Privacy Policy
Last Updated: 01 May 2026
This Privacy Policy explains how Devflow Studio LLC ("Devflow Studio," "we," "us," or "our") collects, uses, shares, and protects personal information through our website at devflow.inc, our communications, and our related business operations. Please read this policy carefully. If you have questions, you may contact us using the information provided at the end of this policy.
1. Information we collect
We collect information in two ways: information you give us directly, and information collected automatically when you use our website.
Information you provide directly
When you fill out a contact form, submit an inquiry, or engage with us regarding our services, you may provide us with:
- Your name
- Your company name
- Your business email address
- Your phone number, if you choose to include it
- Any other information you voluntarily include in your message
When you engage us for paid services and payment is processed, additional billing information is collected by our payment processors on our behalf, including your billing name, billing address, and transaction details. We do not collect or store payment card numbers on our servers — this information is handled entirely by our payment processors as described in Section 4.
Information collected automatically
When you visit devflow.inc, we automatically collect some technical information about your visit. This happens through the tools we use to run and improve our website, and this includes:
- IP address
- Browser type and version
- Device type and operating system
- Which pages you viewed and how long you spent on them
- The website or link that brought you here
- Your approximate location based on your IP address (city or country level — not precise location)
- How you interact with the site, like what you click and how you navigate
- Whether you started or completed a contact form
- How you found us (for example, through a Google search or a paid ad)
- A unique identifier assigned by our analytic s tools so we can recognize returning visitors
We can’t identify you personally from this data alone unless you've also filled out a form or contacted us directly. More detail on the tools that collect this information is in Section 3.
2. Why we collect this information
We only collect information we actually need, and we only use it for the reasons listed here.
To reply to you and evaluate your project.
When you reach out through our website, we use your information to respond to your message and get a sense of whether we’re a good fit for what you need. This is a normal part of running a business — it's what's called a “legitimate interest” in privacy law.
To deliver our services.
When you hire us, we use your contact and business information to do the work — communicating with you, sending proposals, issuing invoices, and managing the project from start to finish. We process this information because it's necessary to fulfill our agreement with you.
To process payments.
We use billing and transaction information to collect payment for our services and keep accurate financial records. This is both a contractual necessity and a legal requirement — we're required to retain certain financial records for tax and accounting purposes.
To keep our website running and improve it.
We use the technical data we collect automatically to understand how people use our site, fix problems, and make it better over time. We do this because we have a legitimate interest in maintaining a website that actually works well.
To support our marketing and sales.
We may use contact and behavioral data to track how people find us, measure how well our marketing is working, and manage our pipeline of potential clients. We have a genuine business interest in understanding what’s working and what isn’t — though you have the right to object to this use at any time, as described in Section 8.
To comply with the law.
Some information we hold onto simply because the law requires it — for example, financial and tax records that we're obligated to keep for a certain period.
To protect our business and prevent misuse.
We may use information to detect fraud, enforce our Terms of Service, and keep our website and systems secure. This comes down to keeping our business safe and making sure the people who interact with us are protected too.
3. Analytics & Tracking Tools
We use a handful of third-party tools to understand how our website is performing and to support our marketing and sales operations. Each of these tools collects some data about your visit automatically. Here's what each one does and what it collects.
Google Analytics (GA4)
Google Analytics helps us understand how people find and use our website — things like which pages get the most traffic, how long people stay, and where they came from. It collects your IP address (anonymized by default), browser and device information, pages you visited, and approximate location. Google processes this data on its own servers, which may be located in the United States or other countries.
You can learn more at Google’s Privacy Policy.
Google Tag Manager
Google Tag Manager is how we deploy and manage the other tracking tools on this list. It doesn’t collect personal information on its own — think of it as the system that loads everything else. But because it fires the other tools, it plays a role in the overall data collection described here.
PostHog
PostHog helps us understand how visitors interact with our site at a more detailed level — which features get used, where people drop off, and how navigation flows work. It collects session and device identifiers, pages and features accessed, click and navigation patterns, and session recordings where configured. PostHog may process data on servers in the United States or the European Union depending on our configuration.
You can learn more at PostHog’s Privacy Policy.
