New

Introducing a new and improved editor powered by VS Code Web

Learn more
Legal

CodeSandbox
Privacy Policy

Version 0.9.0 (03/08/2024)

Privacy and Cookie Statement

This privacy and cookie statement allows you to learn about the way CodeSandbox B.V. (hereinafter: “CodeSandbox” or “we”) controls and processes data about you.

Additionally, this statement allows you to learn about the types of data we collect and how we use, share and secure this data and how you can exercise your privacy rights. During the processing of your personal data via our services and website https://codesandbox.io/ we comply with the General Data Protection Regulation (‘GDPR’). This means we:

  • Record our purposes before we process your personal data, as set out in this privacy and cookie statement.
  • Store as little personal data as possible and only the data necessary for our purposes.
  • Ask for explicit consent for the processing of your personal data, should consent be necessary.
  • Take appropriate security measures to protect your personal data and we demand the same from parties who process personal data on our behalf.
  • Respect your right such as the right to access, correct or delete your personal data processed by us.

For what purposes do we use your personal data?

We obtain various personal data from you. We specify for each purpose what data we obtain from you, for what purpose we process these data and for how long they are stored. If you have any questions or would like to know exactly what information we store about you, please contact us. Our contact details are mentioned at the bottom of this privacy and cookie statement.

In short

We want to be as open as possible about how we treat your personal data, how you should be able to access and control your data and how you can use our services. We will not sell, rent or lease your personal data to anyone, except in case we sell our business or part thereof to another company.

A few take-home points are good to keep in mind:

  • Anything you create using our services may be published by selecting the relevant option – after which it will be accessible over the public internet;
  • We collect the minimum amount of personal data necessary to provide our services;
  • With your permission where required, we make use of analytical tools on our websites and services to learn whether users are using specific features we release, such as the Template Universe or Netlify deploy option and to improve what we are building by way of placing tracking cookies;
  • With your permission where required, we may promote our services to inform you via email about new releases, community activities or for events that may ultimately affect your day-to-day use of our services;
  • We may enrich your (personal) data with publicly accessible data;
  • We are operationally based in The Netherlands and therefore you are dealing with applicable Dutch and/or EU law.

For what purposes do we use your personal data?

Registration and access to platform and provision of services

We use your personal data to provide our services to you (performance of contract). Certain features of our service require you to register beforehand to gain access to a secured platform/portal environment, including a management environment where you can set, specify and change settings. We will keep track of your activities for proof. In this context, you will be asked to provide information about yourself and choose login data for the account that we will set up for you, and/or use an account with a third-party service such as GitHub, Apple or Google to function as your login data. If you want to know in what ways these parties use your personal data, please read the privacy statements of the respective platforms.

We process the following data for this purpose:

  • Name (if relevant)
  • Login data (username, api tokens for third-party services used for login)
  • Email address
  • Company name (if relevant)
  • IP address
  • Any information you enter yourself while using the service

We store this information until you close your account. We will retain this data so that you do not have to re-enter it every time you visit our website to use certain features of our service, and in order to contact you in connection with the performing the contract, invoicing and payment, and to provide an overview of the products and services you have purchased from us.

Subscription

Certain features of our service require you to take out a paid subscription. In this context, we use your personal data to complete the payment (performance of the contract). We process the following personal data for this purpose:

  • Name
  • Address
  • Username
  • Email address
  • Payment details

We store this data until you close your account. We keep some data longer if we are legally obligated to do so (e.g., because of the 7-year tax retention obligation).

Sending newsletters

We have a monthly newsletter to inform those interested in news, tips and information about our products and services. Furthermore, we can send personalised messages based on your account should you wish to do so.

We process the following personal data for this purpose:

  • Name
  • Username
  • Email address

Your personal data is stored until you unsubscribe from our newsletter. If you no longer wish to receive the newsletter, you can unsubscribe at any time. There is an unsubscribe link in every newsletter.

Contact and complaints

When you send us an email or contact us in any other way you agree to our offer to enter into correspondence (performance of the contract).

We process the following personal data for this purpose:

  • Name
  • Email address
  • Any information you provide in your message

We store your data for as long as the correspondence requires it or up to 5 years after you sent your query to ensure that we have reasonably complete conversation histories with users.

