Back to Home

Privacy Policy

Effective Date: 2025 October 1st

Last Updated: 2025 October 1st

Introduction

This Privacy Policy explains how DEVARC ("DEVARC", "we", "us") collects, uses, discloses, and safeguards personal data when you use our websites, applications, and related services (the "Services"). We process personal data as a controller for our own purposes and, where we act on your documented instructions to process Customer Data within your account, as a processor.

Who We Are and How To Contact Us

Controller: DEVARC. Contact: legal@devarc.ai. If you are located in the EEA or UK, you may also contact your local data protection authority to lodge a complaint. We will cooperate with authorities to resolve concerns.

Scope

This Policy applies to personal data we process about visitors, account holders, team members, and other end users of the Services. It does not apply to third party services that are governed by their own privacy policies.

Information We Collect

  • Identity and contact data: name, email address, and similar identifiers.
  • Account data: user ID, authentication details, organization and team associations, role.
  • Billing data: payment method, billing address, tax IDs. Payments are processed by third party providers; we do not store full payment card numbers.
  • Usage and device data: IP address, device and browser information, log data, timestamps, crash reports, language and region settings.
  • Cookie and similar data: identifiers placed on your device to operate and improve the Services.
  • Project and Customer Data: content you upload or generate in DEVARC, including decision trees, notes, files, prompts, AI outputs and user selected repositories' code.
  • Communications: support requests, feedback, and marketing preferences.

Sources of Personal Data

  • Directly from you when you create an account, use the Services, or communicate with us.
  • Automatically from your devices through cookies, SDKs, and logs.
  • From third parties, such as single sign on providers, payment processors, and integration partners you choose to connect.
  • From third party – Github, specifically user selected code repositories.

How We Use Personal Data

  • Provide, operate, and maintain the Services.
  • Authenticate users, secure accounts, and prevent fraud and abuse.
  • Deliver AI powered functionality, including routing prompts to multiple model providers under our instructions, index codebases to provide context for AI.
  • Process transactions and provide customer support.
  • Analyze usage to improve features and develop new services.
  • Send service related communications. With your consent, send marketing communications.
  • Comply with law and enforce our agreements.

Legal Bases for Processing (EEA and UK Users)

  • Contract: to provide and support the Services you request.
  • Legitimate interests: to secure, improve, and customize the Services and to prevent abuse.
  • Consent: for optional cookies, marketing, and certain integrations. You can withdraw consent at any time.
  • Legal obligation: to meet compliance and tax obligations.

Do We Sell or Share Personal Information

We do not sell personal information and we do not share personal information for cross context behavioral advertising as those terms are defined by the California Consumer Privacy Act (CCPA). If our practices change, we will update this Policy and provide required notices.

Cookies and Tracking

We use strictly necessary cookies to operate the Services and optional analytics cookies to understand how the Services are used. You can manage cookies in your browser settings. If required by law, we will obtain your consent before using non essential cookies.

AI Providers and Customer Data

To deliver DEVARC functionality, we may transmit Customer Data and prompts to third party AI model providers acting as our processors or sub processors. We require these providers to protect data and to use it only to provide the Services under our instructions. We do not permit providers to use your Customer Data to train their general models unless you explicitly opt in.

Subprocessors

We use reputable vendors for hosting, analytics, payments, and AI inference. A current list of subprocessors is available upon request at legal@devarc.ai. We will provide notice of material changes where required.

International Data Transfers

If we transfer personal data outside the EEA, UK, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses, the UK Addendum, or an adequacy decision. We take steps to ensure that recipients protect your personal data.

Retention

We retain personal data for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. We apply documented retention periods and delete or de identify data when it is no longer needed.

Security

We implement administrative, technical, and physical safeguards designed to protect personal data, including access controls, encryption in transit, and monitoring. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, or port your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise rights, contact legal@devarc.ai. If we cannot verify your identity, we may request additional information as permitted by law.

California Disclosures

California residents have the right to know categories of personal information collected, the sources, purposes, and categories of disclosures; to request access, correction, and deletion; to opt out of sale or sharing; to limit the use of sensitive personal information; and to not be discriminated against for exercising rights. We do not sell or share personal information and do not use sensitive personal information for purposes requiring a right to limit.

Children

The Services are intended for individuals 18 years and older. We do not knowingly collect personal data from anyone under 18. If we learn that a minor has provided personal data, we will delete it.

Your Responsibilities

You are responsible for the content you upload and for configuring privacy settings and integrations appropriately. Do not include special categories of personal data unless necessary and permitted by law.

Third Party Links and Services

The Services may link to third party sites or allow you to enable third party integrations. We are not responsible for the privacy practices of those third parties. Review their policies before sharing data.

Do Not Track

Because there is no consistent industry standard, the Services do not respond to Do Not Track signals.

Changes To This Policy

We will update this Policy when necessary to reflect changes to our practices or legal requirements. The date at the top shows when it was last updated.

How To Contact Us

If you have questions or requests about this Policy, contact legal@devarc.ai.