HubSpot
HubSpot is our CRM — it’s where we manage our relationships with potential and current clients. When you fill out a contact form on our website, your information goes into HubSpot. It also tracks website activity for known contacts, like which pages someone visited before reaching out. HubSpot collects name, email, company, IP address, and engagement data like whether you opened an email from us.
You can learn more at HubSpot’s Privacy Policy.
Adding new tools
We may add other tools over time. When that happens, we’ll update this policy to reflect it. If the new tool changes how your data is handled in any significant way, we’ll notify you before it takes effect.
4. Payments & Billing
If you hire us for paid services, we use third-party providers to handle invoicing and payment collection. Here’s who they are and what they do with your information.
Stripe
We use Stripe to process card payments. When you pay by card, your payment information goes directly to Stripe — we never see or store your card number on our end. Stripe collects and processes payment card details, billing information, IP address, device data, and transaction history. Stripe uses this information to process your payment, prevent fraud, and meet its own legal and compliance obligations. Stripe may transfer and store your data in the United States and other countries.
You can learn more at Stripe’s Privacy Policy.
Harvest
We use Harvest to track project time and generate invoices. When we issue you an invoice, it comes through Harvest and may include your name, company name, email address, and details of the services provided. Harvest invoices can also be connected to Stripe for card payment collection.
You can learn more at Harvest’s Privacy Policy.
Wise
For certain international or bank-transfer payments, we may use Wise. Wise collects the information needed to facilitate the transfer, including business account details, transaction amounts, and identity verification information where required by financial regulations. Wise processes personal data as a regulated financial institution and is subject to its own legal obligations.
You can learn more at Wise’s Privacy Policy.
When your payment information is handled by any of these providers, it is subject to their own privacy practices and terms of service in addition to this policy.
5. How We Share Information
We do not sell your personal information. We share information only in the following limited circumstances.
With our service providers.
We work with third-party companies that help us operate our website and run our business — things like analytics, CRM, invoicing, and payment processing. The tools we use are described in Sections 3 and 4. These providers only receive the information they need to do their job, and they are not permitted to use it for their own purposes.
When required by law.
We may disclose information if we are required to do so by a court order, legal process, or government request, or if we believe disclosure is necessary to comply with applicable law or to protect the rights, property, or safety of our business or others.
To protect our rights.
We may share information when we believe it is necessary to enforce our Terms of Service, investigate potential violations, or prevent fraud, security threats, or illegal activity.
In connection with a business transfer.
If Devflow Studio is ever involved in a merger, acquisition, sale of assets, or similar transaction, your information may be transferred as part of that process. If this happens, we will make reasonable efforts to notify you before your information becomes subject to a different privacy policy.
With your consent.
Outside of the circumstances above, we will not share your personal information with anyone without your consent.
6. Data Retention
We retain personal information for as long as necessary to fulfill the purposes described in this policy, including to respond to inquiries, deliver our services, comply with legal obligations, resolve disputes, and enforce our agreements.
As a general guide:
| Information type | Typical retention period |
|---|---|
| Contact form inquiries | Up to 12 months unless an engagement follows |
| Client contact and project information | Duration of engagement plus up to 5 years |
| Financial records and invoices | 7 years as required by applicable tax law |
| Payment transaction records | 7 years |
| Website analytics data | Per tool configuration — typically up to 14 months for Google Analytics; PostHog and HubSpot per account settings |
| Marketing and CRM data | Until you unsubscribe or request deletion |
| Security and fraud prevention logs | Up to 12 months |
Actual retention periods may vary based on legal requirements, the nature of our relationship with you, and operational needs. When information is no longer needed and no legal obligation requires us to keep it, we delete it or anonymize it so it can no longer be linked to you.
7. Cookies and similar technologies
Like most websites, devflow.inc uses cookies and similar technologies. These are small files or identifiers stored on your browser or device that help our tools recognize you and track how you interact with our site.
We use three types of cookies:
Strictly necessary cookies
These are required for the website to function. Without them, basic things like page loading and form submission may not work properly. These cannot be turned off.
Analytics cookies
These help us understand how visitors use our site — which pages are popular, how long people stay, and where they came from. We use these through Google Analytics and PostHog. You can opt out of analytics cookies through your browser settings or through Google's opt-out tools.
