Terms of Service

1. Acceptance of Terms

Welcome to Codynex LLC ("Codynex," "Company," "we," "our," or "us"). These Terms of Service ("Terms") constitute a legally binding agreement between you ("Client," "you," or "your") and Codynex LLC, a Texas-based company specializing in AI agents, automation workflows, custom software, website and mobile app development, cloud engineering, consulting, offshore development services, and digital solutions.

By accessing our website at codynex.com, using our services, or entering into a service agreement with us, you acknowledge that you have read, understood, and agree to be bound by these Terms, along with our Privacy Policy and any other applicable agreements.

By using our services, you also agree to our Privacy Policy and Cookie Policy, which explain how we process your personal data in compliance with the General Data Protection Regulation (GDPR). These policies describe our data processing practices, your rights regarding personal data, and how we ensure the security and privacy of your information.

For users and clients located in the European Union (EU) or European Economic Area (EEA), additional data processing requirements and protections apply under GDPR. Your statutory rights under GDPR and EU consumer protection laws are not affected by these Terms.

If you do not agree to these Terms, you must not use our website or services.

These Terms apply to all visitors, users, clients, and others who access or use our services, whether as individuals or on behalf of an organization.

2. Description of Services

Codynex provides a comprehensive range of technology services, including but not limited to:

AI Agent Development: Custom autonomous AI agents, chatbots, virtual assistants, and intelligent automation systems
Automation Workflows: Business process automation, workflow optimization, and integration solutions
Custom Software Development: Tailored software applications, enterprise solutions, and system integrations
Website Development: Responsive web applications, e-commerce platforms, and content management systems
Mobile App Development: iOS and Android native apps, cross-platform solutions, and progressive web apps
Cloud Engineering: Cloud architecture design, migration, deployment, and infrastructure management
Consulting Services: Technology strategy, digital transformation, AI implementation consulting
Offshore Development: Dedicated development teams, staff augmentation, and managed services
Digital Solutions: LLM integration, machine learning models, data analytics, and API development

2.1 Service Limitations and Disclaimers

While we strive to deliver high-quality services, please be aware of the following limitations:

Services are provided based on agreed specifications and scope of work
Performance of AI systems may vary based on data quality, training, and use cases
Third-party integrations depend on external API availability and functionality
Development timelines are estimates and may be subject to change
We do not guarantee specific business outcomes or ROI from our solutions
Custom development work is iterative and may require client feedback and approvals

3. Use of Website & Services

3.1 Acceptable Use

You agree to use our website and services only for lawful purposes and in accordance with these Terms. You agree not to:

Violate any applicable local, state, national, or international law
Infringe upon or violate our intellectual property rights or those of others
Harass, abuse, insult, harm, defame, slander, disparage, intimidate, or discriminate
Submit false or misleading information
Upload or transmit viruses, malware, or any other malicious code
Engage in unauthorized framing of or linking to our website
Use automated systems or software to extract data from our website (scraping)
Attempt to bypass any security measures or access restrictions
Use our services to develop competing products or services
Reverse engineer, decompile, or disassemble any software we provide

3.2 Prohibited Activities

The following activities are strictly prohibited:

Using our AI systems or services for illegal activities
Creating deepfakes, misinformation, or deceptive content
Developing weapons, surveillance systems, or harmful applications
Processing personal data without proper legal basis
Attempting to manipulate, abuse, or exploit our AI systems
Sharing access credentials or accounts with unauthorized parties

3.3 Accuracy of Information

You are responsible for ensuring that all information you provide to us is accurate, current, and complete. This includes contact information, project requirements, business data, and any other details necessary for service delivery.

3.4 User Responsibilities

As a user of our services, you are responsible for:

Maintaining the confidentiality of your account credentials
Promptly notifying us of any unauthorized use of your account
Ensuring compliance with all applicable laws in your use of our services
Backing up your own data and content
Understanding the capabilities and limitations of the solutions we provide

3.5 Sensitive Personal Information

Unless specifically agreed in writing, do not upload or share sensitive personal data through our services. Sensitive personal data includes special categories of personal data as defined under GDPR Article 9, including but not limited to:

Health data and medical information
Biometric data for uniquely identifying individuals
Genetic data
Racial or ethnic origin
Political opinions or affiliations
Religious or philosophical beliefs
Trade union membership
Sexual orientation or sex life
Criminal convictions or offenses

If the processing of sensitive personal data is necessary for the provision of specific services and has been explicitly agreed upon in writing, we will implement additional safeguards including:

Obtaining explicit consent where required by law
Implementing enhanced security measures and encryption
Limiting access to authorized personnel only
Documenting the lawful basis and necessity for processing
Conducting Data Protection Impact Assessments (DPIAs) as required

You are responsible for ensuring that you have the legal right and appropriate lawful basis to share any sensitive personal data with us for processing.

