This site is under construction
DevToLab
Legal Framework v2.4.0Last Updated: October 24, 2023

Privacy Policy
— Technical Detailed Overview

This document outlines the technical protocols, data lifecycle management, and privacy engineering standards practiced at DevToLab. We prioritize zero-trust architecture and data minimization across all our software delivery pipelines.

# Introduction

DevToLab ("we," "our," or "us") is committed to protecting the privacy of our clients and end-users. This technical policy describes how we collect, use, and handle data when you interact with our developed applications, websites, and internal infrastructure.

Our approach is "Privacy by Design," ensuring that data protection is integrated into the system engineering process rather than being an afterthought.

1. Data Collection

Technical logs and client information categorization.

Technical Log Data

Our servers automatically record information that your browser or application sends. This includes:

  • IP Address (IPv4/IPv6)
  • User-Agent Strings
  • HTTP Request Headers
  • Timestamp (UTC)

Client & Identity Data

For service delivery, we collect name, corporate email address, and billing information. All sensitive identity data is encrypted at rest using AES-256 and in transit via TLS 1.3.

2. Usage & Processing

How data flows through our infrastructure to improve services.

Service Improvement

Aggregated and anonymized data is used to identify performance bottlenecks and optimize API latency across our serverless stack.

Communication Pipeline

Client contact information is utilized for critical security patches, deployment notifications, and contractual obligations through our secure CRM.

3. Third-party Sharing

Infrastructure partners and sub-processors.

Vercel Inc.

Frontend Edge Hosting

Supabase

PostgreSQL Persistence

Auth0 / Okta

Identity Management

Sentry.io

Error Reporting

Note: All third-party providers are strictly vetted for GDPR compliance and Data Processing Agreements (DPA) are in place.

4. User Rights

Your rights under GDPR and CCPA frameworks.

You have the legal right to:

Request access to stored data
Rectify inaccurate personal info
Request data erasure ("Right to be forgotten")
Object to automated processing

How to Exercise Your Rights

To initiate a Data Subject Access Request (DSAR), please contact our Legal Engineering team via the dedicated portal or email below.

privacy@devtolab.com

5. Security Measures

Technical overview of encryption and data residency.

Encryption

We employ field-level encryption for PII. Master keys are stored in hardware security modules (HSM) with strict rotation policies every 90 days.

Data Residency

By default, data for EU-based clients is pinned to AWS eu-central-1 (Frankfurt) or eu-west-1 (Ireland) regions to ensure compliance with local laws.