Privacy Policy

This Privacy Policy explains how Drustech Private Limited (“Company”, “we”, “us”, “our”) collects, uses, stores, shares, and protects your personal information when you use the Devaiy platform at https://devaiy.com and related services (the “Platform”).

By using the Platform, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Platform.

1. Information We Collect

1.1 Information You Provide

1.2 Information Collected Automatically

1.3 Information from Third Parties

• OAuth Providers (Google, GitHub): When you sign in via Google or GitHub, we receive your name, email address, and profile picture as authorized by you during the OAuth consent flow.
• Payment Processors (Razorpay, Stripe): Transaction status, payment confirmations, subscription status.

2. How We Use Your Information

2.1 Service Delivery

• Providing, operating, and maintaining the Platform
• Processing your prompts through AI Providers to generate code and applications
• Managing your projects, files, and configurations
• Facilitating third-party integrations you configure
• Processing payments and managing subscriptions

2.2 Platform Improvement

• Analyzing aggregated and anonymized usage patterns to improve features
• Identifying and fixing bugs, errors, and performance issues
• Developing new features and services

2.3 Communication

• Sending transactional emails (account verification, password reset, payment receipts)
• Sending service-related notices (maintenance, policy changes, security alerts)
• Responding to support requests and feedback

2.4 Security and Compliance

• Detecting and preventing fraud, abuse, and security threats
• Enforcing our Terms of Service and Acceptable Use Policy
• Complying with legal obligations

3. Data Sharing with Third-Party AI Providers

3.1 How AI Processing Works

When you use the Platform's AI features, your prompts, code context, and related project data are transmitted to third-party AI Providers for processing. Currently, the Platform uses:

• Google (Gemini) — for AI code generation and conversational assistance
• Anthropic (Claude) — for AI code generation and conversational assistance

3.2 What Data is Sent to AI Providers

• Your text prompts and instructions
• Relevant code context from your project (files being discussed or modified)
• Conversation history within a session
• Tool execution results (e.g., file contents, database query results)

3.3 AI Provider Data Handling

Data is transmitted to AI Providers on a pass-through basis for real-time inference. We do not control how AI Providers process or retain data beyond what their terms allow. We recommend reviewing the privacy policies of Google and Anthropic.

3.4 No Model Training by Us

We do not use your prompts, code, project data, or AI Output to train or fine-tune our own AI models. However, third-party AI Providers may process your data in accordance with their own data usage policies. Where available, we use API configurations that opt out of provider-side model training.

4. Data Sharing with Other Third Parties

4.1 Infrastructure and Hosting

Your data is processed and stored using cloud infrastructure services. This may include data centers located outside India.

4.2 Third-Party Integrations (User-Initiated)

When you connect Third-Party Services to your project (Supabase, GitHub, Vercel, Netlify, Railway, Stripe, Resend, or custom APIs), your project data is shared with those services as necessary to perform the integration. This sharing is initiated and controlled by you.

4.3 Payment Processors

Payment information is shared with Razorpay and/or Stripe for transaction processing. We do not store your complete payment card details.

4.4 Analytics

We may use analytics services to understand Platform usage in aggregate. Analytics data is anonymized and does not identify individual users.

4.5 Legal Requirements

We may disclose your information if required to do so by law, court order, or government request, or if we believe in good faith that disclosure is necessary to comply with legal obligations, protect the rights, property, or safety of Drustech Private Limited, our users, or the public, or detect and prevent fraud or security issues.

4.6 No Selling of Data

We do not sell your personal information to third parties.

5. Data Storage and Security

5.1 Storage Location

Your data is stored on cloud servers which may be located in India, the United States, or other regions where our infrastructure providers operate. By using the Platform, you consent to the transfer and storage of your data in these locations.

5.2 Security Measures

We implement reasonable technical and organizational measures to protect your data, including:

• Encryption of data in transit (TLS/SSL)
• Hashed storage of passwords (never stored in plain text)
• Access controls and authentication for internal systems
• Regular security monitoring and logging
• Secure handling of API keys and credentials

5.3 Credential Storage

Third-party API keys and credentials you provide are stored securely using your connected Supabase project's secrets management (Vault). These credentials are not stored in our primary database in plain text.

5.4 No Absolute Guarantee

While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data. You use the Platform at your own risk.

6. Data Retention

6.1 Active Accounts

We retain your data for as long as your Account is active and as needed to provide the Services.

6.2 After Cancellation

Upon subscription cancellation, your Account and data remain accessible until the end of the billing period. After that, account data is retained for up to 90 days to facilitate potential reactivation, then scheduled for permanent deletion.

6.3 After Account Deletion

Upon Account deletion request, your data will be deleted within 30 days from our primary systems. Backup copies may be retained for up to 90 days before automatic purging. Anonymized and aggregated data (that cannot identify you) may be retained indefinitely for analytics.

6.4 Legal Retention

We may retain certain data beyond the above periods where required by applicable law, regulation, or legal proceedings.

7. Cookies and Tracking Technologies

We do not use advertising or marketing tracking cookies. We do not serve ads on the Platform. You can control cookies through your browser settings. Disabling essential cookies may impair Platform functionality.

8. Your Rights

8.1 Access and Portability

You have the right to request a copy of the personal data we hold about you. You can export your project data through the Platform's export features.

8.2 Correction

You have the right to request correction of inaccurate or incomplete personal data.

8.3 Deletion

You have the right to request deletion of your personal data by deleting your Account through the Platform or contacting us at support@devaiy.com. We will process deletion requests within 30 days, subject to legal retention requirements.

8.4 Objection and Restriction

You have the right to object to or request restriction of certain processing activities, including opting out of non-essential analytics.

8.5 Withdraw Consent

Where processing is based on your consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

8.6 Exercising Your Rights

To exercise any of these rights, contact us at support@devaiy.com. We may request identity verification before processing your request.

9. Children's Privacy

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from a child under 18, we will take steps to delete such data promptly. If you believe a child under 18 has provided us with personal information, please contact us at support@devaiy.com.

10. International Data Transfers

Your data may be transferred to and processed in countries outside India, including the United States and other regions where our infrastructure providers and AI Providers operate. Where data is transferred internationally, we ensure appropriate safeguards are in place, including contractual protections with service providers, use of providers that comply with applicable data protection standards, and technical measures such as encryption.

11. Compliance with Indian Law

11.1 Information Technology Act, 2000

We comply with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

11.2 Digital Personal Data Protection Act, 2023

We are committed to complying with the Digital Personal Data Protection Act, 2023 (DPDPA) as its provisions come into effect, including requirements related to lawful purpose and consent for data processing, data principal rights (access, correction, erasure), data fiduciary obligations, and cross-border data transfer compliance.

11.3 Grievance Officer

In accordance with Indian law, we have designated a Grievance Officer who can be contacted for any privacy-related complaints or concerns:

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through email notification to your registered email address, prominent notice on the Platform, and an updated “Last Updated” date at the top of this policy.

Your continued use of the Platform after changes take effect constitutes acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically.

13. Contact Us

For questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:

By using Devaiy, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.