We collect basic business and contact information when you visit devlyn.ai or engage our services. We use it to communicate with you, deliver our services, and improve our website. We do not sell your data - ever. You have the right to access, correct, or delete your data at any time. We comply with GDPR (EU), CCPA (California), and India's DPDP Act 2023.
Devlyn ("We," "Us," "Our," or "Company") is an AI-driven, product-led engineering partner headquartered in Ahmedabad, Gujarat, India.
For the purposes of applicable data protection law:
Under GDPR: Devlyn acts as the Data Controller for personal data collected via devlyn.ai
Under India's DPDP Act 2023: Devlyn acts as the Data Fiduciary
Under CCPA: Devlyn acts as the Business
Privacy Contact:
Ahmedabad, Gujarat, India
This Privacy Policy applies to:
All visitors to devlyn.ai
All individuals who contact us via forms, email, or social media
All clients, contractors, and partners who engage with Devlyn
All individuals whose data we process in connection with our services
This policy does not apply to:
Third-party websites linked from devlyn.ai
Data processed solely by clients using Devlyn's engineering services (governed by separate Data Processing Agreements)
Data Type | Examples | When Collected |
|---|---|---|
Identity Data | Full name, job title, company name | Contact forms, onboarding |
Contact Data | Email address, phone number | Contact forms, emails |
Business Data | Company size, budget, project details | Inquiry forms, discovery calls |
Communication Data | Messages, emails, call notes | Any direct communication |
Financial Data | Billing name, address, payment method | Client invoicing (via secure payment processors) |
Account Data | Login credentials (if applicable) | Client portal access |
When you visit devlyn.ai, we automatically collect the following categories of data:
Data Type | Examples |
|---|---|
Usage Data | Pages visited, time on site, clicks, scroll depth |
Device Data | Browser type, operating system, screen resolution |
Network Data | IP address, approximate location (city/country level) |
Referral Data | How you arrived at our site (Google, LinkedIn, direct) |
Cookie Data | Session cookies, analytics cookies, preference cookies |
We may receive data about you from:
LinkedIn, X (Twitter): If you engage with our posts or contact us via direct message
Referral partners: If a partner refers you to us
Publicly available sources: Company websites and LinkedIn profiles, used for outbound business development only
We collect personal data through the following means:
Contact and inquiry forms on devlyn.ai
Email and direct written communication
Discovery calls and video meetings (Zoom, Google Meet)
Cookies and tracking technologies (see Section 9)
Analytics tools such as Google Analytics
CRM and project management tools (see Section 8 for sub-processors)
We only process your personal data when we have a valid legal basis. Below are our purposes and the corresponding legal basis under each applicable framework:
To respond to your inquiries and communications
GDPR: Legitimate Interest / Contract. DPDP: Consent. CCPA: Business Purpose.
To deliver contracted engineering services
GDPR: Contract Performance. DPDP: Contract. CCPA: Business Purpose.
To send invoices and process billing
GDPR: Contract / Legal Obligation. DPDP: Contract. CCPA: Business Purpose.
To send marketing emails and newsletters
GDPR: Consent (opt-in only). DPDP: Consent. CCPA: Business Purpose.
To improve our website and user experience
GDPR: Legitimate Interest. DPDP: Consent. CCPA: Business Purpose.
To comply with legal and regulatory obligations
GDPR: Legal Obligation. DPDP: Legal Obligation. CCPA: Business Purpose.
To prevent fraud and maintain security
GDPR: Legitimate Interest. DPDP: Legal Obligation. CCPA: Business Purpose.
We never rely on legitimate interest to override your fundamental privacy rights.
We retain personal data only for as long as necessary for the purpose it was collected, or as required by applicable law:
Data Type | Retention Period |
|---|---|
Inquiry and contact form data | 2 years from last contact |
Client project data | 5 years after project completion |
Financial and billing records | 7 years (as required by Indian tax law) |
Marketing email opt-in records | Until unsubscribed + 2 years |
Website analytics data | 26 months (Google Analytics default) |
Job applicant data | 12 months from application date |
After retention periods expire, data is securely deleted or anonymized.
Depending on your location, you have specific rights over your personal data. To exercise any right, contact us at hello@devlyn.ai. We will respond within 30 days for GDPR and DPDP requests, and within 45 days for CCPA requests. We will verify your identity before processing any request and will not charge a fee for reasonable requests.
