Privacy Policy

Last updated: February 8, 2026

Our Commitment to Your Privacy

DevSpec is a developer productivity platform. We understand that you share project data, code, and technical information with us. We treat your data with the utmost care and confidentiality.

No data selling - We never sell your data
No AI training - Your conversations don't train AI
Fully encrypted - Data encrypted at rest and in transit
You're in control - Export or delete your data anytime

1. About DevSpec

DevSpec ("we", "our", or "us") is an AI-powered developer productivity platform. We provide intelligent development sessions through AI technology to help you plan, build, and ship software more effectively.

This Privacy Policy explains how we collect, use, disclose, and protect your personal information, including sensitive personal data, when you use our service.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • First name
  • Display name and profile preferences
  • Authentication data via our identity provider (Clerk)

Session Data

During your sessions, we collect and store:

  • Your messages and questions
  • AI-generated responses
  • Session transcripts
  • Files you upload (documents, images)
  • Voice recordings (if you use voice input)

Context and Memories

To provide continuity across sessions and give you contextual assistance, we build a "context" about you and your projects that may include:

  • Your display name and preferences
  • Projects, repositories, and databases you've connected
  • Code patterns, architecture decisions, and technical preferences
  • Development goals and action items from your sessions
  • Topics, frameworks, and technologies you work with

Your Control: You can view, export, or delete all of this context data at any time through your Privacy Settings. Deleting your context gives you a fresh start - the AI will treat you as a new user.

Usage Information

We automatically collect:

  • Session dates and duration
  • Feature usage (voice, text, file uploads)
  • Credit usage for billing purposes
  • Error logs for debugging

Payment Information

Payment processing is handled by Stripe. We do not store your full credit card details. We receive only confirmation of successful payments and subscription status.

3. How We Use Your Information

To Provide Support

  • Process your messages through AI to generate supportive responses
  • Build and maintain context so the AI remembers you across sessions
  • Transcribe voice messages for text-based processing
  • Generate voice responses when requested

To Improve Our Service

  • Debug issues and monitor performance
  • Analyze aggregate usage patterns (not individual conversations)

We do NOT use your conversations, context, or personal information to train AI models.

4. AI Provider Data Sharing

Important: To provide AI-powered support, certain data is sent to third-party AI providers. Here is exactly what each provider receives:

Anthropic (Claude) - Primary AI Provider

Receives:

  • Your display name
  • Your messages in the current session
  • Your project context (repositories, code patterns, technical preferences)
  • Session transcripts for context updates and memory extraction
  • Any files you upload (images, documents, code)

Anthropic Privacy Policy

OpenAI - Search Embeddings

When your repositories are indexed for semantic search, receives:

  • Code and file snippets from repositories you connect (to compute search embeddings)
  • No conversations, personal information, or account details are sent

OpenAI Privacy Policy

Deepgram - Voice Transcription

If you use voice input, receives:

  • Audio recordings of your voice messages only
  • No personal information or context is sent

Deepgram Privacy Policy

Google Cloud Text-to-Speech - Voice Responses

If you use voice responses, receives:

  • The AI's response text only (to convert to speech)
  • No personal information about you is sent

Google Privacy Policy

AI Training Data Assurance

Your conversations are NOT used to train AI models. All our AI providers have explicit policies excluding API data from model training:

  • Anthropic: API data excluded from training under Commercial Terms
  • OpenAI: API data not used for training since March 2023
  • Deepgram: Zero-retention defaults for real-time transcription
  • Google Cloud: Text-to-Speech API data is not used to train models

Provider Data Retention

AI providers typically retain API data for up to 30 days for abuse monitoring and service improvement, then delete it. This is standard practice for AI services and is separate from model training. Your data stored in DevSpec is retained until you delete it.

5. Other Third-Party Services

ServicePurposeData Shared
ClerkAuthenticationEmail, name, login activity
StripePaymentsBilling info (processed by Stripe directly)
SupabaseDatabase & StorageAll application data (encrypted at rest)
HetznerHostingServer logs, performance metrics
InngestBackground ProcessingJob metadata, session IDs (not content)

6. Optional Features: Organizations

DevSpec offers optional collaborative and organizational features. These are entirely opt-in, and we've designed them with strong privacy protections. Your personal sessions always remain completely private, regardless of whether you use these features.

