How DevBrows Handles Your Data

This Privacy Policy explains how DevBrows ("DevBrows," "we," "our," or "us") collects, uses, discloses, transfers, retains, and protects personal information when you access our website, submit an inquiry, or engage our cybersecurity, compliance, VAPT, cloud security, or vCISO services (collectively, the "Services").

By using our website or submitting information through our forms, you acknowledge that your information will be handled as described in this Policy. If you do not agree, please do not submit personal information through our Services.

1. Data Collection

DevBrows collects personal and non-personal information needed to respond to inquiries, deliver professional security work, operate our website, and improve our Services.

1.1 Personal Information You Provide

• Name, work email address, company name, and any phone number or job title you choose to share.
• Service-related context such as your primary security need, compliance goal, implementation timeline, company size, cloud/product stack, and any message text you submit through contact forms.
• Documents, screenshots, questionnaire context, technical notes, procurement details, or other business information you choose to share during discussions or engagements.
• Billing and contract records such as purchase order information, invoicing details, tax identifiers, and payment status if you proceed with a paid engagement.

1.2 Technical, Usage, and Non-Personal Data

• IP address, browser type, device type, operating system, approximate region, referral URL, pages visited, session duration, and interaction events.
• Operational logs, form metadata, anti-spam signals, and security telemetry needed to detect abuse, troubleshoot errors, and protect the Services.
• Aggregated or de-identified statistics that do not directly identify an individual user.

2. How We Collect Information

2.1 Information You Provide Directly

• When you submit a contact form, request a 30-Min Deal-Blocker Review, email us, schedule a call, exchange contracts, or provide project details during an engagement.
• When you share documents, questionnaires, risk context, remediation details, or feedback as part of a service conversation or delivery workflow.

2.2 Automated Collection

• When you browse the website, we may collect usage and device data through Google Analytics, cookies, similar identifiers, and standard server/security logs.
• We may also collect anti-abuse and delivery metadata generated by our form and hosting infrastructure.

2.3 Third-Party and Public B2B Sources

• If a business relationship is already in progress, we may review publicly available professional information, company websites, or procurement context you provide to prepare a response or proposal.
• We may receive limited service-delivery metadata from processors such as form routing, analytics, email, hosting, or collaboration providers.

3. Purpose of Data Use

We process your information for the following business and operational purposes:

• To respond to inquiries and deliver Services: evaluate your request, prepare proposals, run readiness discussions, deliver consulting work, provide support, and maintain customer communication.
• To support compliance and buyer workflows: help map control gaps, plan remediation, respond to questionnaires, and structure audit-readiness roadmaps.
• To operate and secure the website: troubleshoot bugs, prevent spam, investigate abuse, monitor infrastructure, and maintain business continuity.
• To improve content and user experience: analyze page usage and engagement so we can improve navigation, messaging, and service content.
• To send business communications: respond to your messages, send service updates, and where permitted, share relevant security or compliance insights. You may opt out of marketing emails at any time.
• To meet legal, tax, and governance obligations: retain records, comply with valid legal requests, resolve disputes, and enforce applicable agreements.

We may create aggregated or anonymized datasets for internal analytics, reporting, and content planning. These datasets are not intended to identify individuals and are not used to sell personal data.

4. Legal Bases, Consent, and Withdrawal

Where laws such as GDPR or similar privacy frameworks require a legal basis for processing, we generally rely on one or more of the following bases:

• Consent: where you voluntarily submit information or ask us to contact you.
• Pre-contract or contract performance: where processing is needed to scope, negotiate, execute, or support a professional engagement.
• Legitimate interests: for B2B communications, service improvement, fraud prevention, and security monitoring, balanced against your privacy rights.
• Legal obligations: where retention, disclosure, or governance actions are required by applicable law.

If processing is based on consent and applicable law gives you a withdrawal right, you can withdraw consent by contacting inquiry@devbrows.com. Withdrawal does not affect processing that already occurred lawfully before your request, and some records may still need to be retained where required by law, contract, or dispute handling.

5. Cookies and Analytics

Our website uses Google Analytics through Google's `gtag.js` library to understand website performance and visitor behavior. Google Analytics may use first-party cookies and similar identifiers to collect usage data such as page views, approximate location, browser/device details, and on-site interactions.

• We do not intentionally send passwords, payment card data, or other highly sensitive content to Google Analytics.
• We do not use website analytics data to sell personal data to data brokers.
• You can manage cookies through your browser settings and may disable Google Analytics with the Google Analytics opt-out browser add-on.

For more information on Google's processing practices, see Google's Privacy Policy.

6. Data Sharing

DevBrows shares personal information only where needed to operate the Services, deliver professional work, comply with law, or complete a business transaction as described below.

Third-party providers may process data under their own privacy policies and service terms. For example, review FormSubmit's Privacy Policy / Terms and Google's Privacy Policy.

7. Data Retention

We retain personal information only for as long as reasonably necessary for the purposes described in this Policy, unless a longer retention period is required for legal, tax, contractual, security, or dispute-resolution reasons.

