Privacy Policy

DEVIX distinguishes between three types of users, each covered by this Privacy Policy:

• Business Owner (Owner) — businesses with full admin access to the support platform and management of the dashboard.
• Team Technician (Technician) — staff members assigned by the Owner within Business and Team plans.
• End Client — customers of the technician who submit service requests via the public portal.

During registration and ongoing use, DEVIX collects:

• Business name, email address, and bcrypt-hashed password (cost 12)
• Registration date and last login date
• IP address of the last login session (for security purposes)

End clients who submit service requests via the portal provide the following personal details: full name, phone number, email address, issue description, operating system, and preferred contact method. The client's IP address is also recorded automatically for security purposes.

All ticket data is stored exclusively within the secured environment of the relevant technician's account and is not shared with third parties. Access to ticket data is limited to the account owner, their authorized team members, and platform administrators acting in a technical support capacity.

Data collected from business owners is used for the following purposes:

• Account authentication and session management
• Platform administration and feature access control
• Subscription plan management
• Technical support and service communications

Each account stores its data in a dedicated SQLite database file on disk. There is no sharing of tables or data between different accounts. Every API request is validated against the authenticated account before any operation is performed.

Files uploaded by end clients are stored in a dedicated uploads folder within the technician's account. Before storage, each file undergoes magic-byte validation (not just extension checking). JPEG images have EXIF metadata automatically stripped to prevent leakage of GPS coordinates or personal information. Only image formats (JPEG, PNG, WebP) are accepted.

Business owners who configure a Webhook can transfer ticket data (name, email, description) to an external service they have set up. DEVIX is not responsible for how the third-party service handles the data. Every outgoing Webhook payload is signed with HMAC-SHA256 to allow the receiving service to verify the source.

DEVIX does not use cookies. Session tokens are stored in the browser's sessionStorage and are cleared automatically when the session ends. No tracking, behavioral profiling, or third-party analytics are performed.

Ticket data is retained for as long as the account is active. When an account is deleted (via account settings or by a Super Admin), all data — including the database, attached files, and account folder — is immediately and permanently deleted and cannot be recovered. Deletion can be requested by contacting [email protected].

Data is stored on a Rocky Linux server on a local network, exposed to the internet only through a Cloudflare Tunnel. Cloudflare provides TLS termination, DDoS protection, and a Web Application Firewall (WAF). Direct access to the server is restricted to authorized parties only.

For any privacy inquiries, data deletion requests, or questions about data processing: [email protected]