Privacy Policy
Plain-English summary: we collect what we need to do business with you, we don't sell your information, and we use a small number of well-known vendors (Stripe, Google, AWS) to run things.
Effective: April 27, 2026
Who we are
CodeMushroom LLC is a Pennsylvania limited liability company providing software engineering and IT services. References to "we," "us," or "our" mean CodeMushroom LLC. References to "you" or "your" mean the organization or person we're providing services to (or reading this page).
CodeMushroom operates additional brands, including Tyoga Tech (local IT services), and software products such as Codenc.io. Each product or brand may have its own privacy policy that applies to that product's users; this policy covers our corporate operations and the visitors and clients of codemushroom.com.
What information we collect
We collect three kinds of information:
1. Information you give us directly. Organization name, contact name, billing address, email, phone — what we need to scope work, send invoices, and follow up. During an engagement, we may also receive access to your systems, source code, configuration data, or business records as required to do the work.
2. Payment information. Card or bank details are handled directly by Stripe, our payment processor. We do not see, store, or have access to full card numbers or bank account numbers. We receive confirmation that a payment succeeded along with the amount and date.
3. Information from automated tools. If we deploy monitoring, logging, or testing infrastructure as part of an engagement, we may receive operational data. We document this in the engagement scope.
We do not use website analytics or advertising trackers on codemushroom.com.
How we use information
To do the things you've hired us to do, including:
- Provide the services we've agreed to (custom software, IT services, ongoing operation of systems we've built or are operating).
- Bill you and process payments.
- Communicate about your account, scheduled work, and incidents.
- Improve our internal records, processes, and methods.
- Comply with legal and tax obligations.
We do not sell, rent, or trade your information to third parties for their own marketing.
Who we share information with
A small number of service providers we use to run the business:
- Stripe — payment processing. stripe.com/privacy
- Google Workspace — our email and document storage. policies.google.com/privacy
- Amazon Web Services (AWS) — hosting for our website and operational infrastructure. aws.amazon.com/privacy
- GitHub — source-control hosting for code we write. docs.github.com/.../github-general-privacy-statement
Engagement-specific subprocessors (cloud platforms, third-party APIs, tools required by the work) are disclosed in the engagement scope.
We may also share information when required by law or to protect against fraud, abuse, or harm to people or property.
How long we keep information
Business records (contracts, invoices, work orders) — at least seven years, to meet Pennsylvania and federal record-keeping expectations.
Source code we've written for you is kept indefinitely in our private source-control history unless you ask us to delete it; either way, you receive the deliverables and have the right to operate them independently.
Operational data (logs, monitoring) — typically the life of the engagement plus a short retention window for troubleshooting.
Email correspondence — retained per Google Workspace's defaults unless you ask us to delete a specific thread.
How we protect information
Reasonable, professional safeguards: encrypted laptops, multi-factor authentication on sensitive accounts, principle-of-least-privilege access controls, current operating-system patching, and secret-management practices for any credentials we hold on your behalf. No system is perfectly secure — we don't pretend otherwise — but we treat your information with the same care we'd want for our own.
If we ever experience a security incident that affects your data, we'll tell you about it without delay.
Your choices
You can ask us at any time to:
- Tell you what information we have about you.
- Correct anything that's wrong.
- Delete information we no longer need (we'll honor this except where retaining the record is required by law or for tax/audit purposes).
Email contact@codemushroom.com.
Children
We serve organizations and businesses. We do not knowingly collect personal information from children under 13.
Changes to this policy
If we change anything material, we'll update the "Effective" date at the top and, for active clients, send a heads-up.
Contact
Questions about this policy? Email contact@codemushroom.com.
Mailing address (for formal notices): CodeMushroom LLC, Wellsboro, PA. A specific street address is available on request.