• Inquiry and contact form data: retained for active follow-up and internal business records, then periodically reviewed for deletion or minimization.
• Engagement, contract, invoice, and security delivery records: retained for the contract term and any legally required accounting, audit, support, or dispute period.
• Analytics and log data: retained according to our analytics and operational settings, then deleted, aggregated, or anonymized where appropriate.
• FormSubmit routing copies: FormSubmit's documentation states form submissions may be retained in their archive for up to 30 days.

After a verified deletion request, we aim to delete or anonymize applicable personal data within a reasonable period and in line with legal requirements, backup constraints, and provider processing timelines.

8. Cross-Border Data Transfers

DevBrows works with customers and service providers across multiple regions. Your personal data may be transferred to, processed in, or stored in countries outside your country of residence, where privacy laws may differ.

• EU/EEA and UK users: where required, cross-border processing is intended to rely on appropriate transfer safeguards made available by relevant service providers or contractual arrangements, such as standard data transfer terms.
• Canada users: PIPEDA may apply to commercial handling of personal information, including cross-border transfers, and service providers may process data outside Canada.
• India users: where DPDP applies, cross-border processing will be handled in accordance with applicable DPDP requirements and any government-notified restrictions or conditions.
• Other international users: by using our Services or submitting a form, you understand that processing may occur in jurisdictions other than your own.

You may contact us to request information about the safeguards relevant to your data transfer request.

9. User Rights

Depending on your location and the laws that apply, you may have one or more of the following privacy rights:

• Request access to or a copy of personal data we hold about you.
• Request correction of inaccurate or incomplete personal data.
• Request deletion or erasure of personal data, subject to legal or contractual exceptions.
• Object to or restrict certain processing activities, including direct marketing where applicable.
• Request data portability where the law provides such a right and technical feasibility allows it.
• Withdraw consent where processing is based on consent.
• For California residents where CCPA applies, request to know, delete, correct, and opt out of sale or sharing, and exercise privacy rights without unlawful discrimination. DevBrows does not sell personal information to data brokers.
• For Canadian users where PIPEDA applies, request access, correction, and information about how personal information is collected, used, and disclosed, and raise unresolved concerns with the Office of the Privacy Commissioner of Canada.
• For EU/EEA users where GDPR applies, lodge a complaint with a relevant supervisory authority if you believe your rights have not been handled appropriately.

To exercise rights, email inquiry@devbrows.com. We may ask for reasonable identity verification and request context so we can locate the relevant records. We aim to respond within 30 days or within the timeline required by applicable law.

10. India-Specific DPDP Provisions

For personal data governed by India's Digital Personal Data Protection Act, 2023, DevBrows acts as a Data Fiduciary for personal data collected through our website and direct business interactions, unless a separate client engagement contract defines a different processing role for a specific service workflow.

• Notice and consent: we collect and use personal data for the purposes described in this Policy, and where consent is required, you may withdraw it by contacting us.
• Rights of Data Principals: you may request access to information about your personal data, correction, completion, updating, erasure, and grievance redressal, subject to legal limits.
• Children's data: our Services are intended for business users and are not directed to children. We do not knowingly collect personal data from individuals under 18 through the website.
• Cross-border processing: if personal data is processed outside India, we will handle such transfers in line with applicable DPDP requirements and any relevant government notifications.
• Grievance mechanism: send DPDP-related requests or complaints to inquiry@devbrows.com. If you remain unsatisfied after our response, you may have the right to approach the Data Protection Board of India under the DPDP framework.

11. Children's Privacy

DevBrows is a B2B cybersecurity services website and is not intended for children or minors. We do not knowingly collect personal data from children through this website. If you believe a child or minor has submitted personal information to us, please contact inquiry@devbrows.com so we can review and delete the information where appropriate.

12. Security Measures

As a cybersecurity services provider, we apply reasonable technical and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, and loss. These may include encryption in transit, access controls, least-privilege workflows, mailbox/account hardening, anti-spam controls, endpoint security practices, and internal review of data-sharing needs.

No internet transmission, cloud service, or email workflow can be guaranteed to be completely secure. If you need to share sensitive technical artifacts for a project, ask us to agree on a secure transfer method before sending them.

13. Policy Updates

We may update this Privacy Policy to reflect changes in our website, service workflows, analytics tooling, legal obligations, or provider stack. When we make a material change, we will update the "Last Updated" date above and may provide additional notice where legally required or operationally appropriate.

If you do not agree with the revised Policy, please stop using the Services and contact us if you want to request deletion of applicable personal data, subject to legal and contractual retention obligations.

14. Contact Information

If you have questions, concerns, or privacy rights requests, contact DevBrows using the details below:

• Email: inquiry@devbrows.com
• Contact form: devbrows.com/contact
• Subject line suggestion: "Privacy Request" or "DPDP Grievance" so your message can be routed faster.

We aim to respond within 30 days or within the period required by applicable law, depending on the nature of your request and the jurisdiction involved.