Privacy Policy — RewardCoder

1. Who We Are (Data Controller)

The data controller responsible for your personal data is:

RewardCoder

rewardcoder.online

privacy@rewardcoder.online

2. Data We Collect

We collect personal data in the following categories:

2.1 Data You Provide Directly

Identity data Name, username Registration, profile update

Contact data Email address Registration, contact forms

Credentials Hashed password Account creation

Profile data Bio, skills, portfolio links Profile setup (Developers)

Financial data Bank/payment account details, tax ID Reward payout setup (Developers)

Project content Project descriptions, deliverables Project submission

Communications Messages, emails sent to us Support, contact

2.2 Data Collected Automatically

Usage data: Pages visited, features used, clicks, session duration;
Technical data: IP address, browser type and version, device type, operating system, time zone;
Log data: Server logs including timestamps of login and API requests;
Cookie data: See Section 9 for details.

2.3 Data From Third Parties

We may receive data about you from payment processors (transaction confirmations) and identity verification providers (KYC/AML checks for Developers).

We do not collect special categories of personal data (health, biometric, racial, political, or religious data) and we do not knowingly collect data from persons under 18.

3. How We Use Your Data

Create and manage your account Identity, contact, credentials

Provide and operate the Platform All account and usage data

Process Reward payouts to Developers Financial data, identity data

Verify Developer identity (KYC) Identity data, verification documents

Detect fraud and enforce our Terms Usage data, technical data, log data

Send transactional notifications Contact data

Send service updates and newsletters (with consent) Contact data

Improve the Platform (analytics) Usage data, technical data

Comply with legal obligations All relevant data as required by law

4. Legal Basis for Processing (GDPR)

Under GDPR, we rely on the following legal bases for processing your personal data:

Contract performance (Art. 6(1)(b)) — processing necessary to provide the Platform services, including account management, Project hosting, and Reward payments;
Legitimate interests (Art. 6(1)(f)) — fraud detection, Platform security, and service improvement, where these interests are not overridden by your rights;
Legal obligation (Art. 6(1)(c)) — compliance with applicable laws including financial regulation, anti-money laundering (AML), and tax reporting;
Consent (Art. 6(1)(a)) — for marketing communications and non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

5. Data Sharing & Third Parties

We do not sell your personal data. We may share your data with the following categories of recipients:

Payment processors — to process payments and Reward payouts (e.g., Stripe, bank transfer providers). These processors handle data under their own privacy policies and are bound by data processing agreements;
Identity verification providers — for KYC/AML compliance (Developers only);
Cloud hosting providers — for server infrastructure and data storage;
Analytics providers — for aggregated, anonymised Platform analytics;
Legal and regulatory authorities — when required by law, court order, or to protect our legal rights;
Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity, subject to equivalent privacy protections.

All third-party processors are bound by data processing agreements that require them to process data only on our instructions and in accordance with GDPR.

6. International Data Transfers

Where we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission;
Transfers to countries with an EU adequacy decision.

You may request details of the specific safeguards applied to any international transfer by contacting us at privacy@rewardcoder.online.

7. Data Retention

Account data Duration of account + 2 years after deletion

Financial & transaction records 7 years (legal/tax obligation)

Project content Duration of account + 1 year

Server logs 90 days

Marketing consent records Until consent is withdrawn + 3 years

Support communications 3 years from last contact

After the applicable retention period, data is securely deleted or anonymised. We may retain anonymised, aggregated data indefinitely for statistical purposes.

8. Your Rights Under GDPR

If you are located in the EU/EEA, you have the following rights regarding your personal data:

Right of Access

Request a copy of all personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your data ("right to be forgotten"), subject to legal retention obligations.

Right to Restriction

Request that we restrict processing of your data in certain circumstances.

Right to Portability

Receive your data in a structured, machine-readable format and transfer it to another controller.

Right to Object

Object to processing based on legitimate interests, including direct marketing.

To exercise any of these rights, contact us at privacy@rewardcoder.online. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection supervisory authority.

9. Cookies

We use cookies and similar tracking technologies to operate and improve the Platform. The categories of cookies we use are:

Essential Authentication, security, session management Contract / Legitimate interest

Functional Remember preferences (language, theme) Legitimate interest

Analytics Understand Platform usage (anonymised) Consent

Marketing Personalised content (if applicable) Consent

You can manage cookie preferences via the cookie banner displayed on your first visit, or by adjusting your browser settings. Disabling essential cookies will impair Platform functionality.

10. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

Passwords stored using industry-standard bcrypt hashing (min. 12 rounds);
Authentication via time-limited JWT tokens (8-hour expiry);
HTTPS encryption for all data in transit (TLS 1.2+);
Regular security reviews and access controls;
Database access restricted to authorised personnel only.

While we take reasonable precautions, no system is completely secure. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, as required by GDPR.

11. Children's Privacy

The Platform is not intended for persons under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a person under 18 without verifiable parental consent, we will take immediate steps to delete that data. If you believe a child has provided us with personal data, please contact us at privacy@rewardcoder.online.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

Update the "Last updated" date at the top of this page;
Notify registered Users by email at least 14 days before changes take effect;
Where required by law, seek your renewed consent for material changes affecting how we process your data.

We encourage you to review this Policy periodically. Continued use of the Platform after the effective date of changes indicates acceptance of the updated Policy.

13. Contact & Data Protection

For any privacy-related questions, requests to exercise your rights, or to contact our Data Protection Officer:

Data Protection Contact

privacy@rewardcoder.online

rewardcoder.online

You also have the right to file a complaint with your national data protection supervisory authority. Within the EU, a list of supervisory authorities is available at edpb.europa.eu.