DX
DevStepX
Legal Document

Privacy Policy

This policy explains how DevStepX collects, uses, and protects your personal information.

DevStepX ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website at devstepx.com, request a quote, engage our software development services, or communicate with us. Please read this policy carefully.

By using our website or services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide Directly

  • Contact details: name, email address, phone number, company name
  • Project information submitted via contact or quote forms
  • Communication history: emails, messages, meeting notes
  • Account credentials if you access a client portal or project management tool
  • Payment and billing information (processed securely by third-party payment providers)
  • NDA and contractual documents

1.2 Information Collected Automatically

  • IP address, browser type, operating system
  • Pages visited, time on site, referral URLs
  • Device identifiers
  • Cookies and similar tracking technologies (see Section 9)

1.3 Information from Third Parties

  • Business contact details from platforms such as LinkedIn or Upwork
  • Analytics data from Google Analytics
  • Referral information from partners

2. How We Use Your Information

We use your information to:

  • Respond to enquiries and deliver our software development services
  • Prepare and deliver project proposals, quotes, and invoices
  • Communicate project progress, milestones, and deliverables
  • Manage contractual relationships and billing
  • Improve our website, services, and user experience
  • Send service-related emails and important notices
  • Send occasional marketing communications (only with your consent)
  • Comply with legal obligations and enforce our agreements
  • Detect and prevent fraud or unauthorised access

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or UK, we process your data under the following legal bases:

  • Contract performance: processing necessary to deliver our services to you
  • Legitimate interests: improving our services, fraud prevention, security
  • Legal obligation: compliance with applicable laws
  • Consent: marketing communications and non-essential cookies

4. Sharing Your Information

We do not sell your personal data. We may share it with:

  • Service providers: hosting (Vercel/AWS), email (Google Workspace), project management (e.g. Jira, Slack), payment processors — bound by data processing agreements
  • Sub-contractors: developers or specialists engaged on your project, under confidentiality obligations
  • Legal authorities: where required by law, court order, or to protect rights and safety
  • Business transfers: in the event of a merger, acquisition, or sale of assets

All third-party service providers are contractually required to protect your data and may only process it for the purposes we specify.

5. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Specifically:

  • Client project data: retained for 7 years after project completion for accounting and legal purposes
  • Contact form submissions: 2 years if no engagement follows
  • Website analytics: 26 months (Google Analytics default)
  • Email correspondence: 3 years after last contact
  • Marketing opt-in data: until you unsubscribe or withdraw consent

6. Security Measures

We implement industry-standard technical and organisational measures to protect your personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction. These include:

  • HTTPS/TLS encryption for all data in transit
  • Encrypted storage for sensitive data at rest
  • Role-based access controls limiting staff access to data
  • Multi-factor authentication on internal systems
  • Regular security reviews and penetration testing
  • Signed NDAs with all team members and sub-contractors

No method of transmission over the Internet or electronic storage is 100% secure. While we use commercially acceptable means to protect your data, we cannot guarantee absolute security.

7. International Data Transfers

DevStepX operates globally. If you are located in the EEA or UK, your data may be transferred to countries outside those regions. Where such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

8. Your Rights

Depending on your location, you may have the right to:

  • Access: request a copy of the personal data we hold about you
  • Rectification: request correction of inaccurate or incomplete data
  • Erasure: request deletion of your personal data ("right to be forgotten")
  • Restriction: request that we restrict processing of your data
  • Portability: receive your data in a structured, machine-readable format
  • Object: object to processing based on legitimate interests or for direct marketing
  • Withdraw consent: where processing is based on consent, withdraw it at any time
  • Lodge a complaint: with your national data protection authority

To exercise any of these rights, please contact us at info@devstepx.com. We will respond within 30 days.

9. Cookies & Tracking

We use cookies and similar technologies to operate our website, analyse traffic, and personalise content. You can manage your cookie preferences at any time. For full details, please read our Cookie Policy.

10. Children's Privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.

11. Third-Party Links

Our website may contain links to third-party websites (e.g. Calendly, Upwork, LinkedIn). We are not responsible for the privacy practices or content of those sites. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or a prominent notice on our website. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of our services after changes take effect constitutes acceptance of the revised policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:

DevStepX

Email: info@devstepx.com

Phone: +92 3077087367

Contact form →