Organizations (Team Billing)

Organizations allow companies or groups to provide DevSpec access to their members with centralized billing. If you join an organization:

Organization membership is strictly about billing

Your organization pays for your subscription and can see aggregate usage statistics (such as total credits used). They do not have access to:

  • Your sessions or conversations
  • Your personal context or memories
  • What topics you discuss
  • When or how often you use the app (only aggregate team statistics)
  • Any personal content whatsoever

Organization administrators can only see: organization name, total seats, total credits used by all members combined, and billing information. Your individual experience remains as private as any personal user.

7. Data Security

Your Data is Protected at Every Layer

We built DevSpec with security as a foundation, not an afterthought. Your conversations and personal information are protected by multiple layers of security, and our architecture enforces strict data isolation between users — row-level security policies at the database level ensure that users can only access their own data through the application.

We implement robust security measures to protect your sensitive data:

  • Encryption in transit: All data transmitted over TLS/HTTPS
  • Encryption at rest: Database and file storage encrypted using AES-256
  • Row-level security: Every database table has security policies that enforce data isolation at the database level — you can only access your own data, enforced by the database itself, not just application code
  • User isolation: Your conversations, context, and files are completely isolated from other users at the database level
  • Authentication: Secure login through industry-leading provider (Clerk) with optional two-factor authentication
  • No shared context: Each user's personal context is completely separate - the AI never mixes information between users
  • Access controls: Database access is restricted to essential infrastructure operations. We do not read or review your conversations — they are processed by AI only

8. Data Retention

  • Session data: Retained until you delete it or your account
  • Context/memories: Retained until you clear it or delete your account
  • Account data: Retained while your account is active
  • Payment records: Retained as required by law (typically 7 years)
  • AI provider retention: Up to 30 days by providers, then deleted

9. Your Rights and Controls

You have full control over your data:

Export Your Data

Download a complete copy of all your data including conversations, context, and account information in JSON format.

Clear Your Context

Delete all the context and memories the AI has built about you. Your conversation history remains but won't be used for future sessions. You'll start fresh.

Delete All Conversations

Permanently delete all your session history and context. Your account and credits remain.

Delete Your Account

Permanently delete your entire account and all associated data. This cannot be undone.

Access these controls in your Privacy Settings.

GDPR & CCPA Rights

Under applicable privacy laws, you also have the right to:

  • Access - Request details about what data we hold
  • Rectification - Correct inaccurate data
  • Portability - Receive your data in a standard format
  • Restriction - Limit how we process your data
  • Objection - Object to certain processing activities

To exercise these rights, use the self-service options in Privacy Settings or contact us at privacy@devspec.ai.

10. Cookies & Analytics

Essential Cookies (Always Active)

We use minimal cookies required for the service to function:

  • Authentication cookies - Required to keep you logged in (Clerk)
  • Session cookies - Required for security and database access
  • Preference cookies - Remember your settings (e.g., sidebar state)

Analytics (Optional, Requires Consent)

With your consent, we collect first-party performance measurements (Core Web Vitals) to keep the app fast. We do not currently use any third-party analytics service; if we adopt one in the future, it will sit behind the same consent and this policy will be updated first.

What analytics collects:

  • Page load and responsiveness timings (Core Web Vitals)
  • The page the measurement came from
  • General device info (browser type, connection speed)

What analytics NEVER collects:

  • Your conversations or messages
  • Personal information (name, email, etc.)
  • Anything you share in your sessions
  • Your personal context or memories

You can change your analytics preference anytime in Privacy Settings.

We do not use advertising cookies, tracking pixels, or sell data to advertisers.

For detailed information about specific cookies we use, see our Cookie Policy.

11. International Data Transfers

Your data may be processed in countries outside your residence, including the United States, where our AI providers are located. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where required by GDPR.

12. Age Requirements

DevSpec is intended for adults. You must be at least 18 years old to use this service. We do not knowingly collect personal information from anyone under 18.

13. AI Output Disclaimer

Important: DevSpec provides AI-generated suggestions, code, and analysis. While designed to be helpful, AI output may contain errors or inaccuracies. Always review AI-generated content before using it in production. DevSpec is a productivity tool, not a substitute for professional judgement and thorough testing.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email and/or through the app. Your continued use after changes constitutes acceptance.

15. Contact Us

For privacy questions, data requests, or concerns, contact us:


By using DevSpec, you acknowledge that you have read and understood this Privacy Policy. Your trust means everything to us - we are committed to protecting your privacy and the sensitive information you share.