PRIVACY POLICY
PRIVACY POLICY
1. Who we are
Devad IO Ltd (“Devad”, “we”, “us”) operates chat.devad.io. We are the data controller for all personal data processed through the Service.
2. Scope
This Policy covers how we collect, use, store, share and protect your personal data when you visit or use the Service.
3. What we collect
A. Information you give us
- Account details: name, email, password, optional profile photo
- Social-media tokens (we never store passwords)
- Payment data: partial card number, expiry, billing address (processed by Stripe; we do not store full card numbers)
- Support tickets and any messages you send us
B. Information we collect automatically
- Device & log data: IP address, browser type, operating system, language, referring URLs, pages visited, time stamps
- Analytics: Google Analytics 4, Microsoft Clarity (session recordings anonymised), Dreamdata (first-party analytics)
- Advertising identifiers: Meta Pixel, Microsoft Click ID, Google Click ID
- Cookies & page tags: see Section 7 below
C. Information from third parties
- Google OAuth: name, email, profile picture when you connect Google accounts
- Affiliate networks: PartnerStack ID, commission data (only if you came via an affiliate link)
4. Legal bases (GDPR)
- Contract: to provide the Service and process payments
- Consent: for marketing emails and optional cookies
- Legitimate interests: fraud prevention, analytics, service improvement
- Legal obligation: tax, accounting, and regulatory requirements
5. How we use your data
- Create and manage your account
- Schedule and publish posts to connected social-media accounts
- Process payments and send invoices
- Send transactional emails (password resets, billing alerts)
- Send marketing emails if you opt in (you can opt out anytime)
- Detect and prevent fraud or abuse
- Generate anonymized analytics and usage reports
- Comply with legal obligations
6. Sharing & international transfers
We never sell your data. We share only:
- With sub-processors listed in Section 8 (all bound by DPAs or DPF certification)
- With social-media platforms you connect (as necessary to publish your content)
- When legally required (court order, regulator request)
- In a merger or asset sale (subject to this Policy)
Transfers outside the UK/EEA use Standard Contractual Clauses or the EU-US/UK-US Data Privacy Framework.
7. Cookies & tracking
Essential cookies are always on. Analytics and marketing cookies are off unless you consent. You can change settings anytime via the cookie banner or browser. Details of each cookie, purpose, and lifespan are listed in our full Cookie Policy (Section 7 of the original document).
8. Sub-processors (processors)
AWS (EU-Central-1), CloudFront, Stripe, Google (Analytics, Tag Manager, OAuth), Microsoft (Clarity, Ads), Meta (Pixel), HubSpot, PartnerStack, Zapier, Dreamdata — all certified under DPF or bound by Standard Contractual Clauses.
9. Your rights (GDPR & LGPD)
Access, rectify, erase, restrict, object, data portability, withdraw consent, and complain to your local supervisory authority. Requests are free and handled within 30 days.
10. Retention periods
- Chat history & posts: until you delete your account or 12 months after last activity (whichever is shorter)
- Payment records: 7 years (tax law)
- Analytics cookies: up to 2 years (see cookie table)
- Marketing consent records: 3 years after last interaction
11. Security
We use TLS 1.3, AES-256 encryption, MFA, quarterly penetration tests, and ISO-27001-aligned controls. We never store full card numbers or social-media passwords.
12. Changes to this Policy
We will post any material changes here and, where appropriate, notify you by email or in-app banner. Continued use of the Service after changes constitutes acceptance of the revised Policy.
13. Contact us
Email: info@devad.io
