Dvelop AI ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the Dvelop AI platform at dvelopai.com (the "Service"). By using our Service, you consent to the data practices described in this policy.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address — used for authentication, communication, and account recovery
- Display name — used within the platform interface
- Password hash — your password is cryptographically hashed and never stored in plain text
- Google account data (if using Google Sign-In) — name, email, and profile picture as authorized through Google OAuth
1.2 Conversation and Usage Data
As you use the platform, we collect and store:
- Conversations — messages you send to and receive from AI models
- Goals — goals you create, their status, and progress data
- Memory summaries — contextual memory generated by the AI to improve future conversations
- Model preferences — your selected AI models and configuration settings
- Usage analytics — feature usage patterns, session duration, and interaction counts (for platform improvement)
1.3 API Connection Metadata
When you connect third-party accounts, we store:
- OAuth tokens — encrypted access and refresh tokens for connected services
- Connection metadata — service type, account identifier, connection status, and permission scopes
- API keys — encrypted BYOK (Bring Your Own Key) credentials for AI providers
1.4 Payment Information
Payment processing is handled entirely by Stripe. We do not store your full credit card number, CVV, or bank account details on our servers. We receive and store:
- Stripe customer ID
- Subscription status and plan tier
- Last four digits of your payment method (for display purposes)
- Billing history and invoice records
1.5 Technical Information
We automatically collect certain technical information:
- IP address
- Browser type and version
- Device type and operating system
- Referring URL
- Pages visited and actions taken on the platform
2. How We Store Your Data
2.1 Database Infrastructure
| Data Type |
Storage Location |
Security Measures |
| Core account data (username, email, password hash) |
WordPress MySQL database |
Standard WordPress security, bcrypt password hashing |
| Conversations, goals, memory, connections |
Supabase (PostgreSQL) |
Row Level Security (RLS), TLS encryption in transit |
| API keys and OAuth tokens |
Supabase (PostgreSQL) |
AES-256-GCM encryption at rest, RLS |
| Payment data |
Stripe (PCI-DSS compliant) |
Stripe's security infrastructure; we only store references |
2.2 Encryption Standards
We use the following encryption standards to protect your data:
- AES-256-GCM — for encrypting API keys, OAuth tokens, and other sensitive credentials stored in our database
- HTTPS/TLS — for all data in transit between your browser and our servers
- bcrypt — for hashing passwords stored in WordPress
- Webhook signature verification — for validating incoming webhooks from Stripe and other services
3. How We Use Your Information
We use the information we collect for the following purposes:
- Providing the Service — processing AI conversations, managing goals, storing memory context, and enabling third-party integrations
- Account management — authentication, authorization, and account administration
- Billing and payments — processing subscriptions, managing credits, and handling refunds
- Platform improvement — analyzing usage patterns to improve features, performance, and user experience
- Communication — sending service-related notices, security alerts, and (with your consent) product updates
- Security — detecting fraud, preventing abuse, and maintaining the integrity of the platform
- Legal compliance — meeting applicable legal obligations and responding to lawful requests
4. Third-Party Services
We integrate with or rely on the following third-party services:
4.1 Payment Processing
- Stripe — processes all subscription payments and stores payment methods. Stripe's privacy policy applies to payment data they handle. See stripe.com/privacy.
4.2 AI Providers (via BYOK)
- OpenAI — when you use your own OpenAI API key
- Anthropic — when you use your own Anthropic API key
- Google AI — when you use your own Google AI API key
- OpenRouter — when you route requests through OpenRouter with your key
BYOK Notice: When you use your own API keys, your conversation data is sent directly to the AI provider you choose. Dvelop AI does not control how those providers process, store, or use your data. You should review each provider's privacy policy and terms of service.
4.3 Authentication
- Google OAuth — if you sign in with Google, we receive your name, email, and profile picture. We do not access other Google account data unless you explicitly connect additional Google services.
4.4 Connected Platforms (User-Authorized)
When you connect social media or other accounts, the respective platform's privacy policy governs their handling of your data. These may include:
- Facebook / Meta
- Twitter / X
- Instagram
- LinkedIn
- Gmail
5. Data Sharing
We do NOT sell your personal data. We do not share, rent, or trade your information with third parties for marketing purposes.
We share data only in the following limited circumstances:
- Service providers — with the third-party services listed in Section 4, solely to provide platform functionality
- AI providers (BYOK) — conversation data is sent to AI providers when you initiate requests using your own API keys
- Legal requirements — if required by law, subpoena, court order, or government request
- Safety and security — to protect the rights, property, or safety of Dvelop AI, our users, or the public
- Business transfers — in connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity (you would be notified)
6. Cookies
Dvelop AI uses minimal cookies:
- WordPress session cookies — essential cookies for authentication and maintaining your login session
- Preferences cookies — to remember your settings (e.g., selected AI model, theme preferences)
We do not use third-party tracking or advertising cookies.
For more information, see our Cookie Policy.
7. Data Retention
- Active accounts: Your data is retained for as long as your account is active and your subscription is current.
- Cancelled subscriptions: After subscription cancellation, your data is retained for 30 days to allow for reactivation or data export.
- Account closure: When you request account deletion, your data is permanently deleted within 30 days.
- Backup retention: Encrypted backups may persist in our backup systems for up to 90 days after deletion, after which they are purged.
- Legal obligations: We may retain certain records as required by applicable law (e.g., billing records for tax purposes).
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
8.1 General Rights
- Right of Access — request a copy of the personal data we hold about you
- Right to Correction — request correction of inaccurate or incomplete personal data
- Right to Deletion — request deletion of your personal data ("right to be forgotten")
- Right to Data Portability — request your data in a structured, machine-readable format
- Right to Restrict Processing — request that we limit how we use your data
- Right to Object — object to certain types of data processing
8.2 GDPR Rights (European Economic Area)
If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority. Our legal basis for processing your data includes contract performance, legitimate interest, and consent.
8.3 CCPA Rights (California Residents)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including:
- The right to know what personal information we collect, use, and disclose
- The right to request deletion of your personal information
- The right to opt-out of the sale of personal information (we do not sell your data)
- The right to non-discrimination for exercising your privacy rights
To exercise any of these rights, contact us at privacy@dvelopai.com. We will respond to verified requests within 30 days.
9. Children's Privacy
Dvelop AI is intended for users aged 18 and older. We do not knowingly collect personal information from children under the age of 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete that information promptly. If you believe a child under 18 has created an account, please contact us at privacy@dvelopai.com.
10. Security Measures
We implement a range of security measures to protect your personal data:
- Encryption at rest — AES-256-GCM for sensitive credentials, bcrypt for passwords
- Encryption in transit — HTTPS/TLS for all connections
- Row Level Security — database-level access controls ensuring users can only access their own data
- Webhook signature verification — cryptographic verification of incoming webhooks to prevent tampering
- Secure authentication — CSRF protection, nonce validation, and secure session management
- Regular security reviews — ongoing monitoring and assessment of our security posture
Despite our efforts, no security measures are completely impervious. We encourage you to use strong, unique passwords and to secure your API keys. If you discover a security vulnerability, please report it to privacy@dvelopai.com.
11. International Data Transfers
Your data may be processed and stored in the United States and other countries where our service providers operate. If you are located outside the United States, your data may be transferred internationally. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where applicable.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this page and, for significant changes, by sending a notification to the email address associated with your account. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: