DeviceFarmBack home

Privacy Policy

Last updated: April 19, 2026

This Privacy Policy explains how DeviceFarm.io ("we", "us") collects, uses, and protects the personal data of users ("you") who access our cloud phone platform. By using the service you agree to the terms below.

1. Data we collect

We collect the minimum data required to operate the service: account information (email, full name if provided, hashed password), billing data processed by Stripe (we never store your card number), product usage (cloud phones created, runtime, automation tasks, team activity), and technical metadata (IP address of the browser session, user-agent, device timezone) for security auditing.

2. How we use your data

We use your data strictly to:

  • Authenticate your account and keep your session secure.
  • Provision, run, and bill cloud phones and add-ons.
  • Send transactional emails (invitations, receipts, security alerts).
  • Detect fraud and abuse of the platform.
  • Improve product reliability through anonymised aggregated metrics.

We do not sell, rent, or share your data with advertisers.

3. Third-party processors

We rely on a short list of infrastructure providers who process data on our behalf under a data processing agreement:

  • Supabase (authentication, database, file storage).
  • Stripe (payment processing, billing).
  • Our cloud phone infrastructure partner (device provisioning).
  • Transactional email provider for account notifications.

Each processor is contractually required to keep your data confidential.

4. Data retention

Account data is kept for as long as your account is active. On deletion, personal data is purged within 30 days except what we're legally required to retain (billing records for up to 7 years). Activity logs older than 90 days are anonymised.

5. Your rights

You can request access, rectification, deletion, or export of your personal data at any time by contacting us through the support channel linked on the home page. We respond within 30 days.

6. Cookies

We use essential cookies to keep you logged in and to remember UI preferences. We do not use advertising or cross-site tracking cookies.

7. Security

Data is encrypted in transit (TLS 1.3) and at rest. Passwords are hashed with modern algorithms. Access to production databases is restricted and audited. If a breach affecting your personal data occurs, we notify impacted users within 72 hours.

8. Changes to this policy

We may update this Privacy Policy. Material changes will be announced via email and/or a notice inside the dashboard at least 14 days before they take effect.

9. Contact

For privacy-related inquiries, reach us through the contact link on our home page.