Privacy Policy
Last updated: February 8, 2026
Our Commitment to Your Privacy
DevSpec is a developer productivity platform. We understand that you share project data, code, and technical information with us. We treat your data with the utmost care and confidentiality.
1. About DevSpec
DevSpec ("we", "our", or "us") is an AI-powered developer productivity platform. We provide intelligent development sessions through AI technology to help you plan, build, and ship software more effectively.
This Privacy Policy explains how we collect, use, disclose, and protect your personal information, including sensitive personal data, when you use our service.
2. Information We Collect
Account Information
When you create an account, we collect:
- Email address
- First name
- Display name and profile preferences
- Authentication data via our identity provider (Clerk)
Session Data
During your sessions, we collect and store:
- Your messages and questions
- AI-generated responses
- Session transcripts
- Files you upload (documents, images)
- Voice recordings (if you use voice input)
Context and Memories
To provide continuity across sessions and give you contextual assistance, we build a "context" about you and your projects that may include:
- Your display name and preferences
- Projects, repositories, and databases you've connected
- Code patterns, architecture decisions, and technical preferences
- Development goals and action items from your sessions
- Topics, frameworks, and technologies you work with
Your Control: You can view, export, or delete all of this context data at any time through your Privacy Settings. Deleting your context gives you a fresh start - the AI will treat you as a new user.
Usage Information
We automatically collect:
- Session dates and duration
- Feature usage (voice, text, file uploads)
- Credit usage for billing purposes
- Error logs for debugging
Payment Information
Payment processing is handled by Stripe. We do not store your full credit card details. We receive only confirmation of successful payments and subscription status.
3. How We Use Your Information
To Provide Support
- Process your messages through AI to generate supportive responses
- Build and maintain context so the AI remembers you across sessions
- Transcribe voice messages for text-based processing
- Generate voice responses when requested
To Improve Our Service
- Debug issues and monitor performance
- Analyze aggregate usage patterns (not individual conversations)
We do NOT use your conversations, context, or personal information to train AI models.
4. AI Provider Data Sharing
Important: To provide AI-powered support, certain data is sent to third-party AI providers. Here is exactly what each provider receives:
Anthropic (Claude) - Primary AI Provider
Receives:
- Your display name
- Your messages in the current session
- Your project context (repositories, code patterns, technical preferences)
- Session transcripts for context updates and memory extraction
- Any files you upload (images, documents, code)
OpenAI - Search Embeddings
When your repositories are indexed for semantic search, receives:
- Code and file snippets from repositories you connect (to compute search embeddings)
- No conversations, personal information, or account details are sent
Deepgram - Voice Transcription
If you use voice input, receives:
- Audio recordings of your voice messages only
- No personal information or context is sent
Google Cloud Text-to-Speech - Voice Responses
If you use voice responses, receives:
- The AI's response text only (to convert to speech)
- No personal information about you is sent
AI Training Data Assurance
Your conversations are NOT used to train AI models. All our AI providers have explicit policies excluding API data from model training:
- Anthropic: API data excluded from training under Commercial Terms
- OpenAI: API data not used for training since March 2023
- Deepgram: Zero-retention defaults for real-time transcription
- Google Cloud: Text-to-Speech API data is not used to train models
Provider Data Retention
AI providers typically retain API data for up to 30 days for abuse monitoring and service improvement, then delete it. This is standard practice for AI services and is separate from model training. Your data stored in DevSpec is retained until you delete it.
5. Other Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Clerk | Authentication | Email, name, login activity |
| Stripe | Payments | Billing info (processed by Stripe directly) |
| Supabase | Database & Storage | All application data (encrypted at rest) |
| Hetzner | Hosting | Server logs, performance metrics |
| Inngest | Background Processing | Job metadata, session IDs (not content) |
6. Optional Features: Organizations
DevSpec offers optional collaborative and organizational features. These are entirely opt-in, and we've designed them with strong privacy protections. Your personal sessions always remain completely private, regardless of whether you use these features.
