Devlog.ist

Privacy Policy

Last updated: 2026-01-19

At Devlog.ist, we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, in compliance with international data protection regulations.

1. Legal Framework and Compliance

This Privacy Policy is designed to comply with the following international data protection regulations:

GDPR (General Data Protection Regulation)

European Union Regulation 2016/679, applicable to all EU/EEA residents.

CCPA (California Consumer Privacy Act)

California Civil Code §§ 1798.100-1798.199, applicable to California residents.

LGPD (Lei Geral de Proteção de Dados)

Brazilian Law No. 13,709/2018, applicable to Brazilian residents.

PIPEDA (Personal Information Protection and Electronic Documents Act)

Canadian federal privacy law applicable to Canadian residents.

UK GDPR

United Kingdom General Data Protection Regulation, applicable to UK residents post-Brexit.

2. Data Controller

Devlog.ist is the data controller responsible for your personal data. For any privacy-related inquiries, you can contact us at:

Email: gerardo@devlog.ist

3. Personal Data We Collect

We collect the following categories of personal data:

3.1 Identity Data

  • Full name
  • Username
  • Profile picture/avatar
  • GitHub username and ID

3.2 Contact Data

  • Email address
  • Social media profiles (LinkedIn, GitHub)

3.3 Technical Data

  • IP address
  • Browser type and version
  • Operating system
  • Device information
  • Time zone and location data
  • Cookie identifiers

3.4 Usage Data

  • Pages visited and features used
  • Time spent on the platform
  • Click patterns and navigation paths
  • Error logs and performance data

3.5 Content Data

  • Projects and portfolios you create
  • Posts and publications
  • Code repositories connected via GitHub
  • Any other content you submit to the platform

3.6 Third-Party Data

  • Data from GitHub (repositories, commits, profile)
  • Data from LinkedIn (profile, connections) if connected
  • Payment information processed by Stripe

4. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

Consent (Art. 6(1)(a))

When you explicitly agree to the processing, such as accepting cookies or connecting third-party accounts.

Contract Performance (Art. 6(1)(b))

Processing necessary to provide our services as agreed in the Terms and Conditions.

Legal Obligation (Art. 6(1)(c))

Processing required to comply with legal requirements (e.g., tax records, fraud prevention).

Legitimate Interests (Art. 6(1)(f))

Processing necessary for our legitimate business interests, such as improving our services, security, and analytics, provided these do not override your fundamental rights.

5. Purposes of Data Processing

We use your personal data for the following purposes:

  • Providing and maintaining our services
  • Managing your account and authentication
  • Communicating with you about updates, support, and marketing (with consent)
  • Personalizing your experience on the platform
  • Analyzing usage patterns to improve our services
  • Ensuring platform security and preventing fraud
  • Complying with legal obligations
  • Training and improving our AI/ML models (with anonymized data)

6. Data Sharing and Disclosure

We may share your personal data with:

6.1 Service Providers

  • Cloud hosting providers (for data storage)
  • Payment processors (Stripe)
  • Analytics providers
  • Email service providers

6.2 Third-Party Integrations

When you connect third-party services (GitHub, LinkedIn), data is shared according to their respective privacy policies.

6.3 Legal Requirements

We may disclose data when required by law, court order, or to protect our legal rights.

6.4 Business Transfers

In case of merger, acquisition, or sale of assets, your data may be transferred to the successor entity.

We do not sell your personal data to third parties.

7. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction. When transferring data outside the EU/EEA, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection
  • Binding Corporate Rules where applicable
  • Your explicit consent for specific transfers

8. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy:

  • Account data: Retained while your account is active
  • After account deletion: Personal data deleted within 30 days, except where legal retention is required
  • Legal/tax records: Retained for the legally required period (typically 5-7 years)
  • Anonymized/aggregated data: May be retained indefinitely for analytics purposes

9. Your Data Protection Rights

Depending on your jurisdiction, you have the following rights:

9.1 Rights under GDPR (EU/UK Residents)

  • Right of Access (Art. 15): Obtain a copy of your personal data
  • Right to Rectification (Art. 16): Correct inaccurate data
  • Right to Erasure (Art. 17): Request deletion of your data ("Right to be Forgotten")
  • Right to Restriction (Art. 18): Limit how we process your data
  • Right to Data Portability (Art. 20): Receive your data in a structured format
  • Right to Object (Art. 21): Object to processing based on legitimate interests
  • Rights related to Automated Decision-Making (Art. 22): Not be subject to solely automated decisions

9.2 Rights under CCPA (California Residents)

  • Right to Know: What personal information we collect and how it is used
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale of personal information (we do not sell data)
  • Right to Non-Discrimination: Equal service regardless of exercising your rights

9.3 Rights under LGPD (Brazilian Residents)

  • Confirmation of data processing
  • Access to your data
  • Correction of incomplete or inaccurate data
  • Anonymization, blocking, or deletion of unnecessary data
  • Data portability
  • Deletion of data processed with consent
  • Information about third parties with whom data is shared
  • Revocation of consent

To exercise any of these rights, please contact us at gerardo@devlog.ist. We will respond within the legally required timeframe (typically 30 days for GDPR, 45 days for CCPA).

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Essential: Enable core functionality and security
  • Analytics: Understand how visitors use our platform
  • Preferences: Remember your settings and preferences

You can control cookies through your browser settings or our cookie consent banner. Note that disabling certain cookies may affect platform functionality.

11. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit (TLS/SSL) and at rest
  • Regular security assessments and audits
  • Access controls and authentication mechanisms
  • Employee training on data protection
  • Incident response procedures

In case of a data breach affecting your rights, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

12. Children's Privacy

Our services are not directed to individuals under 16 years of age (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through a prominent notice on our platform. The "Last updated" date at the top indicates when this policy was last revised.

14. Data Protection Officer

For privacy-related inquiries or to exercise your rights, contact our Data Protection Officer:

Email: gerardo@devlog.ist

15. Complaints and Supervisory Authorities

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority:

  • EU Residents: Your local Data Protection Authority (DPA)
  • UK Residents: Information Commissioner's Office (ICO)
  • California Residents: California Attorney General
  • Brazilian Residents: Autoridade Nacional de Proteção de Dados (ANPD)

We encourage you to contact us first at gerardo@devlog.ist so we can address your concerns directly.

16. Contact Information

For any questions about this Privacy Policy or our data practices:

Email: gerardo@devlog.ist

General inquiries: gerardo@devlog.ist

By using Devlog.ist, you acknowledge that you have read and understood this Privacy Policy.