Privacy policy
How devinsta collects, uses, stores, and protects personal data. Last updated 2026-07-02.
1. Who we are
devinsta (“we”, “our”, “us”) is a software studio with operating entities and teams in the United Kingdom and Pakistan. For matters relating to your personal data, contact us at info@devinsta.com.
2. What we collect
We collect personal data in three contexts:
- Website analytics — anonymous traffic and engagement data via privacy-respecting analytics (no personally identifiable advertising cookies).
- Forms you submit — name, email, company, project details, and anything else you choose to share when you contact us, request an audit, or apply for a role.
- Client engagement data — information you share with us during paid engagements, governed by the contract and any NDA we have signed.
3. Why we collect it
To respond to your enquiry, deliver engaged services, send relevant business communications (where you have opted in), and meet legal and tax obligations. We never sell your data.
4. Lawful basis (GDPR, UK GDPR)
Our processing relies on (a) your consent (for marketing emails), (b) performance of a contract (for client work), (c) our legitimate interest in operating the business, and (d) compliance with legal obligation (for tax and audit records).
5. Your rights
You have the right to access, correct, port, restrict, and delete your personal data, and to withdraw consent at any time. To exercise any right, email info@devinsta.com. We respond within 30 days. UK and EU residents may also contact the ICO or their local supervisory authority.
6. Cookies
We use strictly necessary cookies for the site to function. We use privacy-respecting analytics that does not require consent under GDPR or CCPA. We do not run advertising cookies.
7. Data residency & transfers
Data lives in the region most appropriate to the engagement. For UK and EEA clients we keep data in the UK or EEA. International transfers rely on Standard Contractual Clauses or the UK IDTA. We can sign Data Processing Agreements on request.
8. Regional notes
California (CCPA/CPRA): You have the right to know, delete, and opt out of the sale or sharing of personal information. We do not sell personal information.
Brazil (LGPD): The principles of LGPD apply to data of Brazilian residents in our care.
China (PIPL): Where Chinese residents engage with us, additional disclosure and consent flows apply.
9. Changes
We will update this policy when our practices change. The version date at the top reflects the last revision.
