo.
  • Correct inaccuracies in their personal data.
  • Withdraw consent for the use of their personal data (where consent is the basis of processing), subject to legal or contractual limitations.
  • Request deletion of their personal data held by Codigo, subject to any legal, regulatory, or contractual retention obligations that may apply.
  • Lodge a complaint with the Personal Data Protection Commission (PDPC) if they believe their data rights have been violated.

Note: For data processed on behalf of clients, Codigo acts as a data intermediary. Requests from end-users relating to applications built for clients should be directed to the relevant client organisation as the data controller.

12. Client Responsibilities

Clients who provide personal data to Codigo for processing warrant that they have obtained all necessary consents and have the legal authority to share that data. Clients are responsible for maintaining their own privacy policies for their end-users.

We recommend that clients maintain their own backups of data and notify Codigo of any specific data handling requirements, data residency obligations, or regulatory constraints that apply to their engagement.

13. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or regulatory requirements. We will notify clients of material changes. The most current version of this policy is available upon request.

14. Contact Us

For any questions, data access requests, or concerns regarding this Privacy Policy, please contact:

Codigo Private Limited
Email: hello@codigo.co
Address: 22 Sin Ming Lane Midview City #04-87 Singapore 573969

Codigo is an award-winning design and technology company headquartered in Singapore, with offices in Myanmar, Indonesia and Vietnam. Since our inception in 2010, we have meticulously designed and implemented bespoke systems for various industries, encompassing service-based platforms, eCommerce, logistics, transportation, loyalty programs, and CRM solutions.

Let's have a chat

  • Build

    Help you build something

  • Co-incubate

    Co-incubate an idea together

  • Customise

    Customise a solution for your business

  • Organise

    Organise learning sessions with us

  • Tech for Hire

    Hire experienced tech talents

Contact us

Find us

  • Singapore

    22 Sin Ming Lane, Midview City #04-87 Singapore 573969

  • Myanmar

    No. 11A, 2nd Floor (New Strength Building), East Horse Race Course Road, Tamwe, Yangon, Myanmar

  • Vietnam

    76 Nguyen Duc Canh Street Ninh Kieu District, Can Tho City

  • Indonesia

    BLOCK71 Jakarta, Ariobimo Sentral, Kuningan Timur, Setiabudi Jakarta Selatan 12950

© 2010 – 2026 Codigo – Mobile App Developer Singapore · Privacy Policy