1. Information We Collect
We collect only the information required to deliver and improve our services. This includes account details you provide, usage data generated by your interactions with our products, and limited diagnostic data that keeps our systems healthy.
Sensitive authentication secrets (like database passwords or API keys) are encrypted at rest and are never logged in plain text.
- Contact data: name, company, role, and preferred communication details.
- Operational data: project briefs, uploaded assets, and feature requests you explicitly share.
- Product analytics: event and performance metadata that helps us keep the experience fast and reliable.
2. How We Use Your Data
We use your information to provide core functionality, personalize product experiences, and communicate roadmaps or policy updates. Aggregated and anonymized trends guide product decisions but never reveal identifiable customer data.
If we introduce new processing purposes, we update this policy and obtain additional consent when required.
3. Sharing & Disclosure
We never sell personal data. Limited sharing occurs only with vetted infrastructure partners (hosting, analytics, and support tooling) that contractually commit to confidentiality.
We may disclose information when legally compelled. When permitted, we notify affected customers before responding to such requests.
4. Your Rights & Choices
You can request access, corrections, exports, or deletion of your information at any time. When deletion is requested, we purge production data within 30 days and backups within 90 days unless we are legally obligated to retain it longer.
"Privacy is a shared responsibility—tell us what feels right for your team and we will calibrate our approach."
5. Security & Retention
We employ encryption in transit and at rest, enforce least-privilege access controls, and monitor our infrastructure 24/7. Regular reviews ensure every vendor meets the same standard.
Retention windows balance regulatory requirements with customer expectations. The table below summarizes our default timelines.
| Data Type | Default Retention |
|---|
| Account & billing records | 7 years or until contract termination, whichever is later |
| Product telemetry (anonymized) | 24 months |
| Support conversations | 18 months |
| Backups containing personal data | Rolling 90-day window |
6. Contact Us
Questions about privacy, data processing agreements, or security reviews can be sent to devflow.technologies@gmail.com. We aim to respond within two business days.