DevAegis
DevAegis
Get Started
Legal

Privacy Policy

We collect what we need to run the service. We don't sell your data. Full stop.

Last updated: April 2026

1. Who We Are

DevAegis is operated by WebEpex, founded by Prakhar Vohra. We provide code protection and business management tools for developers and agencies at devaegis.com and app.devaegis.com.

For privacy questions, contact us at privacy@devaegis.com

2. What We Collect

Account Data

Name, email address, password (hashed with bcrypt - never stored in plain text), and account settings you configure.

Business Data

Client records, projects, invoices, tasks, and team members you create within the platform. This data belongs to you.

Payment Data

Subscription and billing data is processed by DodoPayments. We store subscription status and plan information. We do not store raw card numbers or payment credentials.

Usage & Technical Data

IP addresses, browser type, device type, pages visited, API call logs, and error reports. Used for security, debugging, and improving the platform.

SMTP Credentials

If you configure your own SMTP for invoice delivery, those credentials are stored encrypted in our database and never exposed in API responses.

3. What We Don't Collect

  • Your unencrypted source code - Aegis processes code for encryption only; we do not retain plaintext
  • Your clients' personal data beyond what you explicitly enter
  • Marketing tracking pixels or cross-site surveillance data
  • Data sold to third parties - ever

4. How We Use Your Data

  • Providing and improving the DevAegis platform
  • Processing your subscription and billing
  • Sending transactional emails (OTP verification, invoice copies, payment reminders)
  • Responding to support requests
  • Detecting and preventing fraud or abuse
  • Complying with legal obligations

We do not use your data for advertising. We do not build marketing profiles. We do not sell or rent your data to anyone.

5. Data Sharing

We share data only with the following categories of service providers, and only what's necessary:

  • DodoPayments - subscription billing and checkout processing
  • Cloud hosting providers - servers and database infrastructure
  • Redis/cache providers - rate limiting and session management

All service providers are bound by data processing agreements. We do not share data with advertisers, data brokers, or unrelated third parties.

6. Data Retention

We retain your data as long as your account is active. After account deletion:

  • Account and business data: retained 30 days for recovery, then deleted
  • Billing records: retained as required by applicable financial regulations
  • Security logs: retained up to 90 days

Soft-deleted records (clients, projects marked inactive) remain in the database but are not accessible through the product. They are purged on account deletion.

7. Cookies & Tracking

The DevAegis web app uses:

  • Authentication tokens - stored in localStorage as dae_token (JWT, 7-day expiry)
  • Session state - for multi-step flows like onboarding

We do not use third-party tracking cookies, Google Analytics, Meta Pixel, or similar surveillance tools.

8. Security

We take security seriously. Key measures include:

  • Passwords hashed with bcrypt (12 rounds)
  • All API communication over HTTPS/TLS
  • JWTs validated on every protected request
  • Aegis encryption keys derived via HMAC-SHA256 - never stored in database
  • Webhook signatures verified using standardwebhooks specification
  • Rate limiting on all public endpoints

No system is perfectly secure. If you discover a vulnerability, please report it to security@devaegis.com

9. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for optional processing

To exercise these rights, contact us at privacy@devaegis.com. We will respond within 30 days.

10. Children

DevAegis is not intended for users under 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it promptly.

11. Changes to This Policy

We'll notify you of significant changes via email. The "Last updated" date at the top of this page reflects the most recent revision. Continued use after changes constitutes acceptance.

← Back to DevAegis