Protecting the information you trust us with.

This policy outlines how DevFlow collects, stores, and safeguards customer data across every product experience. Last updated: May 26, 2026.

1. Information We Collect

We collect only the information required to deliver and improve our services. This includes account details you provide, usage data generated by your interactions with our products, and limited diagnostic data that keeps our systems healthy.

Sensitive authentication secrets (like database passwords or API keys) are encrypted at rest and are never logged in plain text.

For the public SQL Steward course/resource, we count basic interactions and successful file delivery by channel (for example, page view, terminal download, download button, or raw view) to understand resource use. This first-party reporting does not store raw IP addresses, browser identifiers, full user-agent strings, phone names, or device fingerprints in product analytics.

Contact data: name, company, role, and preferred communication details.
Operational data: project briefs, uploaded assets, and feature requests you explicitly share.
Product analytics: event and performance metadata that helps us keep the experience fast and reliable.
Resource analytics: course views, preview opens, terminal-command copies, full-file copies, and successful protocol delivery channels recorded as anonymous event records used to calculate totals.

2. How We Use Your Data

We use your information to provide core functionality, personalize product experiences, and communicate roadmaps or policy updates. Aggregated and anonymized trends guide product decisions but never reveal identifiable customer data.

Resource analytics are used to understand whether visitors find and obtain public learning materials and downloadable protocols. Current SQL Steward reporting stores anonymous first-party event records rather than identifiers for individual visitors.

If we introduce new processing purposes, we update this policy and obtain additional consent when required.

3. Sharing & Disclosure

We never sell personal data. Limited sharing occurs only with vetted infrastructure partners (hosting, analytics, and support tooling) that contractually commit to confidentiality.

We may disclose information when legally compelled. When permitted, we notify affected customers before responding to such requests.

4. Your Rights & Choices

You can request access, corrections, exports, or deletion of your information at any time. When deletion is requested, we purge production data within 30 days and backups within 90 days unless we are legally obligated to retain it longer.

The SQL Steward activity reporting described above is limited to anonymous event records and is not used to build an identifiable visitor profile. You may contact us with questions or requests concerning information associated with your interactions.

"Privacy is a shared responsibility. Tell us what feels right for your team and we will calibrate our approach."

5. Security & Retention

We employ encryption in transit and at rest, enforce least-privilege access controls, and monitor our infrastructure 24/7. Regular reviews ensure every vendor meets the same standard.

Retention windows balance regulatory requirements with customer expectations. The table below summarizes our default timelines.

Data Type	Default Retention
Account & billing records	7 years or until contract termination, whichever is later
Product telemetry (anonymized)	24 months
SQL Steward raw adoption events	Retained until manually deleted or a retention policy is adopted
Support conversations	18 months
Backups containing personal data	Rolling 90-day window

6. Contact Us

Questions about privacy, data processing agreements, or security reviews can be sent to devflow.technologies@gmail.com. We aim to respond within two business days.