Security / privacy / public site

Security

This page describes the principles of protecting the public site CODE9: HTTPS, forms, cookies, analytics, external services and the procedure for contacting issues of personal data and security.

HTTPS Cookie-consent Webvisor External services

Circuit 01

Public site and encryption

The public site CODE9 is served over HTTPS. The marketing front is not intended to store OAuth secrets, CRM tokens, admin keys and other permanent secrets in the user's browser.

PD Policy

Circuit 02

Forms, cookies and analytics

Optional analytics scripts are enabled only after user selection. Mandatory checkboxes on forms are separated from voluntary consent to advertising.

Cookie Policy

Circuit 03

Contacts, documents and external services

Legal documents are available on the `legal` page, contact details are listed on a separate page, and the external services used are listed in a separate application.

Contacts

Block 01

How the public outline of the site works

Open/close

This block describes only the public site, forms and services visible to the user. It does not replace internal regulations, contracts with contractors, and official access policies.

The public site CODE9 works as an information and communication layer. It is not intended for permanent storage of access secrets in the user's browser and is not used as a storage place for client CRM tokens, service API keys and other administrative secrets.

site pages are opened over a secure HTTPS connection;
the marketing site is separated from server services and integration circuits;
website forms are used only for receiving requests, preparing proposals, consultations and communication through the channel selected by the user;
public forms of the site do not transmit personal data of users to the AI model, unless such a scenario is separately described and disclosed in advance.

Block 02

Cookie, Яндекс.Metric and Webvisor

Open/close

Technical cookies are necessary for the basic functioning of the site. Analytics and Webvisor are only launched after the user is selected in the cookie banner.

The site uses a cookie banner with the user's explicit choice. Analytical scripts should not run automatically before consent. When using Webvisor or similar analytics tools, sensitive form fields should be masked or excluded from the record.

Detailed rules are described in cookie policy and personal data processing policy.

Block 03

External channels and transitions

Open/close

Messengers, booking services, external integration platforms and other domains are not part of the same legal regime as the site itself.

If the user himself chooses WhatsApp, Telegram, MAX, Wazzup24, an entry form or other external service, further processing may occur according to the rules of the relevant platform. Before the transition, the site must indicate that the user is leaving the internal loop of CODE9 and opening an external service.

An actual list of publicly used services, channels and domains is available at list of external services CODE9.

Block 04

Where to go for data and security issues

Open/close

For requests regarding withdrawal of consent, data deletion, security, cookies and legal issues, use public contacts CODE9.

Contacts CODE9 — details, email, telephone, postal address and procedure for submitting appeals;
Legal information — documents and consents;
support@codenine.ru — general address for inquiries regarding documents and security.