Marketing and CRM cookies
These are set by HubSpot and help us track how potential clients interact with our website over time — for example, connecting a form submission to earlier visits. If you prefer not to be tracked this way, you can opt out through HubSpot’s cookie preference tools or by adjusting your browser settings.
Most browsers allow you to control cookies through their settings. Disabling cookies may affect how some parts of our website work. For more information on managing cookies, visit www.allaboutcookies.org.
8. Your Rights
Depending on where you are located, you may have certain rights over the personal information we hold about you. We take these rights seriously and will respond to any request within a reasonable time — and in any case within the timeframe required by applicable law.
Right to access
You can ask us what personal information we hold about you and request a copy of it.
Right to correction
If any information we hold about you is inaccurate or incomplete, you can ask us to correct it.
Right to deletion
You can ask us to delete your personal information. We will do so unless we are required to keep it for legal or legitimate business reasons, such as outstanding invoices or legal disputes.
Right to restriction
You can ask us to limit how we use your information in certain circumstances — for example, while a correction request is being resolved.
Right to object
You can object to our use of your information for marketing or sales purposes at any time. Once you do, we will stop using it for those purposes.
Right to data portability
Where technically possible, you can ask us to provide your personal information in a structured, commonly used format so you can transfer it to another service.
Right to withdraw consent
Where we rely on your consent to process your information, you can withdraw that consent at any time. Withdrawing consent does not affect anything we did before you withdrew it.
Right to file a complaint
You also have the right to lodge a complaint with the data protection or consumer protection authority in your country or region. We would always appreciate the chance to address your concern directly first — please reach out to us at [email protected] before escalating. To exercise any of these rights, contact us at [email protected]. We may ask you to verify your identity before we process your request.
9. Data Security
We take reasonable steps to protect your personal information from unauthorized access, loss, misuse, or disclosure. This includes administrative, technical, and organizational measures appropriate to the nature of the information we hold.
In practice, this means:
- Data transmitted between your browser and our website is encrypted using HTTPS
- Access to personal information within our systems is limited to people who need it to do their job
- Our payment processing is handled entirely by Stripe and Wise, which maintain their own security programs and compliance certifications
- We periodically review our practices and the tools we use to make sure they continue to meet reasonable security standards
That said, no method of transmitting or storing data over the internet is completely secure. We cannot guarantee absolute security, and we encourage you to take reasonable precautions on your end as well — like using a strong password if you create an account with any of the tools we use.
If we ever become aware of a security incident that affects your personal information, we will notify you and any relevant authorities as required by applicable law.
10. International Transfers
Devflow Studio is based in the United States, and the information we collect is primarily processed and stored here. Some of our third-party tools — including Stripe, Google Analytics, HubSpot, and PostHog — may also process or store data in other countries as part of their own operations.
If you are accessing our website from outside the United States, please be aware that your information may be transferred to and processed in a country whose data protection laws differ from those in your own. Where our service providers transfer data internationally, they do so under appropriate safeguards — such as standard contractual clauses or recognized data transfer frameworks — in accordance with applicable law.
By using our website, you acknowledge that your information may be processed in the United States and other countries as described in this policy.
11. Children’s Privacy
Our website and services are intended for businesses and professionals. We do not direct our services to children under the age of 13, and we do not knowingly collect personal information from anyone under 13.
If you believe we have inadvertently collected information from a child under 13, please contact us at [email protected] and we will delete it promptly.
12. Changes to This Policy
This policy may be updated periodically to reflect changes in our business or applicable law. Updates will be reflected in the “Last Updated” date at the top of this page.
If we make a change that significantly affects how your data is handled, we will notify you by email or by posting a notice on our website at least 30 days before the change takes effect. For smaller updates — like correcting a typo or clarifying existing language — we may update the policy without separate notice.
Your continued use of our website after an updated policy takes effect means you accept the changes, to the extent permitted by applicable law.
13. Contact Us
If you have questions about this policy, want to understand how your information is used, or want to exercise any of your rights, please reach out to us.
Data Protection Officer
Devflow Studio LLC [email protected]
Mailing address
Devflow Studio LLC 7901 4th St N, Suite 300 St. Petersburg, FL 33702 United States
We will do our best to respond to all privacy-related inquiries within 30 days.