Support

We may offer support for our services through email, contact forms, telephone or in other ways, in which case you agree to our offer to enter into correspondence (performance of the contract). In this context, we may also use this data – where possible in anonymized form – to improve and train our services (legitimate interest).

We process the following personal data for this purpose:

  • Name
  • Username
  • Email address
  • Browser type and other information about technical setup
  • Any records related to your support request (e.g. sandbox contents and uploads)
  • Any information you provide in your correspondence

We store your data for up to 5 years after you initiated the support request to ensure that we have reasonably complete conversation histories with users, and for identifying longer term trends in support contact reasons and volume.

Mobile application

We offer a mobile application via the Apple App Store and Google Play, allowing you to use our services on your mobile device (performance of the contract).

For this purpose, we process the following personal data:

  • Name
  • Login data
  • Apple ID
  • Google Play account
  • Contact details (email address and phone number)
  • Location details

We will store your data for as long as you have the application or for up to 2 years after you last used your account as we will then assume you no longer wish to use our services.

Handling job applications

If you apply for one of our job openings or submit an open application, we process your personal data for the purpose of handling your application and in preparation for a possible employment contract.

For this purpose, we process the following personal data:

  • Name
  • Timezone
  • Contact details (email address)
  • Curriculum Vitae
  • Motivation letter
  • Any other information you provide with your application

Your application details are stored for a maximum of 6 weeks after the position has been filled. Unless you wish to join our talent pool, in which case your details will be stored indefinitely until you request otherwise. We store this information so that we can contact you should the position become vacant again within the probationary period. If we are unable to offer you a position at this time, we may – with your consent – keep the application data for one more year. You can revoke your consent at any time by sending us an email to [email protected]. We will store your application data in your personnel file should you decide to work for us. This file will be stored for as long as necessary, and the application data will be kept for a maximum of 2 years after entering into employment.

A social media and internet screening can be part of the application procedure. This is necessary for us to preserve our image when hiring new staff; we do this on a legitimate interest basis. We will do a search of your name on Google and any profile you may have on various social media. This applies, of course, insofar as these profiles are public. We will not ask you to grant us access to a private social media page or to accept a request from us. The results of the screening will be discussed with you. Should you have any objections to this, you can inform us by e-mail at the time of your application.

ReCAPTCHA

We use the reCAPTCHA service of Google LLC. (hereinafter: “Google”) to protect our website against spam and abuse. In order for Google reCAPTCHA to work, the IP address of a website visitor, mouse movements and possibly other data are collected. This information is sent to and processed by Google for this purpose. By analysing this information, Google can determine whether we are dealing with a real website visitor or a robot. For more information, please see Google's privacy statement.

When can we share your personal data with third parties?

CodeSandbox will only share your information with third parties to the extent permitted by current legislation.

Anything you create using our services may be made public by selecting the relevant option. Please note that by selecting this option, your creations and the data you include therein will be made available on the public internet.

We may provide your personal data to third parties when:

  • we have engaged them to process certain data;
  • we have a legal basis to do so;
  • we are legally required to do so in handling notice-and-takedown or similar requests by you that may affect such third parties’ rights (e.g. pursuant to the United States Digital Millennium Copyright Act 1998, the European E-commerce Directive Directive 2000/31/EC, or the European Digital Services Act;
  • we are legally obligated to do so (e.g., if a local authority demands it in case of a suspicion of a crime).

Third parties processing personal data on our behalf or yours:

  • Payment service providers
  • Cookie service providers
  • IT suppliers and service providers
  • Data analysis providers
  • Data integration providers
  • Email providers
  • Behavior based email campaign providers
  • Hosting providers
  • Marketing companies
  • Large Language Model providers

CodeSandbox may disclose your personal data to parties located outside the European Economic Area (EEA) to provide those services. We will only do so if there is an appropriate level of protection for the processing of personal data.

This privacy and cookie statement applies only to the services of CodeSandbox. We are not responsible for the privacy practices of other websites, which can be accessed through a link on our website.

Social media buttons

We use social media buttons on our website that redirect you to the relevant social media platforms. This gives you the option to follow us and share content. You will also see advertisements on your social media page. The buttons operate through bits of code provided by the social media networks. If you want to know what the social media platforms do with your personal data, please read the relevant privacy statement:

X (formerly: Twitter) (Privacy Statement) YouTube (Privacy Statement) Github (Privacy Statement) Discord (Privacy Statement)

Protecting your personal data

Personal data security is of great importance to us. CodeSandbox takes appropriate technical and organizational measures with regard to the processing of personal data to be carried out, against loss or any form of unlawful processing (e.g., unauthorized access, tampering, modification, or disclosure of personal data). We constantly update security and pay close attention to what can go wrong.

