Privacy Policy

Effective date: 23 May 2026

This Privacy Policy describes how Dyvice ("we", "us", "our") collects, uses, stores, and shares your information when you use our IoT analytics platform at https://dyvice.com (the "Service"). By using the Service, you agree to the practices described below.

1. Information We Collect

1.1 Account information

When you create an account, we collect your email address, a hashed password, and an optional display name. If you sign in with Google or GitHub Single Sign-On, we receive your email address, name, and profile picture from the identity provider.

1.2 Device and sensor data

The Service stores time-series data points (numeric values and timestamps) that your IoT devices publish via MQTT, HTTP, CoAP, or LoRaWAN. We also store the channel and field metadata you configure (names, units, geolocation if provided).

1.3 Integration credentials

When you connect a third-party integration (Slack, Microsoft Teams, Zapier, Home Assistant, Google Sheets, Airtable, etc.), we store the credentials, webhook URLs, OAuth access tokens, or API keys required to communicate with that service. OAuth tokens and other secrets are encrypted at rest.

1.4 Technical data

We log request metadata (IP address, user-agent, timestamp, endpoint) for security monitoring, abuse prevention, and debugging. We use a small number of cookies and browser-local storage for session management.

2. How We Use Information

To operate the Service: authenticate you, store and display your data, run alert rules, deliver notifications, and execute integrations you have configured.
To secure the Service: detect abuse, enforce rate limits, investigate incidents, and maintain audit logs.
To communicate with you about your account, security alerts, and service-related notices (e.g. email when an alert you configured fires).
To improve the Service through aggregate, non-identifying analytics.

We do not sell your personal information or your device data, and we do not use it to serve advertising.

3. Google API Services — Limited Use Disclosure

Dyvice's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

When you connect Google Sheets to Dyvice, we request the https://www.googleapis.com/auth/spreadsheets scope. This scope is used only to:

Append rows of your IoT sensor data to the specific Google Sheet you select inside Dyvice.
Read sheet metadata (sheet titles and IDs) so you can pick a destination sheet in our UI.

We do not:

Read, transfer, or store data from any Google Sheet other than the one you explicitly select as a destination.
Use Google user data for advertising purposes.
Transfer Google user data to third parties except as needed to provide or improve the Service, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to affected users.
Allow humans to read Google user data, unless we have your explicit consent for specific data, it is required for security purposes such as investigating abuse, to comply with applicable law, or the data has been aggregated and anonymized for internal operations.

The Google OAuth refresh and access tokens we receive are encrypted with AES-256-GCM before being written to our database. You can revoke Dyvice's access at any time from your Google Account permissions page or by deleting the integration from inside Dyvice.

4. How We Share Information

We share information only in the following circumstances:

With your integrations. When you configure a Slack channel, Telegram bot, webhook URL, Google Sheet, etc., we forward the relevant event payloads to that destination on your behalf.
With service providers that host our infrastructure, send email/SMS notifications, and process payments (e.g. Stripe). These providers process data only on our instructions and under contract.
For legal reasons, when we believe in good faith that disclosure is required by law or to protect the rights, safety, or property of Dyvice, our users, or the public.
In a business transfer such as a merger, acquisition, or asset sale, in which case we will notify affected users.

5. Data Retention

Account data is kept while your account is active. When you delete your account, we delete or anonymize your personal data within 30 days, except where retention is required by law.
Device data is retained according to the data-retention policy set on your plan and any per-channel limits you configure.
Audit and security logs are retained for up to 12 months.
Backups may persist for up to 35 days after deletion from the live database.

6. Security

We protect your data with industry-standard controls including TLS in transit, encrypted secrets at rest, hashed credentials, scoped API keys, rate limiting, and least-privilege access for our personnel. No system is perfectly secure; if we become aware of a breach affecting your personal data, we will notify you and the appropriate authorities as required by applicable law.

7. Your Rights and Choices

Access, correction, deletion. You can view and edit most of your data in the Dyvice dashboard, and delete your account at any time from Account Settings.
Disconnecting integrations. You can disconnect any third-party integration from the Integrations page; this revokes the stored token and stops further data flow to that service.
Marketing. We do not send marketing email without your opt-in, and you can unsubscribe from any non-essential email at any time.
EU/UK/CA residents have additional rights under the GDPR, UK GDPR, and CCPA respectively, including the right to portability and the right to object to certain processing. To exercise these rights, contact us using the details below.

8. Children's Privacy

The Service is not directed to children under 13 (or under 16 in the EEA), and we do not knowingly collect personal information from them. If you believe we have collected such information, please contact us so we can delete it.

9. International Transfers

Dyvice operates from servers that may be located outside your country. By using the Service, you consent to the transfer of your information to those locations, subject to the safeguards described in this policy and applicable law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via email or an in-app notice at least 14 days before they take effect. The "Effective date" above always reflects the most recent revision.

11. Contact Us

Questions, requests, or complaints about this policy or your data:

Email: designtech2406@gmail.com
Website: https://dyvice.com