Right to Access — Request a copy of all personal data we hold about you
Right to Rectification — Correct inaccurate or incomplete data
Right to Erasure — Request deletion of your personal data ("Right to Be Forgotten")
Right to Restriction — Ask us to stop or limit processing in certain circumstances
Right to Data Portability — Receive your data in a structured, machine-readable format
Right to Object — Object to processing based on legitimate interest or for direct marketing
Right to Withdraw Consent — Withdraw consent at any time without affecting prior processing
Right to Lodge a Complaint — With your national data protection authority (e.g., ICO in the UK, or your local EU DPA)
Right to Know — What personal data we collect, use, and share
Right to Delete — Request deletion of personal data we have collected from you
Right to Opt-Out — We do not sell personal data, so this right is satisfied by default
Right to Non-Discrimination — We will never discriminate against you for exercising your CCPA rights
Right to Access — Request information about your personal data being processed
Right to Correction — Correct inaccurate or incomplete personal data
Right to Erasure — Request deletion of personal data when it is no longer necessary
Right to Grievance Redressal — Raise a complaint with us; we will acknowledge within 48 hours
Right to Nominate — Nominate another individual to exercise rights on your behalf in case of death or incapacity
We do not sell, rent, or trade your personal data. We only share data with trusted third-party service providers ("Sub-Processors") who help us operate our business. All sub-processors are contractually bound to process data only as instructed by Devlyn and to maintain appropriate security standards.
Sub-Processor | Purpose | Location | Data Shared |
|---|---|---|---|
Google Analytics | Website analytics | USA | Usage and device data |
Google Workspace | Email and documents | USA | Contact and communication data |
Stripe / Razorpay | Payment processing | USA / India | Billing data |
Notion / Linear | Project management | USA | Project and communication data |
Zoom / Google Meet | Video calls | USA | Meeting data |
HubSpot / CRM | Lead and client management | USA | Contact and business data |
Cloudflare / Vercel | Hosting and security | USA | IP address, usage data |
We will update this list whenever we add new sub-processors. You may request the latest version by emailing hello@devlyn.ai.
Cookies are small text files stored on your device when you visit a website. They help us understand how you use our site and improve your experience. On your first visit to devlyn.ai, you will be shown a cookie consent banner where you can accept or decline non-essential cookies. You can also manage cookies at any time via your browser settings.
Category | Purpose | Can You Opt Out? |
|---|---|---|
Essential Cookies | Website functionality, security, session management | No — required for the site to work |
Analytics Cookies | Understanding traffic, pages visited, and user behavior | Yes |
Preference Cookies | Remembering your settings and choices | Yes |
Marketing Cookies | Tracking advertising performance (if applicable) | Yes |
Devlyn is based in India and our clients and sub-processors are located globally, including the US and EU. When we transfer personal data internationally, we ensure appropriate safeguards are in place:
EU → India transfers are governed by Standard Contractual Clauses (SCCs) as approved by the European Commission
India → US transfers are governed by applicable sub-processor Data Processing Agreements
DPDP compliance: Transfers outside India are made only to countries with adequate data protection standards as notified by the Indian Government, or under appropriate contractual safeguards
We implement appropriate technical and organizational measures to protect your personal data, including:
Encryption in transit: All data transmitted via devlyn.ai uses HTTPS/TLS encryption
Encryption at rest: Sensitive data stored in our systems is encrypted
Access controls: Personal data is accessible only to authorized Devlyn personnel on a need-to-know basis
Regular security reviews: Periodic audits of our data handling practices
Vendor vetting: Sub-processors are assessed for security standards before onboarding
Incident response: We maintain a documented data breach response plan
In the event of a personal data breach:
We will notify the relevant data protection authority within 72 hours of becoming aware (GDPR)
We will notify affected individuals without undue delay where the breach is likely to result in high risk to their rights
We will comply with DPDP Act breach notification timelines as notified by the Data Protection Board of India
Devlyn's website and services are intended solely for business and professional use by individuals aged 18 and above. We do not knowingly collect personal data from individuals under 18. If we become aware that we have inadvertently collected such data, we will delete it immediately. Please notify us at hello@devlyn.ai if you believe this has occurred.
We may send you marketing emails or newsletters if you have explicitly opted in via a form on devlyn.ai, or if you are an existing client and we are communicating about similar services where permitted by law.
You can unsubscribe from marketing communications at any time by:
Clicking the Unsubscribe link in any marketing email
Emailing hello@devlyn.ai with "Unsubscribe" in the subject line
We will process your opt-out within 5 business days. Opting out of marketing does not affect transactional or service-related communications.
devlyn.ai may contain links to external websites, tools, or social media platforms. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies before providing any personal data.
We may update this Privacy Policy periodically to reflect changes in our data practices, services, or applicable laws. When we make changes, we will revise the "Last Updated" date at the top of this page. For material changes, we will notify active clients and subscribers by email at least 14 days before the changes take effect. Continued use of devlyn.ai after the effective date constitutes acceptance of the revised policy.
In accordance with India's Digital Personal Data Protection Act 2023, we have designated a point of contact for privacy grievances:
Grievance Officer
Ahmedabad, Gujarat, India
We will acknowledge all grievances within 48 hours and resolve them within 30 days of receipt. If your grievance is not resolved to your satisfaction, you may escalate to the Data Protection Board of India once it is fully operational.
For any privacy-related questions, data requests, or concerns:
Devlyn
Ahmedabad, Gujarat, India
For EU/UK users: if you are unsatisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority (DPA).