Cookies

On our website we use cookies from ourselves and from third parties. Cookies are information files that can be automatically stored on or read from the visitor's device (such as PC, tablet or smartphone) when visiting a website. This is done through the web browser on the device.

We use the following types of cookies:

  • Functional cookies: these cookies have a functional role within the website. The cookies ensure that the website functions properly.
  • Analytical cookies: these cookies give us insight into how our website is used. Based on this information, we can make our website more user-friendly.
  • Marketing cookies: these cookies make it possible to show you personalized advertisements (via our advertising partners).

The cookies may collect the following information from you, among others: Name

  • Login information
  • Screen display options
  • IP address
  • Cookie ID
  • Website and click behavior
  • Referrer URL
  • Behavior within the application

When you visit our website for the first time, we display a message explaining cookies. Here, to the extent we are required to do so, we will ask for your consent to the use of cookies.

The table below lists the cookies we use.

TypeCookie; EntityPurposeRetention period
Analytical_AMP_Provides data on events that occur while user is interacting with the services as input to build anonymised reports.1 year
Analyticalamp_Provides data on events that occur while user is interacting with the services as input to build anonymised reports.1 year
AnalyticalAMP_MKTG_sProvides data on events that occur while user is interacting with the services as input to build anonymised reports.1 year
Functional_code_sandbox_key ; CodeSandboxTransient storage of user preferences and data.Session
Functionalguardian_default_token ; CodeSandboxAuthenticating user requests.1 month
Functional_gh_sessIt holds a unique ID for your current session.Session
Functionalcf_clearanceClearance Cookie stores the proof of challengepassed. Used to no longer issue a challenge if present. Required to reach an origin server.1 year
Functionaljf9248hHFEQIU42jf298Holds a unique ID for your current session.Session
Functional_cfuvidRate limiting cookie from CloudFlare.Session

Enabling and disabling cookies

You can set your web browser to only accept cookies with your consent. Consult your browser guide for more information. Please note that many websites will not function optimally when cookies are disabled.

Deleting cookies

Most cookies have an expiry date. When an expiry date is set, the cookie is automatically deleted once that date passes. You can also choose to delete the cookies manually before the expiry date. Please consult your browser guide for more information. Below, you will find a link to the provider’s website for each browser, which provides step-by-step instructions on how to block or delete cookies.

What are your privacy rights?

If you have any questions or would like to know what personal data we have about you, you can always contact us using the contact details below.

You have the following rights:

  • Right of access: you have the right to access the personal data we process about you.
  • Right to rectification: you have the right to correct or supplement the personal data we process about you, e.g., if they are incorrect or incomplete.
  • Right to object: you have the right to object to the processing of your personal data and to direct marketing.
  • Right to erasure: you may request us to erase your personal data.
  • Right to withdraw your consent: if you have consented to us processing personal data, you can withdraw your consent at any time.
  • Right to data portability: if it is technologically possible, you have the right to have the personal data we process about you transferred to a third party.
  • Right to restrict processing: in some cases, you can request that we restrict the processing of your personal data (temporarily or otherwise).

We may ask you for identification to fulfil your request. We require this information to ensure that the requested personal data belongs to the right person.

We will generally comply with your request within one month. However, this period may be extended by two months depending on the specific privacy rights or the complexity of the request. If we extend this period, we will inform you in good time.

If you wish to exercise any of your rights, you can do so by sending an email to [email protected].

Changes to this privacy and cookie statement

When there is a change in our services, we will also need to change our privacy and cookie statement. Please consult this privacy and cookie statement regularly for the most up-to-date information.

Filing a complaint

Should you feel we have not been able to help you properly with any questions about your privacy, you have the right to file a complaint with the Dutch data protection authority (Autoriteit Persoonsgegevens).

Contact details

For questions about our privacy and cookie statement or your rights, you can always contact us using the information below:

CodeSandbox B.V. Singel 542 1017 AZ Amsterdam The Netherlands

Email: [email protected]

Chamber of commerce number (KvK-nummer): 71881972