4. Intellectual Property Rights

4.1 Codynex Intellectual Property

Unless otherwise stated, Codynex and/or its licensors own all intellectual property rights in:

Our website, including design, layout, graphics, and content
Our proprietary software, frameworks, and code libraries
Our branding, logos, trademarks, and service marks
Our methodologies, processes, and business systems
Pre-existing tools, templates, and components used in service delivery

4.2 Client Intellectual Property

Upon full payment for custom development work, you will own the intellectual property rights to:

Custom code developed specifically for your project (excluding our proprietary frameworks)
Custom designs, graphics, and content created for your project
Project-specific documentation and deliverables

4.3 License Grants

We grant you a non-exclusive, non-transferable, revocable license to use the deliverables we create for your intended business purpose. This license does not include the right to resell, redistribute, or use our work to create derivative products without our written consent.

4.4 Third-Party Components

Some deliverables may incorporate third-party software, libraries, or services subject to their own licensing terms. You agree to comply with all applicable third-party licenses.

5. Client Responsibilities

To ensure successful project delivery, clients are responsible for:

5.1 Providing Accurate Information

Clear and detailed project requirements and specifications
Accurate business information and use case descriptions
Access to necessary systems, data, and resources
Relevant credentials, API keys, and integration details

5.2 Timely Approvals and Feedback

Reviewing deliverables within agreed timeframes
Providing clear, actionable feedback
Approving milestones and phases of work
Responding to our questions and requests promptly

5.3 Required Access and Cooperation

Granting necessary access to systems, platforms, and environments
Coordinating with your team members as needed
Participating in meetings, demos, and training sessions
Testing deliverables in your specific environment

5.4 Impact of Delayed Cooperation

Delays in providing required information, access, or approvals may result in project timeline extensions and may affect pricing if additional time is required beyond original estimates.

6. Payment Terms

6.1 Invoicing and Payment Structure

Payment terms are specified in individual service agreements or statements of work. Common payment structures include:

Upfront Deposits: Typically 50% of project cost before work begins
Milestone Payments: Payments tied to completion of specific phases
Monthly Retainers: Recurring payments for ongoing services
Hourly Billing: Time and materials arrangements with agreed rates
Final Payment: Remaining balance due upon project completion

6.2 Payment Methods

We accept payment via:

Bank transfer (ACH/Wire)
Credit/Debit cards
PayPal or other approved payment processors
Cryptocurrency (for select arrangements)

6.3 Non-Refundable Work

Due to the nature of digital services and custom development:

Deposits are generally non-refundable once work begins
Completed work and delivered milestones are non-refundable
Consulting time, planning, and discovery work is non-refundable
Refunds are only provided for unperformed services (see Refund Policy)

6.4 Late Payments

Late payments may result in:

Late fees of 1.5% per month (18% annually) on overdue balances
Suspension of services until payment is received
Withholding of deliverables until full payment
Project cancellation for non-payment beyond 30 days
Legal action to recover unpaid amounts plus collection costs

6.5 Pricing Updates

We reserve the right to update our pricing for future projects. Existing agreements will honor the originally agreed pricing unless scope changes necessitate adjustment.

6.6 Digital Delivery

Deliverables are provided digitally via secure file sharing, code repositories, or cloud platforms. Physical delivery is not standard unless specifically agreed upon.

7. Refund Policy

Our refund policy aligns with industry standards for digital services and custom development:

7.1 Eligible Refunds

Refunds may be provided for:

Unperformed Services: If we fail to deliver agreed services without valid reason
Undelivered Milestones: If specific milestones are not completed as contracted
Material Breach: If we materially breach the service agreement
Service Cancellation: If we cancel a project before work begins

7.2 Non-Refundable Items

The following are not eligible for refunds:

Work already performed and delivered
Time spent on discovery, planning, or consultation
Third-party costs incurred (licenses, APIs, hosting, etc.)
Changes in client requirements after work has begun
Client dissatisfaction with subjective design preferences
Project cancellation by client after work has started

7.3 Refund Process

To request a refund, contact us at support@codynex.com with:

Your project details and invoice number
Detailed explanation of the refund request
Supporting documentation

Approved refunds will be processed within 10-15 business days to the original payment method.

8. Confidentiality

8.1 Mutual Confidentiality Obligation

Both parties agree to maintain confidentiality of:

Business Information: Trade secrets, business strategies, financial data
Technical Information: Source code, algorithms, system architectures
Client Data: Customer information, proprietary data, business processes
Project Details: Specifications, requirements, and implementation plans
AI Training Data: Data used for model training or system configuration

8.2 Exclusions

Confidentiality obligations do not apply to information that:

Is publicly available through no fault of the receiving party
Was independently developed without use of confidential information
Was rightfully obtained from a third party
Must be disclosed by law or court order

8.3 Duration

Confidentiality obligations survive for three (3) years after the termination of our business relationship, or longer if specified in a separate Non-Disclosure Agreement (NDA).

