Privacy Policy

Last updated: May 2026

DevOpser LLC ("DevOpser", "we", "us", or "our") operates the DevOpser Lite platform ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly, including:

Account information -email address, name, and authentication credentials (password hash or OAuth tokens)
Website content -text, images, designs, and configurations you create using our builder
Domain registration data -if you purchase a domain through us, we collect your full name, organization (if applicable), email address, phone number, and physical address as required by ICANN domain registration regulations
Payment information -processed by Stripe, Inc. We do not store credit card numbers. We receive billing identifiers, plan details, and transaction status from Stripe
Communications -messages you send to our support team
Team and collaboration data -email addresses and roles of team members you invite

1.2 Information Collected Automatically

When you use our Service, we automatically collect:

Log data -IP address, browser type, operating system, referring URLs, and pages visited
Device information -device type, screen resolution, and language preferences
Session data -authentication state maintained via encrypted session cookies
Usage analytics -feature usage patterns, click events, and page navigation to improve the Service (via PostHog)
Session recordings -recordings of your screen interactions within the Service (mouse movements, clicks, scrolling, and page content) to help us identify usability issues and improve the user experience. Session recordings may capture text you type into forms and other on-screen content. We configure PostHog to mask sensitive input fields (such as passwords) where possible
Advertising and conversion measurement -when you grant consent via our cookie banner, we share information with third-party advertising platforms (TikTok, Meta, Taboola) to measure the effectiveness of advertising campaigns and to understand how visitors interact with ads that brought them to our Service. The data shared includes: page visited, referring URL, IP address, user agent, browser-platform click identifiers (such as ttclid), and -on conversion events (sign-up, site generation, site publication, checkout, purchase) -a SHA-256 hashed copy of your email address and an opaque hashed user identifier. Hashing is performed before transmission. We send these conversion events both client-side (browser pixel) and server-side (via TikTok Events API, Meta Conversions API, etc.) so that ads can be attributed even when client-side tracking is blocked. We do not transmit your raw email address, phone number, payment card details, or the contents of your prompts or websites to advertising platforms

1.3 Information Collected on Your Behalf

When visitors interact with websites you build using DevOpser Lite, we collect on your behalf:

Lead form submissions -all data submitted through contact forms on your site (names, emails, phone numbers, messages, and any custom fields you configure)
Visitor analytics -anonymized page views, unique visitors, and conversion rates
Visitor metadata -IP addresses, user agents, and referrer URLs associated with form submissions

You are the data controller for data collected through your websites. See Section 10 for your obligations.

1.5 Lead Data Sharing via Automations

The Service includes automation features (webhooks, Slack integrations, and other third-party connections) that allow you to send lead data collected through your websites to external services of your choosing. When you configure such automations, lead data (including names, emails, phone numbers, and form submissions) is transmitted to the third-party services you specify. You are the data controller for these transfers and are responsible for ensuring they comply with applicable data protection laws. See Section 10 for your obligations.

1.4 AI-Related Data

When you use our AI website builder or chat features, the text you provide (prompts, instructions, and conversation history) is sent to AI language model services for processing. We do not use your content to train AI models. See Section 5 for details on which services process this data.

2. How We Use Your Information

We use the information we collect to:

Provide, operate, maintain, and improve the Service
Process transactions and manage your subscription
Register and manage domain names on your behalf
Generate and host websites using AI assistance
Deliver lead form submissions and analytics to you
Send transactional emails (verification codes, lead notifications, auto-responders, team invitations)
Send technical notices, security alerts, and support messages
Detect, prevent, and address fraud, abuse, and security issues
Comply with legal obligations

3. Legal Basis for Processing (EEA/UK/Israel)

If you are in the European Economic Area, United Kingdom, or Israel, our legal bases for processing your data are:

Performance of a contract -processing necessary to provide the Service you signed up for (account management, hosting, domain registration, billing)
Legitimate interests -improving the Service, preventing fraud, and ensuring security, where these interests are not overridden by your rights
Consent -where you have given explicit consent, such as opting into marketing communications. You may withdraw consent at any time
Legal obligation -processing required to comply with applicable laws (e.g., tax records, ICANN requirements)

