Privacy Policy
Last updated: February 2026
DevOpser LLC ("DevOpser", "we", "us", or "our") operates the DevOpser Stores platform ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
1. Information We Collect
1.1 Information You Provide
We collect information you provide directly, including:
- Account information -email address, name, and authentication credentials (password hash or OAuth tokens)
- Website content -text, images, designs, and configurations you create using our builder
- Domain registration data -if you purchase a domain through us, we collect your full name, organization (if applicable), email address, phone number, and physical address as required by ICANN domain registration regulations
- Payment information -processed by Stripe, Inc. We do not store credit card numbers. We receive billing identifiers, plan details, and transaction status from Stripe
- Communications -messages you send to our support team
- Team and collaboration data -email addresses and roles of team members you invite
1.2 Information Collected Automatically
When you use our Service, we automatically collect:
- Log data -IP address, browser type, operating system, referring URLs, and pages visited
- Device information -device type, screen resolution, and language preferences
- Session data -authentication state maintained via encrypted session cookies
- Usage analytics -feature usage patterns, click events, and page navigation to improve the Service (via PostHog)
- Session recordings -recordings of your screen interactions within the Service (mouse movements, clicks, scrolling, and page content) to help us identify usability issues and improve the user experience. Session recordings may capture text you type into forms and other on-screen content. We configure PostHog to mask sensitive input fields (such as passwords) where possible
1.3 Information Collected on Your Behalf
When visitors interact with websites you build using DevOpser Stores, we collect on your behalf:
- Lead form submissions -all data submitted through contact forms on your site (names, emails, phone numbers, messages, and any custom fields you configure)
- Visitor analytics -anonymized page views, unique visitors, and conversion rates
- Visitor metadata -IP addresses, user agents, and referrer URLs associated with form submissions
You are the data controller for data collected through your websites. See Section 10 for your obligations.
1.5 Lead Data Sharing via Automations
The Service includes automation features (webhooks, Slack integrations, and other third-party connections) that allow you to send lead data collected through your websites to external services of your choosing. When you configure such automations, lead data (including names, emails, phone numbers, and form submissions) is transmitted to the third-party services you specify. You are the data controller for these transfers and are responsible for ensuring they comply with applicable data protection laws. See Section 10 for your obligations.
1.4 AI-Related Data
When you use our AI website builder or chat features, the text you provide (prompts, instructions, and conversation history) is sent to AI language model services for processing. We do not use your content to train AI models. See Section 5 for details on which services process this data.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, maintain, and improve the Service
- Process transactions and manage your subscription
- Register and manage domain names on your behalf
- Generate and host websites using AI assistance
- Deliver lead form submissions and analytics to you
- Send transactional emails (verification codes, lead notifications, auto-responders, team invitations)
- Send technical notices, security alerts, and support messages
- Detect, prevent, and address fraud, abuse, and security issues
- Comply with legal obligations
3. Legal Basis for Processing (EEA/UK/Israel)
If you are in the European Economic Area, United Kingdom, or Israel, our legal bases for processing your data are:
- Performance of a contract -processing necessary to provide the Service you signed up for (account management, hosting, domain registration, billing)
- Legitimate interests -improving the Service, preventing fraud, and ensuring security, where these interests are not overridden by your rights
- Consent -where you have given explicit consent, such as opting into marketing communications. You may withdraw consent at any time
- Legal obligation -processing required to comply with applicable laws (e.g., tax records, ICANN requirements)
4. Cookies and Tracking Technologies
We use the following cookies:
- Session cookie (essential) -maintains your authenticated session. HTTP-only, secure, expires when your session ends or after the configured timeout
- Language preference cookie (
lang) -stores your language selection (English or Hebrew). Persists for 1 year - PostHog analytics cookies (functional) -PostHog sets cookies to identify unique users, track sessions, and support session recording functionality. These cookies are used solely for product analytics and improving the Service. They are not used for advertising or cross-site tracking. For details, see PostHog's privacy policy
We do not use third-party advertising or cross-site tracking cookies. We do not participate in advertising tracking networks.
You can control cookies through your browser settings. Disabling the session cookie will prevent you from using the Service while logged in. Disabling PostHog cookies will prevent analytics and session recording from functioning.
