Effective starting: December 1, 2022
We are committed to protecting your personal data and privacy and we follow the best practices and guidelines while collecting, processing, transferring and storing any Personally Identifiable Information (PII). Accordingly, we have developed this Policy in order to explain to you how we collect, secure, use, communicate and disclose, share and handle data pertaining to you.
Why do we collect your information?#
We collect some information related to you automatically while you are using the DevRev website or app and some information directly from you. We collect your for the following reasons:
- To confirm your identity. We need to identify you uniquely and for that purpose we use your PII, including your email address.
- Service provision. We need to use your PII to provide the services through the DevRev platforms. Here are some instances: your country is used to identify the jurisdiction you belong to so that we can handle your data, and provide services adhering to applicable laws. If you request support, we use your contact details to get in touch with you. If you want to pay for a service, we use your payment details to process that payment.
- To improve and customize your content. In order to provide the best user experience, based on the familiarity level of the user with the DevRev platform and the use cases they try to implement.
- Analyze how the DevRev platform is being used. We rely on analytics of youbrowser based activity and applications to improve the performance of our platform. Among examples: we use analytics to evaluate design decisions, find bugs in the systems, and recommend actions and features to users. These are collected in an anonymous manner.
- To update you on our services. If there are updates to your service, important information you need to know, or if we think you would be interested in our technology and what we’re doing with it, we’ll get in touch with you using your contact details. You can unsubscribe from our marketing emails at any time by either clicking on the unsubscribe link at the bottom of the email.
How do we collect your information?#
Information we collect automatically: As is the case with almost all services and websites available on the Internet, we collect some information related to you automatically while you are using the DevRev Services. Here is the information we collect automatically when you visit the DevRev website or product:
- Your I.P. address, your browser type, device info, the time and frequency you access our site, and the URL you came from. This type of generic information won’t reveal your identity as a visitor but is still useful to us to analyze the user regions, frequently visited portions of our site and develop device specific improvements.
- The interactions with app.devrev.ai as a logged-in user. This information is important to us to analyze the ways in which you interact with the DevRev App, to understand the users’ needs and to make our service better suited to those needs. Such usage data does not identify you personally.
- The application logs that are corresponding to the activities you do on app.devrev.ai as a logged-in user. These logs will be tracked against your corresponding DevRev identity for auditing and troubleshooting purposes.
- When you sign up or/ sign in to the app.devrev.ai from an external identity provider, we store a persistence reference to your account at the external identity provider, provided to the DevRev platform by your identity provider.
Information we collect directly: We collect the following information from you directly when you interact with the DevRev platform at different stages. When you sign up on the DevRev website or on the DevRev App at app.devrev.ai we collect your display name, country, and email address with your consent. If you are subscribing to paid services we collect your payment information.
Information you provide: When you interact with the DevRev platform at different stages, you may decide to provide certain information to the DevRev platform with respect to users under your control. In such a case DevRev platform is only activating as a processor of the corresponding Personally Identifiable Information (PII) and you take the responsibility of taking any appropriate consent from the users, before sharing any PII with the DevRev platform.
When you import data from any of the available connectors such as to the DevRev platform, the attributes each connector collects from the corresponding external services are defined by the connector itself:
- The connector may import the following attributes from the corresponding connector account:groups, roles, user names and email addresses; issues; comments; attachments; projects including configurations.
- The connector may also import the following attributes from the corresponding organization: users, teams;; source code; milestones; issues; comments; projects; pull-requests; commits.
How is the information used?#
We use the information we collect about you (including PII to the applicable extent) for a variety of purposes, including to:
- Provide, operate, maintain, improve, and promote DevRev Services;
- Enable you to access and use DevRev Services;
- Process and complete transactions, and send you related information, including purchase confirmations and invoices;
- Communicate with you, including responding to your requests, comments, questions; providing customer service and support; providing you with information about updates, new launches, improvements, services, features, surveys, newsletters, offers, promotions, contests and events; providing other news or information about us and our select partners; and sending you technical notices, updates, security alerts, and support and administrative messages. Generally, you have the ability to opt out of receiving any promotional communications.
- Monitor and analyze trends, usage, and activities in connection with DevRev Services and for marketing or advertising purposes;
- Investigate and prevent fraudulent transactions, unauthorized access to DevRev Services, and other illegal activities;
- Personalize DevRev Services, including by providing content, features, or suggestions that match your interests and preferences;
- Enable you to communicate, collaborate, and share content with users you designate;
- For any other purposes that we notify you about.
Analytics: We make extensive use of analytics information to understand how DevRev Services are being configured and used, how they can be improved for the benefit of all of our users, and to develop new products and services.
