Devzuno

Privacy Policy – Devzuno Technologies

Last Updated: June 18, 2026

We’re Devzuno Technologies (registered and operating from Uttar Pradesh, India; website: devzuno.com). We design websites, build mobile apps, and write custom automation workflows for businesses.

Because we handle client database setups, custom source codes, and business details, protecting your data is our primary responsibility. This Privacy Policy explains, in detail, how we collect, use, record, process, store, and safeguard your personal information and sensitive business data. We do this in strict accordance with Indian laws, including the Information Technology Act, 2000 (and its Rules) and the Digital Personal Data Protection (DPDP) Act, 2023.

If you have any questions or wish to exercise your rights regarding your personal data, you can reach our Grievance Officer at support@devzuno.com.

1. Consent and Your Rights as a Data Principal

Under India’s DPDP Act 2023, you are the Data Principal (the owner of your personal data) and we are the Data Fiduciary (the entity that decides how and why to process your data).

  • How We Get Consent: By browsing our website, submitting an inquiry form, or hiring us for a project, you give us clear consent to collect and process your personal details. This processing is strictly limited to delivering our services to you.
  • Right to Withdraw Consent: You’re free to change your mind and withdraw your consent at any time. Just email us. If you do, we’ll stop processing your data, though it might mean we won’t be able to continue working on your project or supporting your website.
  • Right to Access & Summary: You have the right to request a summary of the personal data we hold about you, the processing activities we perform, and the names of any third parties we have shared your data with.
  • Right to Correction and Erasure: You can ask us to correct inaccurate details, complete incomplete data, or erase your personal information when it’s no longer needed for our project delivery.
  • Right to Nominate: You can nominate another individual to exercise your data rights on your behalf in the event of death or physical/mental incapacity.

2. What Information Do We Collect?

We only collect information that is absolutely necessary to deliver our IT, development, and automation services. We divide this into two categories:

A. Information You Give Us Directly

Under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, some of the data you share may be categorized as Sensitive Personal Data or Information (SPDI). We collect:

  • Contact Details: When you inquire about a project, request a quote, or sign up, we collect your name, business name, official email, phone number (+91 92193 17352), and address.
  • Passwords (SPDI): We collect temporary login passwords for your servers, cPanel, database environments, or Git repositories so we can deploy and maintain your software.
  • Billing and Financial Data (SPDI): If you purchase one of our service plans or packages, we collect billing details and tax information (like GSTIN). We use secure, PCI-DSS compliant third-party payment gateways (like Stripe or Razorpay) to process transactions. We never see, record, or store your net banking credentials, UPI pins, or raw credit/debit card numbers.
  • Project Assets and Logins: To develop your software, you may provide us with technical requirements, server access (FTP/SSH), Git repository logins, database backups, and third-party API keys (like Google, Firebase, or SMS gateways).
  • Communication History: We save records of your emails, WhatsApp chats, and support tickets to help resolve technical issues faster.

B. Information Collected Automatically

  • Server Logs: When you visit our website, our servers automatically log details like your IP address, browser type, Internet Service Provider (ISP), date/time stamps, referring pages, and clicks. This data is anonymous and helps us monitor site performance and prevent cyber attacks.
  • Cookies: We use basic cookies to keep you logged in to our client dashboard and save your preferences (like dark mode). You can block cookies in your browser settings if you prefer.
  • Google Analytics & DoubleClick DART Cookies: We use tracking tools like Google Analytics to understand how visitors find and use our site. Google may use cookies (including the DART cookie) to serve ads based on your visit. You can opt-out of Google’s cookie usage by visiting the Google Ad and Content Network Privacy Policy.

3. How We Use Your Information (Detailed Purposes)

In line with Indian data protection laws, we process your data only for legitimate business purposes:

  • Project Engineering: To design, code, test, and deploy your web and mobile applications.
  • Server Setup and Deployment: To configure hosting accounts, manage DNS records, set up SSL certificates, migrate databases, and run backup recovery.
  • Account Management: To register your client account, send milestone updates, and process GST-compliant invoices.
  • Technical Support: To troubleshoot code errors, fix server crashes, and deliver agreed support.
  • Security Monitoring: To monitor server logs, run security scans, and prevent hacking attempts or DDoS attacks.
  • Legal and Tax Compliance: To comply with statutory tax audits under Indian regulations and cooperate with law enforcement if needed.

We do not sell, rent, trade, or share your personal details or project data with marketing companies.

