devtune
Sign Up

Privacy Policy

Our privacy policy and how we use your data

This Privacy Policy explains how DevTune (the “Company”, “we”, “us”, or “our”) collects, uses, and shares information about you when you use our website and application (the “Service”).

Who We Are

Controller: PLGeek Ltd, C/O Aardvark Accounting, 1 Cedar Office Park, Cobham Road, Wimborne, BH21 7SB, United Kingdom. You can reach us atprivacy@devtune.ai. If you are an EEA/UK/Swiss resident, we process your personal data as a controller under the GDPR/UK GDPR.

Information We Collect

  • Account & Profile: name, email, password hash, team membership, roles/permissions, and preferences (e.g., language, theme).
  • Billing: plan selection, subscription status, limited billing metadata. Payment card data is handled by Stripe; we do not store full card details.
  • Service Usage: logs of sign-ins, feature usage, and telemetry necessary to secure and operate the Service.
  • Content You Provide: repository URLs, SDK metadata, test configurations, and prompts provided for model testing. Do not include sensitive personal data in prompts or uploads.
  • Device & Technical: IP address, browser type, device identifiers, and performance metrics to protect and improve the Service.
  • Cookies & Similar: see our Cookie Policy for details on preference and essential cookies.

How We Use Your Information

  • Provide, secure, and maintain the Service
  • Authenticate users and enforce authorization and RLS policies
  • Measure usage, troubleshoot issues, and improve performance
  • Process payments, subscriptions, and invoices
  • Communicate about updates, security, and support
  • Comply with legal obligations and enforce our Terms

Legal Bases (GDPR)

  • Contract: to provide and support the Service at your request (e.g., account creation, running tests, billing).
  • Legitimate Interests: to secure the Service, prevent fraud, and understand product performance in privacy-preserving ways.
  • Consent: for non‑essential cookies/analytics where required by law.
  • Legal Obligation: to comply with tax, accounting, and regulatory requirements.

Sharing And Disclosure

We share data with vendors acting as processors, including:

  • Cloud infrastructure, authentication, and database providers to operate the Service (e.g., managed Postgres/auth/storage).
  • Payment processors to handle subscriptions and invoices.
  • Optional analytics/service monitoring providers to improve reliability and UX.
  • AI model providers to execute tests you request. We minimize data shared to what’s necessary for the test.

We do not sell personal information. We may disclose information if required by law or to protect our rights, users, or the public. See our Subprocessors page for our current vendor list.

Current Service Providers (Subprocessors)

We use trusted service providers acting as processors to deliver the Service. The specific providers may vary by region and feature set:

  • Stripe (payments and subscription billing)
  • Sentry (error tracking and performance monitoring)
  • Vercel (application hosting and delivery)
  • Inngest (job orchestration and scheduled workflows)
  • Supabase (database, authentication, and storage)
  • Resend (transactional email delivery)
  • PostHog (analytics and product insights - EU region)

We will maintain appropriate data protection terms with each processor and update this section as our infrastructure evolves.

International Transfers

We may transfer personal data outside your country (including to the United States). Where required, we use appropriate safeguards such as Standard Contractual Clauses.

Data Retention

We retain personal data for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. We use documented retention rules and remove or anonymize data when no longer needed.

API activity logs used for account governance are retained for up to 30 days. Client metadata (IP address and user agent) is only included in these logs when explicitly enabled by configuration.

Security

We use technical and organizational measures including role-based access control (RBAC), row-level security (RLS), encrypted transport, hardened cookies, audit logging, and least-privilege defaults. No security measure is perfect; we encourage responsible disclosure.

Your Rights

Depending on your location, you may have rights to access, correct, delete, or port your data, and to object to or restrict certain processing. You can exercise rights by contactingprivacy@devtune.ai.

California residents may have additional rights under CCPA/CPRA (e.g., to know, delete, and correct). We do not sell or share your personal information for cross‑context behavioral advertising.

Children

The Service is not directed to children under 16 and we do not knowingly collect their personal data. If you believe a child has provided us personal data, contact us for removal.

Changes To This Policy

We may update this Privacy Policy to reflect changes to our practices or legal requirements. Material updates will be indicated here.

Contact

Controller: PLGeek Ltd, C/O Aardvark Accounting, 1 Cedar Office Park, Cobham Road, Wimborne, BH21 7SB, United Kingdom.

Email: privacy@devtune.ai