Legal

Privacy Policy

Last updated: 2 April 2026

The Code Deck is operated by Ebrahim Touray, trading as The Code Deck (thecodedeck.dev). This policy explains what personal data we collect, why we collect it, and your rights under UK GDPR and the Data Protection Act 2018.

1. Who we are

The Code Deck is a software engineering job board and career toolkit operated by an individual trader based in the United Kingdom. For data protection purposes, we are the data controller for personal information collected through this website.

Contact: contact@thecodedeck.dev

2. What data we collect

We collect the following categories of personal data:

Account data — when you sign in with Google, we receive your name, email address, and profile picture from Google. We store this to identify your account.
Email address — if you subscribe to job alerts or the weekly digest, we store your email and your alert preferences (job field, keywords, remote preference).
Payment data — if you purchase a featured listing or Pro subscription, payments are processed by Stripe. We do not store your card details. We receive your email and a Stripe customer reference.
Usage data — we record anonymous analytics events (page views, job views, apply clicks) via Plausible Analytics. This data contains no personal identifiers.
Session data — we use a session cookie to keep you signed in. This contains a session ID only and expires after 30 days of inactivity.
Saved content — if you save jobs or Career Toolkit outputs, we store these against your account.

3. Why we collect it (legal basis)

Account and session data — necessary to perform the service you've requested (signing in, saving jobs, using the Career Toolkit). Legal basis: contractual necessity.
Email alerts — you explicitly opt in to receive these. Legal basis: consent. You can unsubscribe at any time via the link in any email we send.
Payment data — required to complete your purchase and maintain subscription records. Legal basis: contractual necessity and legal obligation.
Analytics — we use privacy-friendly, cookieless analytics (Plausible) to understand how the site is used, with no personal data collected. Legal basis: legitimate interest.

4. How we use your data

To provide and maintain your account
To send job alert emails matching your saved preferences
To send the weekly job digest (if subscribed)
To process payments and manage your subscription
To contact you about your account or a support request
To improve the site based on anonymous usage analytics

We do not sell your data, share it with advertisers, or use it for profiling.

5. Third-party services

We use the following third-party services which may process your data:

Google OAuth — sign-in authentication. Google Privacy Policy
Stripe — payment processing. Stripe Privacy Policy
Resend — transactional email delivery. Resend Privacy Policy
Plausible Analytics — cookieless, GDPR-compliant analytics. No personal data is sent. Plausible Privacy Policy
Cloudflare — CDN and DDoS protection. Your IP address passes through Cloudflare's network. Cloudflare Privacy Policy
Hetzner — hosting provider. Our server is located in the EU. Hetzner Privacy Policy

6. Cookies and local storage

We use a single session cookie (tcd_sid) to keep you signed in. This is a strictly necessary cookie — it contains only a session reference and no personal data.

We use localStorage in your browser to remember your dark/light mode preference. This contains no personal data and never leaves your device.

We do not use advertising cookies, tracking pixels, or third-party marketing cookies.

7. Data retention

Account data — retained while your account is active. Deleted within 30 days of an account deletion request.
Email subscribers — retained until you unsubscribe. Removed within 7 days of unsubscribing.
Payment records — retained for 7 years as required by UK tax law.
Session data — expires after 30 days of inactivity.
Analytics data — anonymised; no retention limit applies as no personal data is stored.

8. Your rights

Under UK GDPR, you have the following rights:

Access — request a copy of the personal data we hold about you
Rectification — request correction of inaccurate data
Erasure — request deletion of your account and associated data
Portability — request your data in a machine-readable format
Objection — object to processing based on legitimate interest
Withdrawal of consent — unsubscribe from emails at any time

To exercise any of these rights, email contact@thecodedeck.dev. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

9. Data security

Personal data is stored on servers located within the EU (Hetzner, Helsinki). We use HTTPS for all data in transit. Session cookies are set with HttpOnly and Secure flags. We do not store passwords — authentication is handled entirely by Google OAuth.

10. Children

This service is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this policy from time to time. Material changes will be noted at the top of this page with an updated date. Continued use of the site after changes constitutes acceptance of the updated policy.

12. Contact

For any privacy-related questions or requests: contact@thecodedeck.dev