Skip to main content
devinsta — design and development agency
Free consult
Legal · Privacy

Privacy policy

How devinsta collects, uses, stores, and protects personal data. Last updated 2026-07-02.

1. Who we are

devinsta (“we”, “our”, “us”) is a software studio with operating entities and teams in the United Kingdom and Pakistan. For matters relating to your personal data, contact us at info@devinsta.com.

2. What we collect

We collect personal data in three contexts:

  • Website analytics — anonymous traffic and engagement data via privacy-respecting analytics (no personally identifiable advertising cookies).
  • Forms you submit — name, email, company, project details, and anything else you choose to share when you contact us, request an audit, or apply for a role.
  • Client engagement data — information you share with us during paid engagements, governed by the contract and any NDA we have signed.

3. Why we collect it

To respond to your enquiry, deliver engaged services, send relevant business communications (where you have opted in), and meet legal and tax obligations. We never sell your data.

4. Lawful basis (GDPR, UK GDPR)

Our processing relies on (a) your consent (for marketing emails), (b) performance of a contract (for client work), (c) our legitimate interest in operating the business, and (d) compliance with legal obligation (for tax and audit records).

5. Your rights

You have the right to access, correct, port, restrict, and delete your personal data, and to withdraw consent at any time. To exercise any right, email info@devinsta.com. We respond within 30 days. UK and EU residents may also contact the ICO or their local supervisory authority.

6. Cookies

We use strictly necessary cookies for the site to function. We use privacy-respecting analytics that does not require consent under GDPR or CCPA. We do not run advertising cookies.

7. Data residency & transfers

Data lives in the region most appropriate to the engagement. For UK and EEA clients we keep data in the UK or EEA. International transfers rely on Standard Contractual Clauses or the UK IDTA. We can sign Data Processing Agreements on request.

8. Regional notes

California (CCPA/CPRA): You have the right to know, delete, and opt out of the sale or sharing of personal information. We do not sell personal information.

Brazil (LGPD): The principles of LGPD apply to data of Brazilian residents in our care.

China (PIPL): Where Chinese residents engage with us, additional disclosure and consent flows apply.

9. Changes

We will update this policy when our practices change. The version date at the top reflects the last revision.