4. Cookies and Tracking Technologies

We use the following cookies and similar technologies:

Session cookie (essential) -maintains your authenticated session. HTTP-only, secure, expires when your session ends or after the configured timeout
Language preference cookie (lang) -stores your language selection (English or Hebrew). Persists for 1 year
PostHog analytics cookies (functional) -PostHog sets cookies to identify unique users, track sessions, and support session recording functionality. These cookies are used solely for product analytics and improving the Service. For details, see PostHog's privacy policy
Advertising and measurement pixels (advertising) -with your consent, we load tracking pixels operated by TikTok, Meta (Facebook), and Taboola. These platforms set their own cookies (for example, TikTok's _ttp and ttclid; Meta's _fbp; Taboola's t_gid and similar) to recognise return visitors, measure conversions from advertising campaigns, and -depending on your separate ad-platform settings -personalise advertising. These cookies are used for cross-site advertising tracking. The pixels do not load until you accept the cookie banner; if you decline, no advertising cookies are set and no data is sent to advertising platforms by your browser. For details, see each platform's privacy policy: TikTok, Meta, Taboola

You can control cookies in three ways:

Granular consent at first visit. EU/EEA visitors see a cookie banner with three categories — Strictly necessary (always on), Analytics (PostHog), and Marketing (TikTok, Meta, Taboola). You can Accept all, Reject all, or open Customize to toggle Analytics and Marketing independently.
Re-open the preferences panel any time. A small "Cookie preferences" button is anchored in the corner of every page. Click it to change your choices. Withdrawing consent is as easy as granting it (GDPR Art. 7(3)).
Browser controls. You may also clear the consent_analytics and consent_marketing entries in your browser's local storage and cookie store; the next page load will re-prompt you.

Disabling the session cookie will prevent you from using the Service while logged in.

Independently of the browser pixels above, when you complete a conversion event in our Service (sign-up, site generation, site publication, checkout, or purchase) we may also send an event server-side -that is, directly from our servers to the advertising platform's servers -using the platform's conversions API (for example, the TikTok Events API). The data sent server-side is described in Section 1.2. This pathway is used for ad-effectiveness measurement and ad delivery optimisation; it does not involve a cookie on your browser.

5. Third-Party Service Providers

We share information with the following categories of service providers, solely to operate the Service:

Provider	Purpose	Data Shared
Amazon Web Services (AWS)	Cloud hosting, site deployment, email delivery, domain registration, file storage, AI processing, container hosting, CDN distribution	All data necessary to operate the Service, including account data, site content, lead data, emails, domain WHOIS info, and AI conversation content
Stripe, Inc.	Payment processing	Email, name, plan selection. Stripe collects payment card information directly -we never receive or store card numbers
Google (OAuth)	Optional sign-in authentication	If you choose to sign in with Google: email, name, Google account ID
Apple / Google Play	In-app purchase processing (mobile app)	Transaction identifiers and subscription status
PostHog, Inc.	Product analytics and session recording	Usage events, page views, device information, IP address (anonymized), and session recordings (mouse movements, clicks, scrolling, and visible page content)
TikTok Pte. Ltd. / TikTok Inc.	Advertising measurement, conversion tracking, and ad-delivery optimisation (TikTok Pixel and TikTok Events API)	With your consent: page URL, referrer, IP address, user agent, TikTok click identifier (`ttclid`), and TikTok pixel cookie (`_ttp`). On conversion events (sign-up, site generation, site publication, checkout, purchase): a SHA-256 hashed copy of your email address, a SHA-256 hashed opaque user identifier, transaction value, and currency. Raw email, phone, payment information, prompt content, and website content are never shared
Meta Platforms, Inc.	Advertising measurement and conversion tracking (Meta Pixel)	With your consent: page URL, referrer, IP address, user agent, Meta browser cookie (`_fbp`), and Facebook click identifier (`fbclid`) when present. Conversion events include event name and value. Raw email, phone, and payment information are not shared
Taboola Inc.	Advertising measurement and conversion tracking (Taboola Pixel)	With your consent: page URL, referrer, IP address, user agent, and Taboola tracking cookies. Conversion events include event name and -where applicable -order value