5. Third-Party Service Providers
We share information with the following categories of service providers, solely to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting, site deployment, email delivery, domain registration, file storage, AI processing, container hosting, CDN distribution | All data necessary to operate the Service, including account data, site content, lead data, emails, domain WHOIS info, and AI conversation content |
| Stripe, Inc. | Payment processing | Email, name, plan selection. Stripe collects payment card information directly -we never receive or store card numbers |
| Google (OAuth) | Optional sign-in authentication | If you choose to sign in with Google: email, name, Google account ID |
| Apple / Google Play | In-app purchase processing (mobile app) | Transaction identifiers and subscription status |
| PostHog, Inc. | Product analytics and session recording | Usage events, page views, device information, IP address (anonymized), and session recordings (mouse movements, clicks, scrolling, and visible page content) |
We do not sell your personal information to any third party.
6. International Data Transfers
Your data may be processed in AWS data centers outside your country of residence, including in the United States and other regions. When we transfer data outside the EEA/UK/Israel, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- AWS's compliance with relevant data protection frameworks
- Stripe's compliance with relevant data protection frameworks
- PostHog's compliance with relevant data protection frameworks
7. Data Retention
- Account data -retained while your account is active. Upon account deletion, personal data is anonymized (see Section 9)
- Website content and leads -retained while your account is active. Leads are anonymized upon account deletion
- Domain registration data -retained for the duration of your domain registration as required by ICANN
- Payment records -retained for the period required by applicable tax and financial laws (typically 7 years)
- Session data -automatically expires after 1 day
- Server logs -retained for up to 90 days for security and debugging
8. Data Security
We implement appropriate technical and organizational measures to protect your information, including:
- Encryption in transit (TLS/SSL) and at rest
- Two-factor authentication (MFA) available for all accounts
- Strict Content Security Policy (CSP) on all pages
- Credential storage via AWS Secrets Manager
- Session cookies configured with httpOnly, secure, and sameSite attributes
- Rate limiting and CSRF protection on all endpoints
No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
9. Account Deletion and Data Removal
You may delete your account at any time from the Account Settings page. When you delete your account, we:
- Remove all deployed website infrastructure (hosting, containers, SSL certificates)
- Delete user-uploaded images from cloud storage
- Anonymize all lead data (form submissions, IP addresses, notes)
- Delete automations, API connections, and execution history
- Remove team memberships
- Delete conversation history
- Anonymize your user record (email, name, authentication credentials, OAuth IDs, and MFA secrets are cleared)
- Close associated AWS sub-accounts
Domain registrations cannot be immediately deleted due to ICANN regulations. Registered domains remain active until their expiration date.
10. Your Obligations as a Site Owner
When you use DevOpser Stores to build websites that collect visitor information (via contact forms, lead capture, etc.), you act as the data controller for that visitor data. You are responsible for:
- Providing your website visitors with an appropriate privacy notice
- Obtaining any required consent for data collection
- Responding to data subject requests from your visitors
- Complying with all applicable privacy laws in your jurisdiction and the jurisdictions of your website visitors
- Ensuring that any automations you configure to share lead data with third-party services (via webhooks, Slack, or other integrations) comply with applicable data protection laws, including having a lawful basis for the transfer and appropriate data processing agreements with the receiving parties
11. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access -request a copy of the personal data we hold about you
- Rectification -request correction of inaccurate data
- Erasure -request deletion of your data (see Section 9)
- Restriction -request that we limit processing of your data
- Portability -request your data in a structured, machine-readable format
- Objection -object to processing based on legitimate interests
- Withdraw consent -where processing is based on consent
To exercise any of these rights, contact us at info@devopser.io. We will respond within 30 days (or within the timeframe required by applicable law).
If you are in the EEA, you have the right to lodge a complaint with your local data protection authority. If you are in Israel, you may contact the Israeli Privacy Protection Authority (PPA).
12. Children's Privacy
Our Service is not intended for individuals under 16 years of age (or under 13 in jurisdictions where that is the applicable threshold). We do not knowingly collect personal information from children. If we learn that we have collected data from a child below the applicable age, we will delete it promptly.
13. Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users without undue delay and, where required by law, notify the relevant supervisory authority within 72 hours of becoming aware of the breach.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email.
15. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
- Email: info@devopser.io