Privacy Policy
Effective date: 25 October 2025
Last updated: 25 October 2025
Devad.io (“we”, “us”, “our”) operates the web sites and on-line services
post.devad.io, postz.devad.io, chat.devad.io and devad.io (the “Services”).
We are committed to protecting your privacy and to meeting global data-protection laws.
This policy explains what personal data we collect, why we collect it, how we use it, and the choices you have.
1. Information we collect
A. Information you provide
- Account credentials (name, email, password hash)
- Social-media account tokens (Facebook, Instagram, WhatsApp, LinkedIn, Google, etc.)
- Content you schedule or send (text, images, videos, captions)
- Customer-support messages you exchange through our unified inbox
- Payment information (processed by Stripe/Paddle; we store only transaction ID and last-4 digits)
B. Information collected automatically
- Device and log data (IP, browser, OS, timestamps)
- Cookies and similar technologies (see our Cookie Policy)
- Usage analytics (clicks, feature usage, error reports)
- Message delivery and read receipts supplied by the social platforms
C. Information from third parties
- Facebook, Instagram, WhatsApp, Google, LinkedIn and other platforms supply:
– Page/Account IDs, post IDs, message content, comment data, basic insights (reach, impressions, saves)
– Profile photos and display names of end-users who interact with your pages
We only request the minimum permissions necessary to deliver the Services.
2. Legal bases for processing (EEA visitors)
| Purpose | Legal basis |
|---|---|
| Provide the Services | Contract |
| Bill and collect payments | Contract |
| Send product updates or marketing | Consent (opt-out any time) |
| Respond to legal requests | Legal obligation |
| Improve and secure the Services | Legitimate interests |
3. How we use the information
- To publish, schedule or delete posts and stories on your connected social accounts
- To deliver, receive and store messages via WhatsApp, Messenger, Instagram DM, etc.
- To show analytics (reach, impressions, replies) inside the dashboard
- To bill you, send quota alerts, and process plan upgrades/downgrades
- To maintain security, prevent spam or abuse, and debug issues
- To send you feature announcements or newsletters (you can unsubscribe)
4. Sharing and disclosure
We never sell personal data. We only share it:
- With the social-media platforms (Facebook, WhatsApp, Google, etc.) to perform the actions you request
- With sub-processors (Stripe, Razorpay, SendGrid, AWS, Google Cloud) who are bound by data-processing agreements
- When legally required (court order, government request)
- With your consent (for example, adding an affiliate or third-party plugin)
5. Data retention
- Active accounts: data stays until you delete it or close the account
- Closed accounts: hard-delete within 90 days, except data we must keep for tax or fraud-prevention purposes
- Backups: may persist up to 30 additional days before automatic destruction
- Analytics logs: aggregated after 12 months, raw logs deleted after 26 months
6. Security
- HTTPS/TLS 1.3 in transit; AES-256 at rest
- OAuth 2.0 / OIDC for authentication; passwords hashed with bcrypt 12+ rounds
- Annual penetration tests and continuous vulnerability scanning
- Role-based access inside Devad.io staff – no single employee can access both database and backups
7. International transfers
We host in AWS eu-central-1 (Frankfurt). Where we transfer data outside the EEA we rely on:
- Standard Contractual Clauses approved by the European Commission, or
- ** adequacy decisions** for the country concerned
8. Your rights
| Right | How to exercise |
|---|---|
| Access / portability | Email [email protected] – we will send you a JSON export within 30 days |
| Rectification | Update inside Settings, or ask us |
| Erasure | Delete account inside Settings; we will confirm once data is purged |
| Restriction / objection | Contact us; we will stop processing unless a legal exception applies |
| Withdraw consent | Use the unsubscribe link in any marketing email |
| Lodge a complaint | With your local supervisory authority (e.g., ICO, DPA, BfDI) |
9. Children
Our Services are not directed to children under 13. We do not knowingly collect data from minors. If you believe we have, contact us and we will promptly delete it.
10. Changes to this policy
We will post any material changes on this page and, if significant, notify you by email or in-app banner.
11. Contact us
For any privacy-related questions, exercising your rights, or to reach our Data Protection Officer:
Email: [email protected]