Legal Document

Privacy Policy

At Devryxlab, we are committed to protecting your privacy and handling your personal data responsibly. This policy explains exactly what we collect, why, and how.

Last Updated: May 10, 2026Effective: May 10, 2026
Summary: We collect only the data necessary to deliver your project and run our business. We never sell your data. We use secure, privacy-respecting tools. You have full rights over your data. Read on for full details.

1. Information We Collect

1.1 Information You Provide Directly

When you contact us, request a quote, or engage our services, we collect:

Full name and email address — provided through our contact forms or project intake forms.
Phone number — optionally provided for project communication.
Company name and role — to understand your business context and tailor our solutions.
Project details and requirements — including technical specifications, design preferences, budget ranges, and timelines shared during discovery calls or written briefs.
Payment information — billing address and invoice details. We do not store credit card data; payments are processed by trusted third-party providers (Stripe or bank transfer).

1.2 Information Collected Automatically

When you visit our website, we automatically collect:

IP address and approximate geolocation — used for analytics and security.
Browser type, device type, and operating system — for optimising site performance.
Pages visited, time on page, and referral source — through privacy-respecting analytics (we use Vercel Analytics or Plausible, which do not use third-party cookies).
Cookies and local storage — only essential cookies are used by default. You can manage preferences via our cookie notice.

1.3 Information from Third Parties

If you connect with us via LinkedIn, Upwork, or Fiverr, we may receive your name, profile information, and contact details as provided by those platforms and subject to their privacy policies.

2. How We Use Your Information

We process your personal data only for legitimate, specific purposes:

Service delivery — to scope, plan, develop, test, and deploy software projects you commission.
Project communication — to send progress updates, request feedback, share deliverables, and coordinate timelines via email, Slack, or other agreed channels.
Invoicing and accounting — to issue invoices, process payments, and maintain financial records as required by law.
Legal compliance — to comply with applicable laws, regulations, and professional standards in the jurisdictions we operate.
Service improvement — to analyse anonymised usage data to improve our website and the services we offer.
Marketing (only with consent) — to send newsletters, case studies, or service announcements. You can unsubscribe at any time.
Security — to detect, prevent, and respond to fraud, abuse, or security threats.

We never sell your personal data to third parties. We do not use your project data to train AI models without your explicit written consent.

3. Data Sharing and Third-Party Services

We share your data only where necessary to deliver our services or comply with legal obligations:

All third-party processors are contractually bound to protect your data and may not use it for their own purposes. We do not transfer your data outside of GDPR-compliant jurisdictions without appropriate safeguards in place.

RecipientPurposeData Shared
Vercel / AWS / Cloud HostsHosting project infrastructureProject files, env configs
GitHub / GitLabVersion control and code collaborationSource code, project repos
Stripe / BankPayment processingInvoice data, billing address
Slack / Notion / LinearProject management and communicationProject specs, messages
Google WorkspaceEmail communicationEmail content
Plausible / Vercel AnalyticsWebsite analytics (cookieless)Anonymised visit data

4. Data Retention

We retain your data for as long as necessary to fulfil the purposes for which it was collected:

Active project data — retained throughout the project engagement and for 2 years afterwards for support and warranty purposes.
Financial records — retained for 7 years as required by accounting regulations.
Marketing communications — retained until you unsubscribe or request deletion.
Website analytics — retained for 13 months in anonymised, aggregated form.
General enquiries — retained for 12 months if no project engagement follows.

When data is no longer required, it is securely deleted or anonymised.

5. Your Rights

Depending on your location, you have the following rights regarding your personal data:

Right of access — request a copy of the personal data we hold about you.
Right to rectification — request correction of inaccurate or incomplete data.
Right to erasure — request deletion of your data, subject to legal retention requirements.
Right to restriction — request that we limit processing of your data.
Right to data portability — receive your data in a structured, machine-readable format.
Right to object — object to processing based on legitimate interests or for direct marketing.
Right to withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at privacy@devryxlab.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

6. Security Measures

We take data security seriously and implement industry-standard measures:

All data in transit is encrypted using TLS 1.2 or higher.
Project repositories use private access controls with multi-factor authentication required for all team members.
Sensitive credentials and environment variables are stored in encrypted secret managers (e.g., Vercel Environment Variables, AWS Secrets Manager).
We conduct regular security reviews and dependency audits on codebases we maintain.
Access to client project data is restricted to team members actively working on that project (principle of least privilege).
In the event of a data breach that affects your personal data, we will notify you within 72 hours as required by applicable law.

7. Cookies

Our website uses a minimal cookie footprint:

Essential cookies — necessary for the website to function (e.g., form security tokens). Cannot be disabled.
Analytics cookies — we use privacy-first, cookieless analytics that do not track individuals across sites and do not require consent banners under most jurisdictions.
Preference cookies — store your theme preference (light/dark mode). Session-scoped.

We do not use advertising cookies, retargeting pixels, or social media tracking scripts on our site.

8. Children's Privacy

Our services are intended for businesses and professionals aged 18 and over. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of material changes by posting the updated policy on this page with a revised "Last Updated" date. For significant changes, we may also notify you by email. Continued use of our services after changes take effect constitutes acceptance of the updated policy.

10. Contact Us

For any privacy-related questions, requests, or concerns, please contact:

Devryxlab

Privacy & Data Protection

📧 privacy@devryxlab.com

🌐 https://devryxlab.com

We are committed to resolving your concerns promptly and transparently.

Questions about your privacy?

We are happy to explain anything. Reach out and we will respond within 24 hours.

Contact Privacy Team
Terms of ServiceBack to Home