8.4 Data Protection Beyond Confidentiality

Our data processing obligations are governed by our Privacy Policy and any applicable Data Processing Agreement (DPA), which may impose stricter requirements than this confidentiality clause. When we process personal data on your behalf as a Data Processor, we comply with all obligations under GDPR Article 28, including:

Processing personal data only on documented instructions from you as the Data Controller
Ensuring that persons authorized to process personal data are bound by confidentiality
Implementing appropriate technical and organizational security measures
Assisting you in responding to data subject rights requests
Assisting you in ensuring compliance with GDPR security, breach notification, and impact assessment obligations
Deleting or returning personal data upon termination of services, as directed
Making available information necessary to demonstrate compliance and allowing for audits

9. Data Processing and GDPR Compliance

9.1 Data Processing Roles

Under the General Data Protection Regulation (GDPR), Codynex may act in different roles depending on the nature of the services provided:

Data Controller: When we collect and process personal data for our own purposes (such as marketing, website analytics, client relationship management, and service improvement), we act as a Data Controller and determine the purposes and means of processing.
Data Processor: When we process personal data on your behalf according to your instructions (such as when providing custom software solutions, AI systems that process your customer data, or cloud services), we act as a Data Processor and process data only as directed by you, the Data Controller.

The specific role and responsibilities will be clearly defined in our service agreements and any applicable Data Processing Agreement (DPA).

9.2 Client Obligations as Data Controller

When you engage Codynex to process personal data on your behalf, you act as the Data Controller and are responsible for:

Lawful Basis: Ensuring that you have a valid lawful basis under GDPR Article 6 for sharing personal data with Codynex and for the processing activities you instruct us to perform
Privacy Notices: Providing appropriate privacy notices to your data subjects (customers, users, employees, etc.) informing them about how their personal data will be processed, including disclosure to third-party processors like Codynex
Consent Management: Obtaining and managing valid consent from data subjects when required by law, and ensuring consent covers the processing activities we perform on your behalf
Data Accuracy: Ensuring that personal data you provide to us is accurate, up-to-date, and lawfully collected
Data Subject Rights: Responding to data subject rights requests from your customers and users, and coordinating with us when our assistance is required
Processing Instructions: Providing clear, lawful, and documented instructions for how we should process personal data on your behalf
Compliance: Maintaining compliance with all applicable data protection laws and regulations in your jurisdiction

You represent and warrant that you have complied with all applicable data protection laws before sharing any personal data with Codynex.

9.3 Data Processing Agreement (DPA)

For clients who are Data Controllers under GDPR, a separate Data Processing Agreement (DPA) is available upon request and will govern the processing of personal data. The DPA supplements these Terms and includes additional provisions required by GDPR Article 28, including:

Processing Instructions: Detailed description of the subject matter, duration, nature, and purpose of processing, as well as the types of personal data and categories of data subjects
Security Measures: Comprehensive technical and organizational measures to ensure data security, including encryption, access controls, and security testing
Sub-Processors: List of authorized sub-processors, procedures for notifying you of sub-processor changes, and your right to object
Data Breach Notification: Procedures and timelines for notifying you of personal data breaches affecting your data
Audit Rights: Your rights to audit our data processing practices and receive documentation demonstrating compliance
International Transfers: Safeguards for transferring personal data outside the EU/EEA, including Standard Contractual Clauses (SCCs)
Data Subject Rights Assistance: Our obligations to assist you in responding to data subject access requests, rectification, erasure, and other rights
Data Return and Deletion: Procedures for returning or deleting personal data upon termination of services

To request a DPA, please contact us at hr@codynex.com. The DPA must be executed before we begin processing personal data on your behalf.

9.4 Your Data Protection Rights

You have specific rights regarding your personal data under GDPR. Please see our Privacy Policy for full details on how to exercise these rights. Under GDPR, you have the following rights:

Right of Access (Article 15): The right to obtain confirmation of whether we process your personal data and to receive a copy of your personal data
Right to Rectification (Article 16): The right to have inaccurate personal data corrected and incomplete data completed
Right to Erasure (Article 17): The right to have your personal data deleted in certain circumstances (also known as the "right to be forgotten")
Right to Restriction of Processing (Article 18): The right to request that we limit the processing of your personal data in certain circumstances
Right to Data Portability (Article 20): The right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller
Right to Object (Article 21): The right to object to processing based on legitimate interests, direct marketing, or processing for research/statistical purposes
Right to Withdraw Consent (Article 7): Where processing is based on consent, the right to withdraw that consent at any time
Right Not to Be Subject to Automated Decision-Making (Article 22): The right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects
Right to Lodge a Complaint: The right to lodge a complaint with your local data protection supervisory authority

To exercise any of these rights, please contact us at hr@codynex.com or see the procedures outlined in our Privacy Policy.

9.5 Data Subject Requests

We have established procedures to handle data subject access requests (DSARs) and other rights requests in compliance with GDPR:

Timeline: We will respond to verified requests within 30 days of receipt, or inform you if an extension is necessary (up to an additional 60 days for complex requests)
Verification: We may require verification of your identity before processing requests to protect against fraudulent requests
No Fee: We do not charge a fee for processing legitimate requests unless they are manifestly unfounded, excessive, or repetitive
Request Submission: Submit requests by email to hr@codynex.com or through our website contact form

When Codynex acts as a Data Processor: If you receive a data subject rights request from an individual whose data we process on your behalf, you are obligated to inform us promptly so we can assist you in responding. We will cooperate with you and provide necessary information and access to personal data within our systems to enable you to fulfill your obligations as Data Controller. However, you remain responsible for responding to the data subject and determining the appropriate action.

10. AI & Data Usage

10.1 How We Use Client Data

When providing AI services, we may use client data for:

AI Agent Training: Training custom models for your specific use case
System Configuration: Setting up automation workflows and integrations
Testing & Optimization: Ensuring AI systems perform as expected
Service Improvement: Improving our AI methodologies (anonymized data only)

GDPR Compliance Statement: All data processing activities are conducted in full compliance with GDPR requirements. We process personal data only for specified, explicit, and legitimate purposes and do not process data in a manner incompatible with those purposes (purpose limitation principle).

Data Minimization: We only process personal data that is adequate, relevant, and limited to what is necessary for providing and improving our services. We do not collect or retain excessive data beyond what is required for the stated purposes.

10.2 Data Protection Commitments

We commit to:

No Data Selling: We do NOT sell or share your data with third parties for their marketing purposes
No Cross-Client Training: Your data is not used to train models for other clients
Secure Storage: Data is encrypted at rest and in transit using industry-standard encryption protocols
Limited Access: Only authorized team members access your data on a need-to-know basis
Data Deletion: Client data is deleted upon request after project completion, subject to legal retention requirements

GDPR Article 28 Processor Obligations: When acting as a Data Processor, we comply with all obligations under GDPR Article 28, including:

Processing personal data only on documented instructions from the Data Controller
Ensuring confidentiality of processing personnel
Implementing appropriate technical and organizational measures to ensure security
Respecting conditions for engaging sub-processors
Assisting the Data Controller in fulfilling obligations to respond to data subject rights
Assisting with data protection impact assessments and consultations with supervisory authorities
Deleting or returning personal data after the end of service provision
Making available information necessary to demonstrate compliance

Security Measures per GDPR Article 32: We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Pseudonymization and encryption of personal data
Ability to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems
Ability to restore availability and access to data in a timely manner after an incident
Regular testing, assessment, and evaluation of security measure effectiveness

Data Breach Notification per GDPR Article 33: In the event of a personal data breach that we become aware of, we will:

Notify affected Data Controllers without undue delay and, where feasible, within 72 hours of becoming aware of the breach
Provide detailed information about the breach including nature, categories and approximate number of affected data subjects, likely consequences, and measures taken or proposed
Cooperate with investigations and regulatory reporting requirements
Document all data breaches and our response measures

International Data Transfers: Personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. When we transfer personal data internationally, we implement appropriate GDPR safeguards, including:

European Commission-approved Standard Contractual Clauses (SCCs)
Adequacy decisions where the destination country has been deemed to provide adequate protection
Additional supplementary measures to ensure data protection equivalent to GDPR standards
EU-U.S. Data Privacy Framework certification where applicable

10.3 Third-Party AI Services

Some projects may use third-party AI services (OpenAI, Google AI, AWS AI, etc.). In such cases:

You acknowledge that data may be processed by these providers
Third-party terms of service and privacy policies apply
We implement best practices to minimize data exposure
You can request alternatives if you have specific requirements

10.4 Client Control and Data Deletion

You retain ownership of your data and can:

Request data deletion at any time: You have the right to request deletion of your personal data, subject to legal retention obligations
Export your data: Request data export in standard formats (JSON, CSV, XML, etc.)
Opt-out of non-essential data processing: Decline optional data processing activities that are not necessary for service delivery
Request detailed information: Obtain comprehensive information about data usage, storage, and processing activities

Data Deletion Procedure: To request data deletion:

Submit a written deletion request to hr@codynex.com
Specify which data you want deleted (all data, specific project data, etc.)
We will confirm receipt and verify your identity
Data will be deleted within 30 days of request verification
We will provide confirmation once deletion is complete

Exceptions to Data Deletion: We may retain certain data when required by:

Legal obligations (tax records, financial reporting, audit requirements)
Dispute resolution or pending legal claims
Fraud prevention and security purposes
Enforcing our Terms or protecting rights, property, or safety

When retention is necessary, we will retain only the minimum data required and implement appropriate safeguards.

