Privacy Policy

This Privacy Policy explains how the DevAI website collects and uses personal data submitted through forms, direct communication and website interactions.

The DevAI website is used to present services, receive enquiries, and support workflows such as contact forms, project requests, internal sign-in, and operational communication.

For privacy-related questions, you can contact us using the details available on the contact page.

This policy applies to personal data processed through the public DevAI website, contact and project-request forms, privacy requests, back-office authentication, email communications, and operational workflows that support those functions.

• to respond to enquiries and prepare commercial proposals - pre-contractual steps
• to deliver projects, manage communication, and operate internal workflows - performance of a contract or legitimate interests
• to manage internal accounts and dashboard access - legitimate interests and security
• to protect forms and infrastructure against abuse - legitimate interests and security
• to comply with accounting, tax, legal, and record-keeping obligations - legal obligation
• to run optional analytics or marketing technologies where enabled - consent

The website uses cookies and similar technologies for core functionality, preferences, optional analytics, and security. Please also see the Cookie Policy for the detailed table.

The codebase includes support for Google Analytics and Google Tag Manager, but these should only load if configured and if analytics consent has been granted.

At the same time, the app includes an internal visitor-tracking feature that writes identifiers to localStorage and sessionStorage and posts page-view information to an internal endpoint. That behaviour exists in the current codebase and should be reviewed legally to confirm whether it is treated as strictly necessary or optional measurement.

The codebase includes support for Google reCAPTCHA v3, which may be enabled later for anti-spam protection.

The codebase includes support for Google Maps, but public use depends on configuration and component usage.

Some processors may handle data outside Romania or the European Economic Area. Where that happens, appropriate safeguards such as standard contractual clauses or an equivalent transfer mechanism should be confirmed [TO CONFIRM].

• internal DEVAI team members handling leads, projects, settings, and support
• hosting provider: [TO CONFIRM: hosting provider]
• email delivery provider: [TO CONFIRM: email provider if enabled later]
• analytics provider, if enabled: [TO CONFIRM: analytics provider if enabled later]
• CAPTCHA provider, if enabled: [TO CONFIRM: CAPTCHA provider if enabled later]
• maps provider, if enabled: [TO CONFIRM: maps provider if enabled later]
• media or file-storage provider: Local application storage / local server filesystem
• other professional or technical processors only where necessary and lawful: [TO CONFIRM]

Form submissions and operational records are stored in the application database and, depending on the workflow, may also appear in emails, security logs, or file storage.

The app settings contain an internal retention reference of 365 days, but the codebase does not clearly confirm a general automated deletion schedule tied to that value. Final retention periods should therefore be confirmed before publication.

• contact and project enquiry data - [TO CONFIRM: exact retention period]
• uploaded project files - [TO CONFIRM]
• security and abuse-prevention logs - [TO CONFIRM]
• accounting and contractual records - according to applicable legal requirements [TO CONFIRM]

The current codebase includes server-side validation, rate limiting, origin checks, honeypot fields, anti-spam controls, hashing for some technical data, and authentication for the internal dashboard.

No technical measure can guarantee absolute security, but the DevAI team aims to use safeguards that are appropriate to the operational risk.

You can exercise these rights by contacting us through the details shown on the contact page.

You also have the right to lodge a complaint with the Romanian data protection authority, ANSPDCP.

• the right of access
• the right to rectification
• the right to erasure where legally available
• the right to restriction of processing
• the right to data portability where applicable
• the right to object
• the right to withdraw consent for consent-based processing

The DevAI website and services are not specifically directed to children. If a minor submits personal data without the required authority, that data should be corrected or deleted after a reasonable notice [TO CONFIRM: exact internal handling].

No feature identified in the current codebase appears to make automated decisions with legal or similarly significant effects on data subjects.

Some technical mechanisms, such as reCAPTCHA scoring or abuse-prevention rules, may influence whether a submission is accepted or temporarily blocked for security reasons, but they are not intended to create legal or similarly significant decisions on their own.

DevAI may update this policy when the website, forms, processors, consent settings, or legal obligations change. The latest update date appears at the top of the page.