PDiamond logo
Get a Quote

Privacy Policy

Last updated: September 2, 2025

Who we are

DevCraft Agency is a US-registered, remote-first engineering company. We provide software services in Web & Mobile, Cyber Security, DevOps, Embedded Systems, and AI/ML.

Scope

This policy covers personal data we collect through our website, forms, scheduling tools, email, and during service delivery to customers and applicants.

Data we collect

Site visitors: device data, IP, analytics events, cookie identifiers, consent preferences.

Leads & clients: name, business contact details, company, role, project info, budget/timeline, files you upload (briefs, docs), call recordings if you consent.

Applicants/contractors: resume/CV, portfolio links, employment history, skills, location/time zone, references, payout details where applicable.

Source code & technical assets: repositories, configuration, logs, and related artifacts that you share for the engagement. See Source Code Handling below.

We do not intentionally collect data from children under 13.

How we collect it

Directly from you (forms, email, scheduling), from your systems we integrate with (e.g., GitHub, cloud platforms with your authorization), and via cookies/analytics on our site.

Why we process data (purposes)

  • Provide and improve services; scope and deliver projects.
  • Communicate about quotes, scheduling, and support.
  • Security and fraud prevention.
  • Recruiting and contractor onboarding.
  • Legal compliance, accounting, and recordkeeping.
  • Marketing with your consent where required.

Legal bases (if applicable)

Contract performance; legitimate interests in operating and securing our services; consent for optional analytics/marketing; compliance with legal obligations.

Sharing and disclosures

We share data with vendors that help us operate (hosting, email, CRM, scheduling, analytics, payments). We require confidentiality and security commitments from these providers. We do not sell personal information. We do not use client source code in other client work.

International transfers

Data may be processed outside your country. Where required, we use appropriate safeguards such as standard contractual clauses.

Data retention

  • Leads: 24 months after last interaction, unless you ask us to delete sooner.
  • Client records: for the term of the agreement and as needed for legal/accounting (typically 7 years for invoices).
  • Applicant records: 24 months, or sooner on request.
  • Source code copies: see policy below.

Source Code Handling & Retention

  • We work primarily in your repos. At delivery, we keep a private, read-only copy of submitted source code in GitHub/Bitbucket under our organization for reference and continuity.
  • Access is limited to least-privilege personnel for support, warranty, or follow-on work.
  • Repos are private, protected by SSO, MFA, and audit logging.
  • We do not reuse your proprietary code, assets, or data for other clients.
  • We do not use your code or data to train machine learning models.
  • Retention: default 24–36 months from delivery or the last paid work, whichever is later, unless your contract specifies otherwise.
  • Upon written request or at contract end, we will delete or return our copy within 30 days, subject to lawful retention requirements and backups that roll off automatically.

Security overview

See the Security section of this document. Core controls include encryption in transit, restricted access, audit logs, and secure development practices.

Your rights

Depending on your region, you may have rights to access, correct, delete, restrict, or port your personal data, and to object to certain processing. You can exercise rights by contacting us.

Cookies

We use cookies and similar technologies for essential site functionality, analytics, and to remember your preferences. See the Cookie Policy below.

Changes

We may update this policy. Material changes will be noted on this page with a new "Last updated" date.

Contact

Privacy questions: [email protected]

Security questions or reports: [email protected]

Postal address: DevCraft Agency, 123 Tech Street, San Francisco, CA 94105, USA

Regional notices

  • California: We do not sell or share personal information as defined by CPRA. Submit requests at [email protected].
  • EEA/UK: If applicable, contact our EU/UK representative/DPO if appointed.

Need help with your project?

Our team of experts is ready to assist you with any questions or requirements.

Get a QuoteBook a Call →