Privacy Policy

Effective date: May 16, 2026 · Last updated: May 16, 2026

DevBook Digital ("DevBook," "we," "us," or "our") operates the website devbook.digital and the DevBook application. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our service.

1. Information We Collect

Account information. When you create an account, we collect your name, email address, and (if you choose) a profile picture via your OAuth provider (Google or GitHub).

Payment information. If you subscribe to a paid plan, payment is processed by our third-party payment processor (Stripe). We do not store your full credit card number on our servers. We receive and store your billing name, last four digits, expiration date, and billing address for receipt and support purposes.

API keys you store. When you add API keys to your DevBook vault, those keys are encrypted using AES-256-GCM before being stored in our database. We cannot view or access your decrypted keys. Keys are decrypted only in memory at the moment you execute a request, and are never logged.

Templates and request data. We store the templates you create (URL, method, headers, body structure) so you can reuse them. We do not log the contents of API responses or full request payloads sent through our proxy.

Usage data. We collect basic analytics: pages visited, features used, browser type, device type, and approximate location (country/region). This data is aggregated and not tied to your API activity.

2. How We Use Your Information

• To provide, maintain, and improve DevBook
• To process transactions and send billing-related communications
• To send you product updates, security notices, and support messages
• To respond to your inquiries and provide customer support
• To detect, prevent, and address technical issues or abuse

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. How We Protect Your Information

• Encryption at rest: API keys are encrypted with AES-256-GCM before storage
• Encryption in transit: All connections use TLS 1.2 or higher
• No payload logging: Request bodies and API responses are not stored on our servers
• Access controls: Our team uses role-based access. Production database access is restricted and logged
• Infrastructure: DevBook is hosted on Render with data stored in Neon PostgreSQL, both SOC 2 compliant providers

4. Data Sharing

We share data only in these limited circumstances:

• Service providers: We use Stripe for payments, Render for hosting, and Neon for database services. These providers access only what they need to perform their services and are bound by their own privacy policies.
• Legal requirements: We may disclose your information if required by law, court order, or government request.
• Business transfers: If DevBook is acquired or merged with another company, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

5. Team Workspaces

If you join a team workspace, your workspace admin can see your name and email. Shared templates and vault keys are accessible to all team members. When you are removed from a workspace, your access to shared resources is revoked immediately. Your personal account and any individual templates remain yours.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data, templates, and stored API keys within 30 days. Some data may be retained in encrypted backups for up to 90 days.

7. Your Rights

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate information
• Delete your account and associated data
• Export your templates and data
• Opt out of non-essential communications

To exercise any of these rights, email kristie@devbook.digital or call (405) 827-2316.

8. Cookies

We use essential cookies to keep you logged in and maintain your session. We do not use third-party advertising cookies. Analytics cookies, if used, are privacy-focused and do not track you across websites.

9. Children's Privacy

DevBook is not intended for children under 13. We do not knowingly collect information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of DevBook after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or how we handle your data:

• Email: kristie@devbook.digital
• Phone: (405) 827-2316

DevBook Digital
United States