Organizations (Team Billing)
Organizations allow companies or groups to provide DevSpec access to their members with centralized billing. If you join an organization:
Organization membership is strictly about billing
Your organization pays for your subscription and can see aggregate usage statistics (such as total credits used). They do not have access to:
- Your sessions or conversations
- Your personal context or memories
- What topics you discuss
- When or how often you use the app (only aggregate team statistics)
- Any personal content whatsoever
Organization administrators can only see: organization name, total seats, total credits used by all members combined, and billing information. Your individual experience remains as private as any personal user.
7. Data Security
Your Data is Protected at Every Layer
We built DevSpec with security as a foundation, not an afterthought. Your conversations and personal information are protected by multiple layers of security, and our architecture enforces strict data isolation between users — row-level security policies at the database level ensure that users can only access their own data through the application.
We implement robust security measures to protect your sensitive data:
- Encryption in transit: All data transmitted over TLS/HTTPS
- Encryption at rest: Database and file storage encrypted using AES-256
- Row-level security: Every database table has security policies that enforce data isolation at the database level — you can only access your own data, enforced by the database itself, not just application code
- User isolation: Your conversations, context, and files are completely isolated from other users at the database level
- Authentication: Secure login through industry-leading provider (Clerk) with optional two-factor authentication
- No shared context: Each user's personal context is completely separate - the AI never mixes information between users
- Access controls: Database access is restricted to essential infrastructure operations. We do not read or review your conversations — they are processed by AI only
8. Data Retention
- Session data: Retained until you delete it or your account
- Context/memories: Retained until you clear it or delete your account
- Account data: Retained while your account is active
- Payment records: Retained as required by law (typically 7 years)
- AI provider retention: Up to 30 days by providers, then deleted
9. Your Rights and Controls
You have full control over your data:
Export Your Data
Download a complete copy of all your data including conversations, context, and account information in JSON format.
Clear Your Context
Delete all the context and memories the AI has built about you. Your conversation history remains but won't be used for future sessions. You'll start fresh.
Delete All Conversations
Permanently delete all your session history and context. Your account and credits remain.
Delete Your Account
Permanently delete your entire account and all associated data. This cannot be undone.
Access these controls in your Privacy Settings.
GDPR & CCPA Rights
Under applicable privacy laws, you also have the right to:
- Access - Request details about what data we hold
- Rectification - Correct inaccurate data
- Portability - Receive your data in a standard format
- Restriction - Limit how we process your data
- Objection - Object to certain processing activities
To exercise these rights, use the self-service options in Privacy Settings or contact us at privacy@devspec.ai.
10. Cookies & Analytics
Essential Cookies (Always Active)
We use minimal cookies required for the service to function:
- Authentication cookies - Required to keep you logged in (Clerk)
- Session cookies - Required for security and database access
- Preference cookies - Remember your settings (e.g., sidebar state)
Analytics (Optional, Requires Consent)
With your consent, we collect first-party performance measurements (Core Web Vitals) to keep the app fast. We do not currently use any third-party analytics service; if we adopt one in the future, it will sit behind the same consent and this policy will be updated first.
What analytics collects:
- Page load and responsiveness timings (Core Web Vitals)
- The page the measurement came from
- General device info (browser type, connection speed)
What analytics NEVER collects:
- Your conversations or messages
- Personal information (name, email, etc.)
- Anything you share in your sessions
- Your personal context or memories
You can change your analytics preference anytime in Privacy Settings.
We do not use advertising cookies, tracking pixels, or sell data to advertisers.
For detailed information about specific cookies we use, see our Cookie Policy.
11. International Data Transfers
Your data may be processed in countries outside your residence, including the United States, where our AI providers are located. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where required by GDPR.
12. Age Requirements
DevSpec is intended for adults. You must be at least 18 years old to use this service. We do not knowingly collect personal information from anyone under 18.
13. AI Output Disclaimer
Important: DevSpec provides AI-generated suggestions, code, and analysis. While designed to be helpful, AI output may contain errors or inaccuracies. Always review AI-generated content before using it in production. DevSpec is a productivity tool, not a substitute for professional judgement and thorough testing.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email and/or through the app. Your continued use after changes constitutes acceptance.
15. Contact Us
For privacy questions, data requests, or concerns, contact us:
- Email: privacy@devspec.ai
- Privacy Settings: Manage your data
By using DevSpec, you acknowledge that you have read and understood this Privacy Policy. Your trust means everything to us - we are committed to protecting your privacy and the sensitive information you share.