Privacy Policy

Last updated: July 2025

1. Introduction

DevsHub Technologies W.L.L. ("DevsHub," "we," "us," or "our"), a company registered in Doha, Qatar, operates the DevsHub.ai platform — an autonomous AI software engineering CLI and cloud sandbox orchestration service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (devshub.ai), our CLI tool (CodeSync), our web dashboard, and any related services (collectively, the "Service").

We are committed to protecting your privacy. By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: When you register for an account, we collect your name, email address, company name, and authentication credentials.
• Communications: When you contact us via email (e.g., [email protected], [email protected]) or through our access request form, we collect the content of your message and any attachments.
• Billing Information: If you subscribe to a paid plan, we collect billing details. Payment card information is processed by our third-party payment processor and is never stored on our servers.

2.2 Information Collected Automatically

• Usage Data: We collect metadata about your interactions with the Service — CLI command invocations, sandbox session durations, API call counts, and feature usage patterns. This data is used for operational monitoring, capacity planning, and product improvement.
• Technical Logs: Our infrastructure generates standard server logs (IP address, timestamp, request path, user agent). These are retained for a limited period for security and debugging purposes.
• Sandbox Telemetry: We collect anonymized execution metrics (VM startup time, task completion rates, error counts) to monitor platform health. We do not log the contents of your code, files, or terminal output within sandbox sessions.

2.3 Information We Do NOT Collect

• Your Source Code: DevsHub does not store, retain, or archive your repository contents. Code is synced directly to ephemeral sandbox VMs via encrypted P2P tunnels and is destroyed when the session terminates.
• Your Credentials: API keys, database passwords, and other secrets you configure remain on your local machine. They are injected into sandbox environments at runtime and are never persisted on our infrastructure.
• Terminal Output: We do not log, store, or review the stdout/stderr streams of your sandbox execution sessions.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provision, operate, and maintain the Service, including authenticating users, orchestrating sandbox VMs, and processing API requests.
• Security & Abuse Prevention: To detect, investigate, and prevent fraudulent, unauthorized, or illegal activity. This includes monitoring for violations of our Acceptable Use Policy.
• Product Improvement: To analyze aggregated, anonymized usage patterns to improve performance, reliability, and feature design.
• Communications: To send service-related announcements, security alerts, billing notices, and (with your consent) product updates and newsletters. You may opt out of marketing communications at any time.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests in the State of Qatar or other jurisdictions where we operate.

4. Legal Basis for Processing

For users in the European Economic Area (EEA), United Kingdom, and other jurisdictions requiring a lawful basis, we process personal data under the following grounds:

• Contractual Necessity: Processing required to provide the Service you have requested (e.g., account creation, sandbox provisioning).
• Legitimate Interests: Processing for security monitoring, fraud prevention, and product analytics, where such interests are not overridden by your data protection rights.
• Consent: Where you have given explicit consent (e.g., marketing emails). You may withdraw consent at any time.
• Legal Obligation: Processing required to comply with applicable law.

5. Data Storage & Retention

• Infrastructure Location: Our primary infrastructure is hosted on Google Cloud Platform (GCP). Data may be processed in regions you select when configuring your account (e.g., us-central1, europe-west4).
• Ephemeral Sandboxes: Code, files, and execution state within sandbox VMs are ephemeral by design. Sandbox environments are destroyed immediately upon session completion. No customer code or execution data is retained on our infrastructure beyond the active session.
• Account Data: We retain your account information for as long as your account is active. Upon account deletion, we remove or anonymize your personal data within 30 days, except where retention is required by law.
• Logs & Telemetry: Server logs and anonymized telemetry are retained for a maximum of 90 days, after which they are automatically purged.

6. Data Sharing & Disclosure

We do not sell, rent, or trade your personal data. We may share information only in the following limited circumstances:

• Service Providers: With trusted third-party vendors who perform services on our behalf (cloud infrastructure — GCP, payment processing, email delivery). These providers are contractually bound to process data only per our instructions and in compliance with this policy.
• Legal Requirements: If required by law, court order, or governmental regulation in the State of Qatar or another applicable jurisdiction, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. You will be notified via email and/or a prominent notice on our website.

7. Data Security

We implement industry-standard technical and organizational measures to protect your data:

• Encryption in transit (TLS 1.3) for all network communications.
• Encryption at rest (AES-256) for all persistent storage.
• P2P tunnels secured with AES-GCM-256 for workspace synchronization.
• Strict access controls, multi-factor authentication, and regular security audits.
• Ephemeral, single-tenant sandbox VMs with no cross-tenant data access.

No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data ("right to be forgotten").
• Restriction: Request restriction of processing under certain conditions.
• Portability: Request transfer of your data to another service provider.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Withdraw Consent: Withdraw previously given consent at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

9. International Data Transfers

DevsHub Technologies W.L.L. is based in Doha, Qatar. If you access the Service from outside Qatar, your data may be transferred to, stored, and processed in Qatar or in cloud regions you select. We ensure that any international transfers comply with applicable data protection laws through the use of Standard Contractual Clauses (SCCs) or other approved transfer mechanisms.

10. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at [email protected] and we will delete it.

11. Cookies & Tracking

We use essential cookies and similar technologies for authentication, security, and session management. For detailed information, please see our Cookie Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email (to the address associated with your account) and/or by posting a notice on our website at least 14 days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: [email protected]
• Data Protection Officer: [email protected]
• Registered Address: DevsHub Technologies W.L.L., Doha, Qatar

For general inquiries: [email protected]