Legal

Privacy Policy

Last updated June 6, 2026

Devlune Webmaster is built privacy-first. We don't use cookies for analytics, we don't fingerprint visitors, and we never sell data. This policy explains exactly what we collect and why.

01Who we are

Devlune Webmaster ("Devlune", "we", "us") is a webmaster suite — analytics, view counters, and forms — operated by DevLune. If you run a website using our embed scripts, you are a "Customer"; the people who visit your website are "Visitors".

02Data we collect from Customers

  • Account data: your email address and, if you sign in with Google or GitHub, your basic profile.
  • Workspace data: workspace name, plan, the sites, counters, and forms you create.
  • Billing data: handled by our payment processors (Stripe, Razorpay). We never store full card numbers.
  • Onboarding preferences you optionally provide (how you found us, features of interest).

03Data we collect from your Visitors

Our analytics script is cookieless and collects only aggregate, non-identifying signals:

  • Page URL, referrer, and UTM parameters.
  • Device type, browser, and operating system (derived from the user-agent).
  • Country (derived at the edge from IP — the raw IP is never stored).
  • Custom events you choose to track via devlune.track().
No cookies. No fingerprinting. To de-duplicate unique visits within a 24-hour window, we compute a daily-rotating salted hash ofIP + user-agent. The salt rotates every day and the raw IP is discarded immediately — the hash cannot be reversed to identify a person.

04How we use data

  • To provide the dashboards, counters, and form handling you configure.
  • To send transactional email (account, billing, optional digests) via Resend.
  • To protect the service — rate limiting and spam detection.
  • To improve the product in aggregate. We never sell or rent personal data.

05Where data lives (sub-processors)

  • Supabase — authentication and primary database.
  • Cloudflare — edge ingestion, KV counters, and asset delivery.
  • ClickHouse Cloud — aggregated analytics events.
  • Upstash — rate limiting and short-lived de-duplication.
  • Resend — transactional email.
  • Stripe / Razorpay — payments.
  • Vercel — application hosting.

06Retention

Analytics retention depends on the Customer's plan: 7 days (Hobby), 90 days (Developer), or 2 years (Studio). Form submissions are retained until you delete them or close your account. Account data is removed within 30 days of account deletion.

07Your rights

Depending on your region (GDPR, CCPA, and similar), you may request access, correction, export, or deletion of your personal data. Email privacy@devlune.in and we'll respond within 30 days.

08Changes & contact

We'll post any material changes here and update the date above. Questions? See our Security page or email privacy@devlune.in.