11. Third-Party Tools & Integrations

11.1 Third-Party Dependencies

Our services may rely on third-party tools and platforms, including but not limited to:

AI Providers: OpenAI, Anthropic, Google AI, AWS Bedrock
Cloud Services: AWS, Google Cloud, Microsoft Azure, Vercel
APIs & Services: Stripe, Twilio, SendGrid, various SaaS platforms
Development Tools: GitHub, GitLab, npm packages, libraries
Analytics & Monitoring: Google Analytics, Sentry, monitoring tools

11.2 Disclaimer of Liability

Codynex is not liable for:

Third-party service outages or downtime
Changes to third-party APIs or pricing
Deprecation or discontinuation of third-party services
Security breaches of third-party platforms
Data loss due to third-party failures
Performance issues caused by external dependencies

11.3 Client Responsibilities

You are responsible for:

Maintaining your own accounts with third-party services
Paying for third-party licenses, APIs, and subscriptions
Complying with third-party terms of service
Understanding the limitations of integrated services

11.4 Service Alternatives

If a third-party service becomes unavailable or unsuitable, we will make reasonable efforts to suggest alternatives or modify the implementation, which may result in additional costs.

12. Third-Party Data Processing and Sub-Processors

12.1 Use of Sub-Processors

When providing services, Codynex may engage third-party sub-processors to assist in processing personal data. We carefully select sub-processors and ensure they provide sufficient guarantees to implement appropriate technical and organizational measures to meet GDPR requirements.

12.2 List of Sub-Processors

A current list of authorized sub-processors is maintained and available upon request. Our primary sub-processors include:

Cloud Infrastructure Providers: AWS, Google Cloud, Microsoft Azure for hosting and storage
AI Service Providers: OpenAI, Anthropic, Google AI for AI model processing
Communication Services: SendGrid, Twilio for email and SMS services
Analytics Services: Google Analytics for website analytics
Payment Processors: Stripe, PayPal for payment processing

To request the complete and current sub-processor list, contact hr@codynex.com.

12.3 Sub-Processor Standards

All sub-processors are required to:

Comply with GDPR and applicable data protection laws
Implement appropriate technical and organizational security measures
Process personal data only on documented instructions
Maintain confidentiality of personal data
Assist with data subject rights requests and breach notifications
Delete or return personal data upon termination of services

12.4 Changes to Sub-Processors

We will provide at least 30 days' prior written notice before:

Engaging a new sub-processor to process personal data on your behalf
Making changes to existing sub-processor arrangements that affect data processing

Notice will be provided via email to your registered contact address and/or through updates to our website.

12.5 Right to Object

You have the right to object to the engagement of a new sub-processor or changes to sub-processor arrangements. If you object:

You must notify us in writing within 15 days of receiving notice
Objections must be based on reasonable data protection concerns
We will work with you in good faith to address your concerns
If we cannot resolve your concerns, you may terminate the affected services without penalty

12.6 Codynex Liability for Sub-Processors

Codynex remains fully liable to you for the performance of any sub-processor's obligations under applicable data protection agreements. We remain responsible for ensuring that sub-processors comply with the same data protection obligations that apply to us under GDPR and our agreements with you.

13. Service Availability & Disclaimers

13.1 No Guarantee of Uninterrupted Access

While we strive for high availability, we do not guarantee:

Uninterrupted access to our website or services
Error-free operation of delivered systems
100% uptime for hosted solutions
Immediate response to support requests

13.2 Maintenance and Updates

We reserve the right to:

Perform scheduled maintenance with advance notice
Conduct emergency maintenance as needed
Update our systems and services for security or performance
Temporarily suspend services for critical repairs

13.3 "As-Is" and "As-Available" Disclaimer

Our services are provided on an "AS-IS" and "AS-AVAILABLE" basis without warranties of any kind, either express or implied, including but not limited to:

Implied warranties of merchantability
Fitness for a particular purpose
Non-infringement
Accuracy, reliability, or completeness

13.4 No Warranty of Results

We do not warrant that:

Our services will meet your specific requirements
The operation will be timely, secure, or error-free
Results obtained will be accurate or reliable
Defects will be corrected (unless under warranty agreement)

14. Limitation of Liability

14.1 Maximum Liability

To the maximum extent permitted by applicable law, Codynex's total aggregate liability arising out of or related to these Terms or our services shall not exceed the total amount paid by you to Codynex in the twelve (12) months preceding the claim.

14.2 Exclusion of Damages

In no event shall Codynex be liable for:

Indirect, incidental, special, consequential, or punitive damages
Loss of profits, revenue, data, or business opportunities
Business interruption or downtime
Cost of substitute services or solutions
Damage to reputation or goodwill
Any damages arising from third-party services or integrations

14.3 Basis of the Bargain

These limitations apply regardless of the form of action (contract, tort, negligence, strict liability, or otherwise) and reflect the allocation of risk between the parties. These limitations apply even if Codynex has been advised of the possibility of such damages.

