Contents
1 Introduction
Cast Rock Innovation L.L.C. d/b/a Cast Net Technology, operating as CodaFend ("Company," "we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website (codafend.com) or use our services, including the CodaFend compliance platform and the RuleBrief regulatory intelligence service.
Please read this policy carefully. If you disagree with its terms, please discontinue use of our site and services.
2 Information We Collect
A. Information You Provide Directly
- Contact information (name, email address, organization name) when you submit an inquiry via our website or by email
- Business information you provide when onboarding to RuleBrief (industry, state, employee count, regulation categories)
- Communications you send to us
B. Information Collected Automatically
- Usage data: pages visited, time on page, referring URL, browser type, device type, IP address (anonymized)
- Cookies and similar technologies: session cookies for site functionality; analytics cookies (see Section 7)
- We do not use tracking pixels or behavioral advertising cookies
C. Healthcare Client Data (CodaFend Platform Customers)
Do not submit Protected Health Information (PHI) through this website, contact forms, or email communications to Cast Net Technology. This website and its communication channels are not designed, configured, or intended to receive PHI as defined under HIPAA.
The CodaFend platform is operated by healthcare organizations within their own infrastructure or a HIPAA-eligible cloud environment. Cast Net Technology does not collect, store, or process Protected Health Information (PHI) on its own servers in connection with the CodaFend platform.
Any PHI processed through the CodaFend platform is subject to the terms of the applicable Business Associate Agreement (BAA) with the customer organization. Customers are solely responsible for ensuring their use of the CodaFend platform complies with HIPAA and applicable state health privacy laws.
D. No PHI on This Website
This website is not a HIPAA-covered channel. Do not submit patient names, dates of birth, diagnosis codes, claim data, member IDs, or any other Protected Health Information through any form, email, or communication on codafend.com. If PHI is inadvertently received, we will make reasonable efforts to delete it and notify the sender. We do not guarantee the security of unsolicited PHI transmissions.
3 How We Use Information
- To respond to inquiries and communicate with prospective and current customers
- To deliver the RuleBrief service (personalized regulatory briefs)
- To improve our website content and user experience
- To comply with legal obligations
We do not sell personal information to third parties. We do not use your information for behavioral advertising.
4 Legal Basis for Processing
Where applicable (including for individuals in the European Economic Area or other jurisdictions with similar requirements), we rely on the following legal bases for processing personal information:
- Performance of a contract — delivering the RuleBrief service to subscribers
- Legitimate interests — responding to inquiries and improving our services, where such interests are not overridden by your privacy rights
- Compliance with legal obligations — retaining records as required by applicable law
- Consent — where we have obtained your explicit agreement to a specific use
5 Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share information in the following limited circumstances:
- Service providers: We engage third-party vendors in the following categories, each operating under data processing agreements that restrict their use of your information to the services provided: (a) website hosting and content delivery — Cloudflare, Inc. (Cloudflare Pages); (b) transactional and operational email — Microsoft Corporation (Outlook/Microsoft 365); (c) website analytics — Cloudflare Web Analytics (cookieless, privacy-preserving; no cross-site tracking).
- Legal compliance: When required by applicable law, court order, or government authority, or when necessary to protect the rights, property, or safety of our company, our users, or the public
- Business transfers: In connection with a merger, acquisition, or sale of all or substantially all of our assets, with appropriate prior notice to affected users
6 Data Retention
- Inquiry and contact data: Retained for up to 3 years from last contact
- RuleBrief subscriber data: Retained for the duration of the subscription plus 2 years following termination
- Website analytics data: Retained for 13 months
- Healthcare client data processed under a BAA: Subject to the retention terms in the applicable Business Associate Agreement. CodaFend platform customers maintain their own 7-year HIPAA retention obligations independent of Cast Net Technology's systems
When retention periods expire, we delete or anonymize personal information in accordance with our internal data management procedures.
7 Cookies
We use the following categories of cookies on codafend.com:
- Strictly necessary cookies: Required for basic site functionality such as navigation and form submissions. These cookies do not collect personal information and cannot be disabled without affecting site operation.
- Analytics (cookieless): We use Cloudflare Web Analytics to understand aggregate site usage patterns (e.g., pages visited, session duration). Cloudflare Web Analytics does not use cookies, does not collect personal information, and does not track visitors across sites. No opt-out is required as no personal data is collected by this analytics provider.
We do not use advertising cookies, cross-site tracking cookies, or behavioral profiling technologies. We do not participate in any third-party advertising networks.
8 Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate or incomplete information
- Request deletion of your personal information, subject to legal retention requirements
- Object to or restrict certain types of processing
- Data portability (receiving your data in a structured, machine-readable format)
- Withdraw consent where processing is based on consent
To exercise any of these rights, please contact us at castnettechnology@outlook.com. We will respond within 30 days, or as required by applicable law.
California Residents: You have additional rights under the California Consumer Privacy Act (CCPA), including the right to know about personal information collected about you in the preceding 12 months, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To submit a CCPA request, contact us at the email address above.
9 Data Security
We implement reasonable administrative, technical, and physical safeguards designed to protect personal information in our custody against unauthorized access, disclosure, alteration, or destruction. These measures include access controls, encrypted communications, and periodic security reviews.
However, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security and encourage you to exercise care when sharing sensitive information online.
For healthcare customers using the CodaFend platform within a HIPAA-covered environment, additional security standards — including encryption at rest, audit logging, and access management — are addressed in the applicable Business Associate Agreement.
10 Children's Privacy
Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently received personal information from a child under 18, we will take steps to delete such information promptly. If you believe we have collected information from a child, please contact us at castnettechnology@outlook.com.
11 Third-Party Links
Our website may contain links to third-party websites, including rulebrief.com and castnettechnology.com. These sites are operated independently and have their own privacy policies. This Privacy Policy does not apply to those sites, and we are not responsible for their privacy practices or content. We encourage you to review the privacy policies of any third-party sites you visit.
12 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page.
Continued use of our website or services following the posting of a material update constitutes your acceptance of the revised Privacy Policy. If you do not agree to the updated terms, you should discontinue use of our services.
13 Contact
For privacy-related questions, requests to exercise your rights, or concerns about our data practices, please contact us:
Cast Rock Innovation L.L.C. d/b/a Cast Net Technology (CodaFend)
Email: castnettechnology@outlook.com
Website: codafend.com