Privacy Policy

Effective Date: April 12, 2026

DeviceSDK (“we”, “us”, or “our”) operates the devicesdk.com platform, including the API, dashboard, CLI tools, and related services (collectively, the “Service”). This Privacy Policy explains how we collect, use, and protect your information.

1. Information We Collect

Account Information

When you create an account, we collect information provided by your Google account through OAuth 2.0, including your name, email address, and profile picture.

Device and Telemetry Data

When you connect devices to the Service, we collect:

• Device connection status and metadata (device type, connection timestamps)
• Log messages generated by your device scripts
• Environment variables you configure for your projects (stored encrypted)

Usage Data

We automatically collect information about how you interact with the Service, including:

• Pages visited and features used
• API requests and response metadata
• Browser type, IP address, and general location

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Authenticate your identity and manage your account
• Execute your device scripts and deliver telemetry data
• Monitor for abuse, ensure platform security, and enforce rate limits
• Send important service-related communications

We do not sell your personal information to third parties.

3. Data Storage and Security

Your data is stored on globally distributed infrastructure. We implement industry-standard security measures including:

• Encrypted connections (TLS) for all data in transit
• API tokens hashed with SHA-256 before storage
• Secure, httpOnly session cookies with strict SameSite policies
• Role-based access controls ensuring you can only access your own projects and devices

4. Third-Party Services

We use the following third-party services:

• Google OAuth 2.0 for authentication — subject to Google’s Privacy Policy
• Sentry for error monitoring — subject to Sentry’s Privacy Policy

We do not share your device telemetry data or script source code with any third party.

5. Data Retention

• Account data is retained for the lifetime of your account.
• Device logs are retained for up to 30 days.
• Deleted accounts are processed within 30 days of a deletion request. Upon deletion, all associated projects, devices, tokens, and scripts are permanently removed.

6. Your Rights

You have the right to:

• Access your personal data through the dashboard or API
• Delete your account and all associated data at any time from the Account page
• Export your project and device configurations via the API
• Withdraw consent by closing your account

For users in the European Economic Area (EEA), you additionally have the right to data portability, rectification, and to lodge a complaint with your local data protection authority.

For users in California, you have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and the right to request deletion.

7. Cookies

We use a minimal set of cookies:

• Session cookie — httpOnly, secure; used to maintain your authenticated session
• CSRF cookie — httpOnly, secure; used to prevent cross-site request forgery

We do not use advertising or tracking cookies.

8. Children’s Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Service or by email.

10. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Email: support@devicesdk.com