DevRev is committed to secure your personal information while collecting, processing, transferring and storing. All personal information is transmitted over a secured channel with Transport Layer Security (TLS) and stored securely. Access to the PII via APIs are strictly restricted by access control policies. We treat data as an asset that must be protected against loss and unauthorized access. Please be aware that while we take reasonable efforts to guard your PII, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications mechanism, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers.
Information sharing and disclosure.
We do not share or disclose your PII with third-parties, except as described in this policy, We share information with third parties that help us operate, provide, improve, integrate, customize, support and market our Services. We do not sell your PII, and we do not share your PII with third-parties for their marketing purposes without your permission. This is how your information may be shared:
- With your consent: We may share your PII with third-parties when you have consented to it.
- Business partners and service providers: We may work with third-party service providers to provide storage, infrastructure, analysis or other services, who may have access to or process your PII as part of providing those services for us.
- Legal compliance, protection and security: We may disclose your Information (including your PII) to a third-party if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request; (b) to protect the security or integrity of DevRev's products and services; (c) to enforce our agreements, policies and terms; (d) to protect DevRev, our customers or the public from harm or illegal activities; or (e) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
- Business reasons: We may share or transfer your information (including your PII) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
- Anonymized or aggregate data: We may also share aggregated or anonymized information that does not directly identify you with the third-parties described above.
How long we keep information?#
How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or de-identify your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
Account information: We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.
Information you share on the Services: If your account is deactivated or disabled, some of your information and the content you have provided will remain in order to allow your team members or other users to make full use of the Services. For example, we continue to display messages you sent to the users that received them and continue to display content you provided, but when requested, details that can identify you will be removed.
Managed accounts: If the Services are made available to you through an organization (e.g., your employer), we retain your information as long as required by the administrator of your account.
Marketing information: If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Services, such as when you last opened an email from us or ceased using your DevRev account. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
How to access and control your information
You have certain choices available to you when it comes to your information. Below is a summary of those choices, how to exercise them and any limitations.
You have the right to request a copy of your information, to object to our use of your information (including for marketing/growth purposes), to request the deletion or restriction of your information, or to request your information in a structured, electronic format. Below, we describe the tools and processes for making these requests. You can exercise some of the choices by logging into the Services and using settings available within the Services or your account. Where the Services are administered for you by an administrator (see "Notice to End Users" below), you may need to contact your administrator to assist with your requests first. For all other requests, you may contact us as provided in the “Contact Us” section below to request assistance.
Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your administrator are permitted by law or have compelling legitimate interests to keep. Where you have asked us to share data with third parties, for example, by installing third-party apps, you will need to contact those third-party service providers directly to have your information deleted or otherwise restricted. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.
Access and update your information: Our Services and related documentation give you the ability to access and update certain information about you from within the Service. For example, you can access your profile information from your account and search for content containing information about you using keyword searches in the Service. You can update your profile information within your profile settings and modify content that contains information about you using the editing tools associated with that content.
Deactivate your account: If you no longer wish to use our Services, you or your administrator may be able to deactivate your Services account. If you wish to deactivate your own account, that setting is available to you in your account settings. Otherwise, please contact your administrator. If you are an administrator and are unable to deactivate an account through your administrator settings, please contact the appropriate support team (see DevRev support pages). Please be aware that deactivating your account does not delete your information; your information remains visible to other Service users based on your past participation within the Services. For more information on how to delete your information, see below.
Delete your information: Our Services give you the ability to delete certain information about you from within the Service. For example, you can remove content that contains information about you using the key word search and editing tools associated with that content, and you can remove certain profile information within your profile settings. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
Opt-out of communications: You may opt out of receiving promotional communications from us by using the unsubscribe link within each email, updating your email preferences within your Service account settings menu, or by contacting us to have your contact information removed from our promotional email list or registration database. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding our Services. You can opt out of some notification messages in your account settings. Please note, you will continue to receive generic ads.
You may be able to opt out of receiving personalized advertisements from other companies who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance's Self-Regulatory Principles for Online Behavioral Advertising. For more information about this practice and to understand your options, please visit: http://www.aboutads.info, http://optout.networkadvertising.org/ and
Send "Do Not Track" Signals: Some browsers have incorporated "Do Not Track" (“DNT”) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not yet a common understanding of how to interpret the DNT signal, our Services do not currently respond to browser DNT signals. You can use the range of other tools we provide to control data collection and use, including the ability to opt out of receiving marketing from us as described above. Having content embedded on DevRev's website such as a social feature may set cookies on your browser and/or obtain information about the fact that a web browser visited a specific Devrev website with a certain IP address. Third parties can't collect any other PII from our website unless you directly provide it to them.
