Privacy Policy
Last updated: March 21, 2026
What We Collect
Account Information
When you create an account, we collect:
- Email address
- Display name
- Profile photo (if signing in with Google or GitHub)
Social Platform Connections (Optional)
If you choose to connect a social platform, we collect basic profile information from that platform:
| Platform | Information Accessed |
|---|---|
| YouTube | Channel name, handle, subscriber count, video count, profile thumbnail |
| Business account name, username, profile picture, follower count, media count | |
| TikTok | Display name, username, avatar, follower count, video count |
| Twitter / X | Username, display name, profile image, follower count |
You can disconnect any platform at any time from within the application or from the platform's own settings.
Google User Data
This section describes how Deva IDE accesses, uses, stores, shares, and retains data obtained through Google APIs, in compliance with the Google API Services User Data Policy.
Data Accessed
When you sign in with Google, we access your Google account email address, display name, and profile photo. If you connect your YouTube channel, we access your channel name, handle, subscriber count, video count, and profile thumbnail via the YouTube Data API. No other Google user data is accessed.
Data Usage
Google user data is used solely to:
- Authenticate your identity and maintain your session
- Display your profile information within the application
- Display your YouTube channel statistics on your connected social profiles
We do not use Google user data for advertising, analytics, or any purpose unrelated to the features described above.
Data Sharing
We do not sell, rent, or share Google user data with any third parties. Google user data is not transferred to any external service except as strictly necessary to provide the features you have opted into (e.g., Firebase Authentication for sign-in). We do not provide Google user data to AI providers, advertisers, data brokers, or any other third party.
Data Storage & Protection
Google user data is stored in Firebase (Google Cloud) with access restricted to authenticated users. OAuth tokens are encrypted and stored in Google Cloud Secret Manager. All data is transmitted over HTTPS. We do not store Google user data on your local device beyond your active browser session.
Data Retention & Deletion
Google account data is retained only while your account is active. YouTube connection data is retained only while the platform remains connected. You may request deletion of all your data at any time by emailing admin@summitwanderlust.com or by opening an issue at github.com/devseccode/DevSecCode-IDE/issues. Upon receiving a deletion request, we will remove all associated data within 30 days and confirm completion. You can also revoke Deva IDE's access to your Google account at any time via Google Account Permissions.
AI Features
When you use AI chat, code fix generation, or code analysis, the following is sent to the AI provider you have selected:
- Your prompt or question
- Relevant code context from your open file or workspace
- Any custom AI configuration documents you have created
We support Anthropic (Claude), OpenAI, and Google (Gemini) as AI providers. You can also use a fully local model via Ollama, which keeps all AI processing on your machine. See the “Third-Party Services” section below for links to each provider's privacy policy.
What We Do NOT Collect
- No telemetry. Usage analytics, crash reports, and machine identifiers are disabled.
- No tracking. We do not use cookies, fingerprinting, or advertising trackers.
- No source code storage. Security scanning runs on your local machine. Your code is not uploaded to our servers.
- No conversation logs. AI chat messages are not stored on our servers.
How We Protect Your Data
- API keys and credentials are stored in Google Cloud Secret Manager and are never embedded in the application or stored on your device.
- OAuth sign-in flows use one-time codes that expire after 5 minutes and state parameter validation to prevent CSRF attacks.
- Authentication tokens are verified using constant-time comparison.
Data Retention & Deletion
- Account data is retained while your account is active.
- Social platform tokens are retained until you disconnect the platform.
- AI conversations exist only in your local session and are not persisted.
To request deletion of your data, email admin@summitwanderlust.com or open an issue at github.com/devseccode/DevSecCode-IDE/issues. We will process deletion requests within 30 days.
Your Rights
You may:
- Access your data by viewing your profile in the application.
- Delete your account and associated data by contacting us.
- Disconnect social platforms at any time.
- Opt out of AI-augmented scanning in settings.
- Use local AI models exclusively to keep all processing on your machine.
Third-Party Services
| Service | Purpose | Privacy Policy |
|---|---|---|
| Google Cloud / Firebase | Authentication, data storage | cloud.google.com |
| Anthropic | AI provider (Claude) | anthropic.com |
| OpenAI | AI provider | openai.com |
| Google AI | AI provider (Gemini) | ai.google |
| GitHub | Sign-in, skills marketplace | docs.github.com |
| YouTube (Google) | Optional social connection | policies.google.com |
| Instagram (Meta) | Optional social connection | instagram.com |
| TikTok | Optional social connection | tiktok.com |
| Twitter / X | Optional social connection | x.com |
Changes
We will update this page when our data practices change. The “Last updated” date at the top reflects the most recent revision.
Contact
For privacy questions or data deletion requests:
- Email: admin@summitwanderlust.com
- GitHub: github.com/devseccode/DevSecCode-IDE/issues