14.4 Exceptions and GDPR-Specific Liability

Nothing in these Terms excludes or limits liability for:

Death or personal injury caused by negligence
Fraud or fraudulent misrepresentation
Any liability that cannot be excluded under applicable law

GDPR Data Protection Liability: Nothing in these Terms limits or excludes our liability for:

Data protection violations under GDPR: Including violations of data subject rights, unlawful processing, or breaches of data protection principles
Failure to implement appropriate security measures: As required by GDPR Article 32, including failure to use encryption, pseudonymization, or other security safeguards
Unauthorized or unlawful processing of personal data: Including processing beyond documented instructions or for purposes not authorized by the Data Controller
Breaches resulting from our gross negligence or willful misconduct: Including intentional violations of data protection obligations or reckless disregard for data security
Violations subject to GDPR administrative fines: As outlined in GDPR Articles 83 and 84

These GDPR-specific liability provisions apply regardless of the limitations in Sections 14.1 and 14.2 above. The limitation of liability does not apply to GDPR penalties, compensation claims by data subjects, or regulatory enforcement actions.

For clients acting as Data Controllers, our mutual liabilities and indemnification obligations regarding data protection are further detailed in the Data Processing Agreement (DPA).

15. Indemnification

You agree to indemnify, defend, and hold harmless Codynex, its officers, directors, employees, contractors, agents, licensors, and suppliers from and against any claims, liabilities, damages, judgments, awards, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising out of or relating to:

Your violation of these Terms
Your use of our services or deliverables in an unlawful manner
Your violation of any third-party rights, including intellectual property rights
Any content or data you provide to us
Your use of the delivered systems or software
Any breach of your representations or warranties
Misuse of AI systems or automation tools we provide
Data privacy violations resulting from your data handling practices

We reserve the right to assume exclusive defense and control of any matter subject to indemnification, and you agree to cooperate with our defense of such claims.

16. Termination

16.1 Termination Rights

Either party may terminate a service agreement:

For Convenience: With 30 days' written notice
For Cause: Immediately upon material breach by the other party
For Non-Payment: If payment is overdue by more than 30 days
For Impossibility: If performance becomes legally or technically impossible

16.2 Effect of Termination

Upon termination:

Access: Your access to services will be suspended or revoked
Outstanding Payments: All amounts owed become immediately due
Work Product: Completed and paid work will be delivered; incomplete work remains our property
Data: You have 30 days to export your data before deletion
Licenses: Any licenses granted may be revoked unless fully paid

16.3 Survival

The following sections survive termination: Intellectual Property, Confidentiality, Data Processing and GDPR Compliance, Limitation of Liability, Indemnification, Governing Law, and any payment obligations.

16.4 Data Handling Upon Termination

Upon termination of services, the following data handling procedures apply:

Your Rights to Retrieve Data:

You have 30 days from the date of termination to request retrieval of your personal data and project data
Data will be provided in commonly used, machine-readable formats (JSON, CSV, XML, SQL dump, etc.)
We will use commercially reasonable efforts to facilitate data export and transfer
Large data sets may be provided via secure file transfer or cloud storage links

Deletion or Return of Personal Data:

When Codynex acts as Data Processor: Upon termination, we will delete or return all personal data we process on your behalf as a Data Processor, unless retention is required by law
You may instruct us to either delete or return personal data - please specify your preference in writing
Deletion will be performed within 30 days of the end of the data retrieval period, unless you request earlier deletion
Deletion includes removal from all active systems, backups, and archives (subject to technical limitations of backup systems)

Certification of Deletion:

Upon request, we will provide written certification that personal data has been deleted or returned
Certification will include the date of deletion, categories of data deleted, and systems from which data was removed
Request certification by contacting hr@codynex.com

Retention Exceptions:

We may retain certain data after termination when required by:

Legal Obligations: Tax records, financial documents, and audit trails required by law (typically 7 years for financial records)
Dispute Resolution: Data necessary for pending legal claims, disputes, or arbitration proceedings
Regulatory Requirements: Data retention required by industry regulations or government authorities
Fraud Prevention: Minimal data required to prevent fraudulent re-registration or security threats
Enforcing Rights: Data necessary to enforce our Terms, protect rights, property, or safety

When retention is necessary, we will:

Retain only the minimum data required for the specified purpose
Implement appropriate safeguards and access restrictions
Delete the data once the retention requirement ends
Inform you of any retained data categories and retention periods upon request

For questions about data handling upon termination, contact hr@codynex.com.

17. Portfolio & Marketing Rights

17.1 Right to Showcase Work

Unless otherwise agreed in writing, Codynex reserves the right to:

Display completed projects in our portfolio and case studies
Use project screenshots, descriptions, and results in marketing materials
Mention your company name as a client reference
Share non-confidential project details in blog posts or presentations

17.2 Confidential Projects

If your project is confidential, you may request:

Exclusion from our public portfolio
Anonymized case studies (without identifying information)
Complete non-disclosure of the project

Such requests must be made in writing before project commencement and may be formalized in a separate NDA.

17.3 Client Testimonials

We may request your permission to use testimonials, reviews, or feedback for marketing purposes. You may decline without affecting our business relationship.

18. Governing Law and Dispute Resolution

18.1 Governing Law

These Terms shall be governed by and construed in accordance with the laws of the State of Texas, United States, without regard to its conflict of law provisions.

18.2 Jurisdiction and Venue

Any legal action or proceeding arising out of or relating to these Terms shall be brought exclusively in the state or federal courts located in Travis County, Texas. You consent to the personal jurisdiction of such courts and waive any objection to venue.

18.3 Dispute Resolution

Before initiating formal legal proceedings, parties agree to attempt to resolve disputes through:

Good Faith Negotiation: Direct communication between decision-makers
Mediation: Voluntary mediation with a mutually agreed mediator

18.4 Class Action Waiver

You agree that any dispute resolution proceedings will be conducted only on an individual basis and not in a class, consolidated, or representative action.

18.5 GDPR Jurisdiction and Enforcement

For EU/EEA residents, these Terms do not affect your statutory rights under GDPR or EU consumer protection laws. The following provisions apply to residents of the European Union and European Economic Area:

Right to Bring Claims in Your Country: EU/EEA residents may bring claims related to these Terms or data processing in the courts of their country of residence under GDPR
Data Protection Authority: You have the right to lodge complaints with your local data protection supervisory authority regarding our data processing practices
EU Member State Court Jurisdiction: Data protection disputes may be subject to the jurisdiction of EU Member State courts, notwithstanding the Texas jurisdiction clause above
Consumer Protection Laws: Nothing in these Terms affects mandatory consumer protection rights granted by EU law
GDPR Precedence: Where these Terms conflict with GDPR requirements, GDPR provisions shall prevail for EU/EEA residents

18.6 Privacy Shield and International Data Transfer Frameworks

For international data transfers from the EU/EEA to the United States and other jurisdictions, we rely on the following mechanisms:

EU-U.S. Data Privacy Framework:

Codynex monitors certification requirements for the EU-U.S. Data Privacy Framework
Current framework compliance status is available upon request at hr@codynex.com
We adhere to framework principles including notice, choice, accountability, security, and recourse

Standard Contractual Clauses (SCCs):

For transfers not covered by adequacy decisions or framework certifications, we use European Commission-approved Standard Contractual Clauses
SCCs are incorporated into our Data Processing Agreements for EU/EEA clients
We implement supplementary measures to ensure protection equivalent to EU standards
Transfer impact assessments are conducted to evaluate risks for specific data transfers

UK GDPR and Post-Brexit Considerations:

We comply with the UK GDPR (as incorporated into UK law following Brexit) for processing personal data of UK residents
International data transfer addendum to EU SCCs is used for transfers from the UK
We monitor UK adequacy decisions and implement appropriate safeguards for UK data transfers
UK residents have the same data protection rights as EU residents under these Terms

Other Jurisdictions:

We also comply with similar data protection laws in other jurisdictions including California (CCPA/CPRA), Canada (PIPEDA), Brazil (LGPD), and others as applicable
Jurisdiction-specific data protection rights are honored for residents of those jurisdictions

19. Transparency and Accountability

19.1 Commitment to GDPR Principles

Codynex is committed to upholding all GDPR data protection principles in our processing activities:

Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner
Purpose Limitation: We collect personal data for specified, explicit, and legitimate purposes only
Data Minimization: We process only data that is adequate, relevant, and limited to what is necessary
Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date
Storage Limitation: We retain personal data only as long as necessary for the stated purposes
Integrity and Confidentiality: We implement appropriate security measures to protect personal data
Accountability: We demonstrate compliance with data protection principles through documentation and policies

19.2 Data Processing Records

In accordance with GDPR Article 30, we maintain records of our data processing activities, including:

Categories of personal data processed
Purposes of processing
Categories of data subjects
Recipients or categories of recipients of personal data
International data transfers and safeguards
Retention periods
Technical and organizational security measures

These records are available to supervisory authorities upon request and to Data Controllers we serve as Processor.