4. Keeping Your Code and Databases Secure

Under Section 43A of the IT Act, 2000, we are committed to maintaining reasonable security practices to protect your sensitive personal data:

  • Access Controls: Only the specific developers, designers, and project managers assigned to your project can access your source code, staging databases, and credentials.
  • Secure Storage: All server keys, API tokens, and admin credentials are stored in encrypted password vaults.
  • Vulnerability Checks: We run regular checks on our staging servers to identify and fix security gaps.
  • Post-Delivery Safety: Once we deliver your project, we recommend changing all server and admin passwords. Devzuno is not liable for server breaches after project hand-off is completed.

5. Company Safety: Disclaimers and Limitations

A. Data Processor vs. Data Controller

Devzuno Technologies operates solely as a Data Processor for the custom websites, databases, and mobile applications we build for our clients. The client remains the sole Data Controller for their own customers’ or users’ personal data. The client is legally responsible for implementing their own privacy policy, gathering valid user consent, and complying with data laws. Devzuno is not liable for how clients manage user databases post-delivery.

B. Third-Party Infrastructure Disclaimer

While we follow industry-standard security protocols during development, we do not own, control, or operate the hosting servers, staging environments, or cloud networks (such as AWS, Hostinger, cPanel hosts) chosen by our clients. Devzuno is not liable for any data leaks, server hacks, ransomware attacks, or outages caused by the security gaps of these third-party hosting providers.

C. Client Indemnity

The client agrees to defend, indemnify, and hold Devzuno Technologies harmless from any legal actions, claims, financial penalties, or costs arising from:

  • Copyright or trademark violations on texts, images, or assets provided by the client.
  • Data breaches on server accounts managed by the client.
  • Illegal or unauthorized database configurations implemented by the client post-launch.

6. Sharing and Trans-Border Transfer of Data

We do not share your personal data with third parties, except in these necessary cases:

  • Service Providers: We use trusted Indian and global cloud platforms (like AWS for hosting) and payment gateways strictly to run our business and deploy your projects.
  • Cross-Border Transfers: Staging databases are hosted on secure servers (like AWS Mumbai Region) to ensure low latency. If any data is transferred outside India for cloud services, we ensure the recipient country provides equivalent data protection standards.
  • Legal Requirements: If required by government authorities, cyber cells, or law enforcement under Indian law, we will disclose information to comply with legal procedures.

7. How Long Do We Keep Your Data?

We retain your contact and transaction details as long as you remain an active client, or as required to meet Indian tax and audit regulations.

For files, source codes, and databases hosted on our testing environments, we permanently delete them 30 days after delivering the project, unless you subscribe to an ongoing maintenance package.

8. Data Breach Notification Protocol

In the highly unlikely event of a security breach or cyber incident on Devzuno’s internal servers that impacts your data, we will:

  • Investigate the breach and contain the threat immediately.
  • Notify the affected client administrators via email within a reasonable time frame.
  • Cooperate with CERT-In (Indian Computer Emergency Response Team) and comply with statutory reporting timelines under the DPDP Act 2023.

9. Third-Party Links

Our website and portfolio may contain links to external sites (like client websites, third-party APIs, or resources) that are not operated by us. Please note that we have no control over the content and privacy practices of these external sites, and we cannot accept responsibility or liability for their respective privacy policies.

10. Children’s Data Protection

In compliance with Section 9 of the DPDP Act 2023, we do not knowingly collect or process personal data of children under the age of 18 without verifiable parental consent. We do not track children’s behavior or serve targeted advertisements on our platform. If you believe your child has shared personal info with us, let us know immediately and we will delete it.

11. Governing Law & Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of India. Any legal actions, disputes, or claims arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts located in Sonbhadra, Uttar Pradesh, India.

12. Severability

If any provision of this Privacy Policy is found by a court of competent jurisdiction to be invalid, illegal, or unenforceable, such provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions of this Policy shall remain in full force and effect.

13. Grievance Redressal & DPBI Escalation

In compliance with the Information Technology Rules, 2011 and the DPDP Act, 2023, we have appointed a Grievance Officer to address any questions or complaints regarding your personal data.

If you have any concerns, you can contact our Grievance Officer directly:

Grievance Officer: Anish Kushawaha
Designation: Data Protection Grievance Officer
Devzuno Technologies
Office Address: Plot No. 41, Ground Floor, Sirpalpur, Robertsganj, Sonbhadra, Uttar Pradesh – 231216, India
Email: support@devzuno.com
Phone: +91 92193 17352

We will review and resolve your grievances within 30 days of receiving your request. If you are not satisfied with the resolution provided by our Grievance Officer, you have the right under Section 13 of the DPDP Act to escalate your complaint to the Data Protection Board of India (DPBI).

Scroll to Top