DevRev Computer is designed to help your team work more efficiently by enabling you to delegate actions, retrieve information, and automate tasks across your tools and data. Computer can read files, interact with applications, and browse the web on your behalf within the permissions you configure.

This page explains how Computer operates, how data is handled, the known limitations of AI-powered automation, the safeguards DevRev has put in place, and what you and your team are responsible for when using Computer.

When you use Computer, DevRev acts as a data processor and processes personal data only on your documented instructions, in accordance with our DevRev Data Processing Agreement. You, as the customer, act as the data controller and determine the purposes and means of processing.

Personal data processed by Computer may relate to your employees, customers, or other individuals who interact with your workflows.

Details on how data is processed, safeguarded, and transferred internationally are set out in the DevRev Data Processing Agreement, which is made available during sign-up and on our website.

To find out more, see our dedicated subpage on Processing and Protecting Personal Data at DevRev.

We built Computer with privacy in mind. Computer uses read-only permissions by default, whereby any data you choose to share is stored locally on your device. By granting access, Computer will be able to:

Computer can find, edit, and save files on your behalf, so you don't have to switch between tools manually. For example, you can share your support ticket exports, internal wiki pages, or draft documents, and Computer will find the right content, suggest edits, or save completed work directly to your folders.

Computer can work across your open tools for you. For example, by sharing access to your CRM or helpdesk app, Computer can pull up a customer record, copy relevant details into a draft, or update a ticket status.

DevRev has implemented extensive technical, organisational, and contractual safeguards. These encompass privacy & security by design in all Computer development, data minimisation and permission based access by default.

Data is encrypted in transit and at rest, with strict role-based access control (RBAC) enforced throughout. Security is further reinforced through independent annual security and adversarial testing, as well as continuous monitoring for bias, drift, and misuse. Controls are aligned with SOC 2 and ISO/IEC 27001 standards, all relevant staff receive internal training on Computer development, and ongoing legal and regulatory monitoring is maintained, including with respect to the EU AI Act.

Mandatory vendor assessments apply to all of our AI providers and training or fine-tuning models on customer data is prohibited by default. With the exception of image-based recognition for abuse monitoring, our AI subprocessors operate under a zero-retention configuration.

Computer has two main safety measures: human-in-the-loop (HITL) approvals that pause the agent before sensitive actions, and sandboxing (in the desktop app) that locks down what tools can touch while the agent runs.

The table below summarises how this plays out across various action types. When Computer pauses for approval, you can Approve or Reject, and choose a scope: Once (just this call) or Session (the rest of this chat).

For the full details on HITL approvals, sandboxing rules, and how to customise the allowlists, see the Safety section of documentation for Computer.

Like all large language model–based systems, Computer has inherent limitations. These include inaccurate or incomplete outputs (hallucinations), bias or overgeneralisation reflecting limitations in training data, lack of full context awareness, misinterpretation of ambiguous input, performing unintended actions if instructions are unclear

Because of these limitations Computer outputs should always be reviewed by humans, not be used as sole justification for decisions affecting individuals, not be treated as legally, medically, or professionally binding advice.

When using Computer to carry out sensitive actions (such as deleting files or executing bash commands), make sure to recheck the intended actions before Computer executes them.

Special category data and employee data should not be entered into Computer.

Since customers act as data controllers when using Computer, they remain responsible for lawful and fair use of input and output data.

We thereby encourage customers to review and update their privacy documentation before enabling Computer. Before doing so, it is advisable to define a clear and lawful purpose for your intended use of Computer, confirm that a valid legal basis exists for any personal data that will be processed, and consider how individuals whose data may be involved will be informed of such processing.

We also recommend exercising care around the nature and volume of data shared with Computer. Unnecessary or sensitive data should be avoided where possible, and you should consider what data you are permitted to share before granting Computer access to files, applications, or browser sessions. Particular caution is warranted when processing employee data or data relating to children.

Computer is not intended to be used for recruitment or employment decisions, creditworthiness assessment, law enforcement, border control, administration of justice, or the provision of critical infrastructure. Computer has not been developed to produce outputs that have legal or similarly significant effects on natural persons or make fully autonomous decisions that might impact a person solely through automated processing without any human intervention. It operates as a productivity and automation aid, with all consequential decisions remaining with human users.

Customers who deploy Computer to their own end users are responsible for ensuring those users are informed they are interacting with an AI system, unless this is already obvious from context. If Computer is integrated into a customer-facing product or workflow where the AI nature of the interaction may not be apparent, customers must apply their own disclosure mechanisms to satisfy this obligation.

AI systems evolve, and so do their risks. DevRev continuously reviews its safeguards, updates its policies, and re-assesses risks through ongoing DPIAs. This page will be updated as we learn more, improve controls, or introduce new features.

If you have questions about the responsible use of Computer, please contact us at dpo@devrev.ai or review our Security Documentation, and Privacy Policy.