Privacy Policy

At DevLaws, we take your privacy seriously. This Privacy Policy outlines how we collect, use, store, and protect your data when you use our waitlist, developer platform, Model Context Protocol (MCP) server, GitHub integrations, and related services (collectively, the "Platform" or "Services").

1. Information We Collect

We collect only the minimum amount of information necessary to deliver, maintain, and optimize our engineering governance services:

• Account & Profile Data: If you sign up or log in via Google or GitHub OAuth, we collect your email address, name, profile picture/avatar URL, and unique provider identifier (Google ID/GitHub ID) as supplied by the respective authentication provider.
• Waitlist Data: If you register for early access, we collect your submitted email address.
• Configuration & Preferences: We store your bookmarks, custom engineering rules (your enforced laws), workspace mode (individual, team, or enterprise), and platform API keys.
• Integration & Deployment Data: If you link cloud integrations (such as GitHub, Vercel, AWS, or GCP), we save authorization metadata and connection configurations securely in our encrypted database.
• Code & Metadata: When using our automated code auditing services (e.g., our GitHub PR Bot), we process code diffs and files. Code diffs are analyzed transiently by our automated engine to identify architectural and logic violations. They are never permanently stored and are never used to train public models.
• Usage & Telemetry Data: We automatically collect anonymous usage statistics, performance logs (such as Redis caching hits/misses), device characteristics, IP addresses, browser types, and referral URLs to ensure system stability and optimize search speeds.

2. How We Use Your Information

We process your data strictly to support the functionality of the Platform:

• Providing the Services: Authenticating your session, rendering your developer profile, and managing workspace permissions.
• Engineering Law Enforcement: Executing real-time architectural checks via MCP or CI/CD pipelines and delivering rule suggestions.
• System Optimization: Monitoring API endpoint latencies, troubleshooting bugs, and improving cache routing efficiency.
• Communication: Sending updates, product announcements, technical security notices, and early access beta invitations.

3. Data Storage & Security

We employ enterprise-grade security protocols to keep your information safe:

• Encryption: All data is encrypted in transit using Transport Layer Security (TLS/HTTPS) and at rest.
• Credential Management: API keys and access tokens are stored securely using industry-standard hashing and encryption patterns.
• Session Management: Your logged-in sessions are secured via HTTP-only JWT cookies to mitigate cross-site scripting (XSS) risks.
• No Model Training: Your code diffs, internal comments, and private repository structures are never sent to public models for training purposes.

4. Third-Party Integrations & Data Sharing

We respect the confidentiality of your codebase. We do not sell, rent, or trade your personal information, configurations, or code content to third parties.

We share data only in the following limited circumstances:

• Infrastructure Subprocessors: We utilize reliable cloud hosting, database, and caching providers (such as Upstash Redis) to deliver the Platform, as well as AI infrastructure APIs (such as Anthropic, Google, and OpenAI) to analyze pull request diffs. All partners are bound by strict confidentiality and data protection agreements.
• OAuth Providers: Authentication details are exchanged with Google or GitHub to verify your identity.
• User-Authorized Integrations: When you connect third-party platforms (like AWS, GCP, or Vercel), we transfer configuration details according to the permissions you grant.

5. Cookies

We use essential security and session cookies to maintain your login state. We do not use third-party advertising or marketing cookies on the Platform.

6. Your Rights & Choices

Depending on your jurisdiction (such as under the GDPR or CCPA), you have the right to access, export, modify, or permanently delete your account and personal data:

• Data Export & Access: You can request a summary of the data we hold about you.
• Revocation: You can disconnect cloud integrations or revoke OAuth tokens directly within your account settings or on Google/GitHub.
• Deletion: You can request complete deletion of your account, API keys, and custom rules by contacting us at support@devlaws.xyz.

7. Changes to this Policy

We may periodically update this Privacy Policy to reflect changes in our platform features or legal obligations. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date above.

8. Contact Us

If you have any questions, feedback, or concerns regarding this policy or how we manage your information, please contact us at:

Email: support@devlaws.xyz