19.3 Right to Audit

For clients acting as Data Controllers, we provide audit rights to verify our compliance with data protection obligations:

Information Requests: You may request information about our data processing practices, security measures, and compliance procedures
Audit and Inspection Rights: You may conduct audits or appoint an independent auditor to assess our data protection compliance
Frequency: Audits may be conducted once per year or more frequently if required by law or in response to a data breach
Notice: Reasonable advance notice (at least 30 days) must be provided for audits
Scope: Audits are limited to systems and processes relevant to your data
Cost: You are responsible for costs of audits unless an audit reveals material non-compliance
Confidentiality: Auditors must be bound by confidentiality obligations

To exercise audit rights or request processing records, contact hr@codynex.com.

19.4 Transparency Reports

We are committed to transparency in our data processing practices:

We maintain documentation of our security measures and compliance procedures
We provide transparency about our use of sub-processors
We document data breaches and our response measures
We may publish periodic transparency reports regarding data requests and processing activities

19.5 Privacy by Design and by Default

In accordance with GDPR Article 25, we implement Privacy by Design and Privacy by Default principles:

Privacy by Design: We integrate data protection considerations into the development of our services, systems, and business processes from the earliest stages
Privacy by Default: Our systems are configured by default to process only the minimum personal data necessary for the specific purpose
Technical Measures: We implement pseudonymization, encryption, and other privacy-enhancing technologies
Organizational Measures: We maintain data protection policies, training programs, and accountability structures
Default Settings: Privacy-friendly settings are the default in our systems, with data collection minimized unless you explicitly enable additional features
Data Protection Impact Assessments: We conduct DPIAs for high-risk processing activities

20. Changes to Terms

We reserve the right to modify these Terms at any time. When we make changes, we will:

Update the "Last Updated" date at the top of this document
Post the revised Terms on our website
Notify you via email for material changes (if you have an active account)
Provide reasonable notice before changes take effect

Your continued use of our services after changes become effective constitutes acceptance of the revised Terms. If you do not agree to the new Terms, you must discontinue use of our services.

For existing service agreements, changes to Terms will not affect the specific terms already agreed upon in signed contracts or statements of work.

20.1 Material Changes Affecting Data Processing

For changes that materially affect how we process personal data, we will provide at least 30 days' notice and, where required by GDPR, obtain your renewed consent.

Material changes to data processing include:

Changes to the purposes for which personal data is processed
Changes to categories of personal data processed
Introduction of new sub-processors or significant changes to sub-processor arrangements
Changes to international data transfer mechanisms
Changes to data retention periods
Reduction in security measures or data protection safeguards

20.2 Right to Terminate Due to Data Processing Changes

If you do not agree to material changes affecting data processing, you have the right to:

Object to the changes: Notify us of your objection within the notice period
Terminate services: Terminate affected services without penalty during the notice period
Request data deletion: Request deletion or return of your personal data upon termination
Withdraw consent: Where processing is based on consent, withdraw that consent at any time

To exercise these rights, contact hr@codynex.com within the notice period specified in our change notification.

21. Miscellaneous

21.1 Entire Agreement

These Terms, together with any service agreements, statements of work, our Privacy Policy, Cookie Policy, and any applicable Data Processing Agreement, constitute the entire agreement between you and Codynex regarding the use of our services.

21.2 Severability

If any provision of these Terms is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary, and the remaining provisions will remain in full force and effect.

21.3 Waiver

No waiver of any term or condition shall be deemed a further or continuing waiver of such term or any other term. Our failure to assert any right or provision under these Terms shall not constitute a waiver of such right or provision.

21.4 Assignment

You may not assign or transfer these Terms or your rights hereunder without our prior written consent. We may assign our rights and obligations without restriction.

21.5 Force Majeure

Neither party shall be liable for delays or failures in performance resulting from causes beyond reasonable control, including natural disasters, war, terrorism, strikes, internet failures, or government actions.

21.6 Independent Contractors

The parties are independent contractors. Nothing in these Terms creates a partnership, joint venture, agency, or employment relationship.

22. Contact Information

If you have any questions, concerns, or requests regarding these Terms of Service, please contact us:

Codynex LLC

Email: info@codynex.com

Support: support@codynex.com

Privacy & Data Protection: hr@codynex.com

Phone: +1 (281) 270-5900

Address: Katy, TX 77494, USA

Registered in Austin, Texas

For data protection inquiries, please contact our privacy team at hr@codynex.com. This includes requests to exercise your GDPR rights, data subject access requests, questions about data processing, requests for Data Processing Agreements, or concerns about data protection compliance.

For legal inquiries or formal notices, please send correspondence to hr@codynex.com. For general support or service questions, please contact us at support@codynex.com.

23. Acknowledgment

By using our services, you acknowledge that you have read, understood, and agree to be bound by these Terms of Service. You also acknowledge that these Terms constitute a legally binding agreement between you and Codynex LLC.

If you are entering into this agreement on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these Terms.

You further acknowledge that you have been informed of your rights under GDPR (if applicable) and understand how your personal data will be processed in accordance with our Privacy Policy and these Terms.