Data portability: Data portability is the ability to obtain some of your information in a format you can move from one service provider to another (for instance, when you transfer your mobile phone number to another carrier). Depending on the context, this applies to some of your information, but not to all of your information. Should you request it, we will provide you with an electronic file of your basic account information and the information you create on the spaces under your sole control.
How we transfer information we collect internationally
International transfers of information we collect
We collect information globally and may transfer, process and store your information outside of your country of residence, to wherever we or our third-party service providers operate for the purpose of providing you the Services. Whenever we transfer your information, we take steps to protect it.
International transfers within the DevRev Companies: To facilitate our global operations, we transfer information globally and allow access to that information from countries in which the DevRev owned or operated companies and have operations for the purposes described in this policy. These countries may not have equivalent privacy and data protection laws to the laws of many of the countries where our customers and users are based. When we share information about you within and among DevRev corporate affiliates, we make use of standard contractual data protection clauses, which have been largely adopted by countries worldwide or other appropriate legal mechanisms to safeguard the transfer.
Notice to End Users#
Many of our products are intended for use by organizations. Where the Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Services and is responsible for the accounts and/or Service sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization's policies. We are not responsible for the privacy or security practices of an administrator's organization, which may be different than this policy.
Administrators are able to:
- require you to reset your account password;
- restrict, suspend or terminate your access to the Services;
- access information in and about your account;
- access or retain information stored as part of your account;
- install or uninstall third-party apps or other integrations
In some cases, administrators can also:
- restrict, suspend or terminate your account access;
- change the email address associated with your account;
- change your information, including profile information;
- restrict your ability to edit, restrict, modify or delete information
Even if the Services are not currently administered to you by an organization, for e.g., if you use an email address provided by an organization (such as your work email address) to access the Services, then the owner of the domain associated with your email address (e.g. your employer) may assert administrative control over your account and use of the Services at a later date. You will be notified if this happens.
If you do not want an administrator to be able to assert control over your account or use of the Services, you should deactivate your membership with the relevant enterprise, or use your personal email address to register for or access the Services. If an administrator has not already asserted control over your account or access to the Services, you can update the email address associated with your account through your account settings in your profile. Once an administrator asserts control over your account or use of the Services, you will no longer be able to change the email address associated with your account without administrator approval.
Please contact your organization or refer to your administrator’s organizational policies for more information.
( Exercising your rights: If you are a California resident, there are some additional rights that may be available to you under the California Consumer Protection Act (“CCPA”) such as the right to deletion and the right to request access to the categories of information we have collected about you. We encourage you to manage your information, and to make use of the privacy controls we have included in our Services. You will not be discriminated against for exercising any of your privacy rights under the CCPA. In order to protect your information from unauthorized access or deletion, we may require you to provide additional information for verification. If we cannot verify your identity, we will not provide or delete your information. )
Exercising Your Rights.
In accordance with the CCPA, and subject to exceptions, California Consumers (as that term is defined in the CCPA) have the following rights:
i. Access. You have the right to request that DevRev disclose and deliver the categories of Personal Information DevRev has collected about you, or the specific pieces of Personal Information the business has collected about you;
ii. Deletion. You have the right to request the deletion of your Personal Information in certain situations, except where the law allows a business to maintain a Consumer’s Personal Information, including where the Personal Information is necessary to perform a contract between the business and the consumer;
iii. Opt-Out. You have the right to opt-out of the sale of your Personal Information, but as stated above.
iv. Non-Discrimination. You have the right to not be discriminated against, for exercising any of your privacy rights under the CCPA.
In order to protect your information from unauthorized access or deletion, we may require you to provide additional information for verification. If we cannot verify your identity, we will not provide or delete your information. We encourage you to manage your information, and to make use of the privacy controls we have included in our Services
Processing your information: We may process your information for "business purposes" under the CCPA - such as to protect against illegal activities, and for the development of new products, features, and technologies.
If you have any questions or would like to exercise your rights under the CCPA, you can reach out to us at firstname.lastname@example.org
Our policy towards children#
The Services are not directed to individuals under 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information in accordance with the Children's Online Privacy Protection Act of 1998 ("COPPA"). If you become aware that a child has provided us with personal information, please contact us.
European Economic Area ("EEA") Requirements.#
If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them.
If you have questions or concerns about how your information is handled, please direct your inquiry to DevRev, which we have appointed to be responsible for facilitating such inquiries or, if you are a resident of the European Economic Area, please contact our EU Representative.
Last revised on: 1st December, 2022