We do not sell your personal information to any third party. We do, however, share advertising-measurement data with the platforms listed above; under certain US state privacy laws (including the California Consumer Privacy Act as amended by the CPRA, and similar Colorado, Connecticut, Virginia, and Utah laws) this kind of sharing may be classified as "sharing for cross-context behavioral advertising" or as "targeted advertising." If you are a resident of a US state with such rights, you may opt out by declining the cookie banner or by emailing info@devopser.io with the subject line "Do Not Share."

6. International Data Transfers

Your data may be processed in AWS data centers outside your country of residence, including in the United States and other regions. When we transfer data outside the EEA/UK/Israel, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission
AWS's compliance with relevant data protection frameworks
Stripe's compliance with relevant data protection frameworks
PostHog's compliance with relevant data protection frameworks
The data-transfer mechanisms published by TikTok, Meta, and Taboola for the advertising-measurement data described in Sections 1.2, 4, and 5

7. Data Retention

Account data -retained while your account is active. Upon account deletion, personal data is anonymized (see Section 9)
Website content and leads -retained while your account is active. Leads are anonymized upon account deletion
Domain registration data -retained for the duration of your domain registration as required by ICANN
Payment records -retained for the period required by applicable tax and financial laws (typically 7 years)
Session data -automatically expires after 1 day
Server logs -retained for up to 90 days for security and debugging

8. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

Encryption in transit (TLS/SSL) and at rest
Two-factor authentication (MFA) available for all accounts
Strict Content Security Policy (CSP) on all pages
Credential storage via AWS Secrets Manager
Session cookies configured with httpOnly, secure, and sameSite attributes
Rate limiting and CSRF protection on all endpoints

No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Account Deletion and Data Removal

You may delete your account at any time from the Account Settings page. When you delete your account, we:

Remove all deployed website infrastructure (hosting, containers, SSL certificates)
Delete user-uploaded images from cloud storage
Anonymize all lead data (form submissions, IP addresses, notes)
Delete automations, API connections, and execution history
Remove team memberships
Delete conversation history
Anonymize your user record (email, name, authentication credentials, OAuth IDs, and MFA secrets are cleared)
Close associated AWS sub-accounts

Domain registrations cannot be immediately deleted due to ICANN regulations. Registered domains remain active until their expiration date.

10. Your Obligations as a Site Owner

When you use DevOpser Lite to build websites that collect visitor information (via contact forms, lead capture, etc.), you act as the data controller for that visitor data. You are responsible for:

Providing your website visitors with an appropriate privacy notice
Obtaining any required consent for data collection
Responding to data subject requests from your visitors
Complying with all applicable privacy laws in your jurisdiction and the jurisdictions of your website visitors
Ensuring that any automations you configure to share lead data with third-party services (via webhooks, Slack, or other integrations) comply with applicable data protection laws, including having a lawful basis for the transfer and appropriate data processing agreements with the receiving parties

11. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access -request a copy of the personal data we hold about you
Rectification -request correction of inaccurate data
Erasure -request deletion of your data (see Section 9)
Restriction -request that we limit processing of your data
Portability -request your data in a structured, machine-readable format
Objection -object to processing based on legitimate interests
Withdraw consent -where processing is based on consent

To exercise any of these rights, contact us at info@devopser.io. We will respond within 30 days (or within the timeframe required by applicable law).

If you are in the EEA, you have the right to lodge a complaint with your local data protection authority. If you are in Israel, you may contact the Israeli Privacy Protection Authority (PPA).

12. Children's Privacy

Our Service is not intended for individuals under 16 years of age (or under 13 in jurisdictions where that is the applicable threshold). We do not knowingly collect personal information from children. If we learn that we have collected data from a child below the applicable age, we will delete it promptly.

13. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users without undue delay and, where required by law, notify the relevant supervisory authority within 72 hours of becoming aware of the breach.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: info@devopser.io