Privacy Policy for Cocey

Effective Date: August 19, 2025

1. Introduction

Welcome to Cocey ("we," "us," "our"). We provide a service that enables businesses ("Users," "you") to manage orders and payments from their customers ("End-Customers") through messaging platforms like WhatsApp and Telegram (the "Service").

We are committed to protecting the privacy and security of the data we handle. This Privacy Policy explains how we collect, use, process, and disclose information in relation to our Service. This applies to the information of our Users and the information of End-Customers that we process on behalf of our Users.

Our company, Cocey, is the Data Controller for our Users' account information. When we process End-Customer data on behalf of our Users, the User is the Data Controller, and Cocey acts as the Data Processor. This relationship is governed by our Data Processing Addendum (DPA), which is incorporated by reference into our Terms of Service.

2. Information We Collect

We collect different types of information to provide and improve our Service.

a) Information You (Our Users) Provide to Us:

  • Account Information: When you register for a Cocey account, we collect information such as your name, business name, email address, phone number, and password.
  • Payment Information: To process your subscription payments, we collect billing details and payment information. This is securely handled by our third-party payment processors (e.g., Stripe) and we do not store your full credit card details.
  • Business Information: You may provide information about your products, prices, and services to use within the platform.

b) Information We Process on Your Behalf (End-Customer Data):

  • Contact Information: Names and phone numbers of your End-Customers as they appear on WhatsApp or Telegram.
  • Order Information: Details of the products or services ordered, order value, shipping addresses, and any specific notes related to the order.
  • Conversation Data: We do not store the full chat history. We only process the specific messages and data necessary to create and manage an order.

c) Information We Collect Automatically:

  • Usage Data: We collect information about how you interact with our Service, such as features used, clicks, pages visited, and time spent on the platform.
  • Log Data and Device Information: We automatically collect log files and device information when you access our Service, including your IP address, browser type, operating system, and unique device identifiers.
  • Cookies: We use cookies and similar tracking technologies to operate and personalize our Service. For more details, please see our Cookie Policy.

3. How We Use Information

We use the information we collect for the following purposes, based on a specific legal basis.

Purpose Type of Information Legal Basis (GDPR)
To Provide and Maintain the Service User & End-Customer Data Performance of a Contract
To Process Subscription Payments User Payment Information Performance of a Contract
To Communicate with You User Account Information Performance of a Contract; Legitimate Interest
To Improve and Analyze Our Service Usage Data, Log Data Legitimate Interest
To Market Our Services to You User Account Information Consent (where required); Legitimate Interest
For Security and Fraud Prevention All categories Legitimate Interest; Legal Obligation
To Comply with Legal Obligations All categories Legal Obligation

4. Data Sharing and Disclosure

We do not sell your personal data. We may share information under the following circumstances:

  • Third-Party Service Providers: We use trusted third parties to perform functions and provide services, such as cloud hosting (e.g., AWS, Google Cloud), payment processing (e.g., Stripe), analytics (e.g., Google Analytics), and communication tools. These providers are bound by confidentiality obligations and are only permitted to process data on our behalf.
  • Legal Compliance: We may disclose information if required by law, subpoena, or other legal process, or if we have a good faith belief that disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.

5. Data Security

We implement robust technical and organizational measures to protect the data we handle. This includes:

  • Encryption of data in transit (using TLS/SSL) and at rest.
  • Strict access controls to ensure only authorized personnel can access sensitive data.
  • Regular security assessments and updates.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

6. Data Retention

We retain User account data for as long as your account is active and for a reasonable period thereafter as necessary to comply with our legal obligations (e.g., for financial reporting).

We retain End-Customer data processed on your behalf for as long as your account is active. You have control over this data and can request its deletion through the Service. Upon account termination, we will delete or anonymize this data within a commercially reasonable timeframe, unless otherwise required by law.

7. Your Data Protection Rights (GDPR)

As our Service is based in Germany, you have specific rights under the GDPR regarding your personal data:

  • The Right to Access: You have the right to request copies of your personal data.
  • The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • The Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data, under certain conditions.
  • The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
  • The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

To exercise any of these rights, please contact us at privacy@cocey.com. If you are an End-Customer of one of our Users, please direct your request to the User (the shop owner), who is the Data Controller.

You also have the right to lodge a complaint with a supervisory authority, such as the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit).

8. International Data Transfers

Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ. We will ensure that any such transfers comply with GDPR and are protected by appropriate safeguards, such as Standard Contractual Clauses (SCCs).

9. Children's Privacy

Our Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will take steps to delete it.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Effective Date." We encourage you to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Cocey Email: coceydesign@gmail.com