Privacy Policy

Last updated: November 21, 2025

This Privacy Policy explains how devtimate (“Company”, “we”, “us”, or “our”) collects, uses, and protects your personal data when you use our web application and associated services.

Data We Collect

We collect only the data necessary to provide our estimation services:

• Account Information: Email address and authentication details (via secure code login).
• Uploaded Documents: Project files such as specifications, SRS, RFPs, and other context files uploaded for estimate generation.
• User-generated Content: Estimate inputs, prompts, task descriptions, and related project content.
• Usage Data & Analytics: IP address, device information, browser type, and behavioral metrics (via session recordings and heatmaps).

Purpose of Data Use

We process your data solely for the following purposes:

• AI Estimation: To generate project estimates and technical breakdowns using AI providers (OpenAI API, Google Gemini API, Anthropic API).
• Context Management: To store worksheet-related files securely to provide necessary context to the AI Agent during your session.
• Integrations: To export generated tasks to your connected tools (e.g., Jira, Asana).
• Security & Administration: To securely manage accounts, authenticate users, and prevent abuse.
• Service Improvement: To analyze aggregated usage data and user behavior to improve application performance and user experience.

Third-party Subprocessors

We partner with trusted third-party services to provide our infrastructure and AI capabilities. We ensure that these partners adhere to strict data privacy standards.

AI Service Providers

Important: We utilize the Enterprise/API versions of these services. Your data is NOT used to train their foundation models.

• OpenAI: Used for generating estimates. See: OpenAI Enterprise Privacy.
• Google Gemini (Vertex AI): Used for processing prompts. Google does not use customer data to train their models. See: Google Cloud Data Privacy.
• Anthropic: Used for complex reasoning. Data sent via API is not used for model training. See: Anthropic Commercial Terms.

Infrastructure & Analytics

• Hetzner Online GmbH: All worksheet uploads, database entries, and persistent data are stored on servers located in the European Union (Germany/Finland). Hetzner complies with ISO/IEC 27001 and uses strict access controls. See: Hetzner Certifications.
• Microsoft Clarity: Captures behavioral metrics, heatmaps, and session replays to help us understand user intent and improve the product. See: Microsoft Privacy Statement.
• Amplitude: Used for product analytics and understanding user journeys. See: Amplitude Privacy Policy.
• Google Analytics & reCAPTCHA: Used primarily on our landing page to monitor traffic and prevent spam. See: Google Privacy Policy.

Data Retention

We retain your personal data and project files only for as long as is necessary for the purposes set out in this Privacy Policy.

• Project Context: Files used for AI estimation are retained within the project scope to enable the AI Agent to maintain context.
• Deletion: Users can permanently delete specific projects or their entire account at any time. Upon account deletion, all associated data is erased from our active databases immediately.
• No Training: We reiterate that your uploaded documents and generated content are never used to train our own or third-party AI models.

Security

The security of your data is our top priority. We implement industry-standard technical and organizational measures, including:

• Encryption: All data is encrypted in transit (via TLS 1.2/1.3) and at rest (AES-256 encryption standards).
• Access Control: Strict role-based access control to internal systems.
• Secure Infrastructure: Hosting within ISO-certified data centers (Hetzner) in the EU.

International Data Transfers

Our primary storage is located in the European Union. However, AI processing may require transmitting prompts to servers in the United States (OpenAI, Anthropic, Google). These transfers are protected by standard data protection addendums and enterprise agreements ensuring your data remains confidential and is not used for model training.

Your Rights

You may access, correct, or request deletion of your personal data. Contact us if you’d like assistance.

Account Deletion

You may delete your account at any time. This action will permanently erase all stored data and documents associated with your account. Deleted data cannot be recovered.

International Use

We are available globally. Your data may be accessed or stored in jurisdictions with different privacy laws. We take steps to safeguard your information regardless of location.

Changes

We may update this policy and will notify you via email or within the app. You are encouraged to review it periodically.

Contact

If you have any questions, or if you require our Security Statement, contact us at:

• Email: support@devtimate.com