Privacy Policy

Effective date: May 2, 2026 · Last updated: May 2, 2026

⚠ Template notice. This document is an engineering-team draft for context, not legal counsel. Before launching to paid customers please have a privacy lawyer adapt this to your jurisdiction (GDPR / DPDP / CCPA / etc.) and replace every [Your legal entity name] and contact-email placeholder.

This Privacy Policy explains what personal data DevHive ("we", "us") collects when you use our service, how we use it, and your rights over it. We've tried to keep it straightforward — read it carefully and email privacy@devhive.example.com with any questions.

1. Who is responsible for your data

DevHive is operated by [Your legal entity name], [registered office address], India. We are the data controller for the personal information described in this policy.

2. What we collect

From you directly

Identity: Name, email, profile picture (from Google sign-in)
Profile (optional): Role, team size, use case if you fill those in during onboarding
Communications: Anything you type into the chat, support emails, or voluntarily upload

Through using the service

Repository content: Source code you ingest, the wiki/graph we generate from it, queries you run, and the AI responses
Usage data: Which features you use, token counts, query history, IP address, browser type, request timestamps
Cookies / local storage: A Firebase auth session token, plus minimal performance telemetry

From third parties

Razorpay (payments): payment method, last-4, billing address if you provide one. We do not see your full card number — Razorpay handles that.
GitHub (when you install our App): repo metadata, commit metadata, the contents of repos you choose to ingest
Google Cloud Vertex AI (LLM provider): your prompts and the resulting completions are processed but not used to train Google's models per their terms

3. How we use your data

To provide the core service — ingest your code, build a wiki, answer your queries
To bill you and prevent abuse
To send you transactional emails (welcome, payment receipts, plan-expiry reminders)
To improve the product (aggregate usage stats; never individual queries)
To comply with legal obligations (tax, fraud prevention)

We do not sell your data, and we do not use your code or queries to train any AI model. Period.

4. Where your data lives

Data is stored on Google Cloud Platform infrastructure in Mumbai (asia-south1). Some services we use (Razorpay, GitHub, Google Vertex AI) may process data in their own regions; we list them as subprocessors below.

5. How long we keep it

Active account: for as long as your account exists
Wiki content: until you delete it or your account
Audit logs: 12 months
Payment records: 8 years (mandatory under Indian tax law)
After account deletion: personal data is removed within 30 days, except where law requires retention

6. Your rights (DPDP Act 2023, GDPR, CCPA)

Access — see what we have on you. Use the "Export account data" button in Settings.
Correction — fix it via Settings or by emailing us
Deletion — "Delete account" in Settings. Honored within 30 days.
Portability — the export gives you everything as a zip
Objection — opt out of marketing emails (we don't send any yet, but legally we have to mention this)

7. Subprocessors

We share data with these companies, who act on our behalf:

Google Cloud Platform — hosting, Firestore, Vertex AI
Firebase (Google) — authentication, storage
Razorpay — payment processing
GitHub (when you connect a repo) — source code access
Sentry — error monitoring (no personal data, only error stacks)

8. Security

Data in transit is TLS 1.2+. Data at rest is encrypted by Google Cloud's default at-rest encryption. Authentication tokens are short-lived (1 hour) and rotated automatically. We've structured the codebase so customer code/queries are isolated per-tenant by Firebase UID.

9. Children

DevHive is not directed at children under 16. If we learn that we've collected data from a child under 16, we'll delete it.

10. Changes to this policy

We'll email you about material changes 30 days before they take effect. The current version is always at this URL.

11. Contact us

Questions, requests, or complaints: privacy@devhive.example.com.

⚠ This is a starter template. Have a lawyer review it before going live, especially the legal-entity name, registered address, and the "8 years" retention claim — the right number depends on your specific tax category.