Effective Date: April 1, 2026
Welcome to DevCue ("DevCue," "we," "us," or "our"). DevCue is an AI-powered cloud development platform operated by RippleCue LLC. Our platform is available at devcue.ai, with our application at app.devcue.ai and authentication services at identity.devcue.ai.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI code generation platform, cloud workspaces, deployment services, and related offerings (collectively, the "Services"). Please read this policy carefully. By using DevCue, you agree to the practices described in this Privacy Policy.
Our Core Privacy Commitment: We will never sell your personal data to third parties. Your code, projects, and AI interactions are yours. We only use your data to provide and improve the Services for you.
When you create a DevCue account, we collect:
The core of DevCue is generating, storing, and deploying code on your behalf. We collect and store:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide AI code generation and deployment | Prompts, project data, code, workspace content | Contract performance |
| Manage your account and authentication | Account information, OAuth tokens | Contract performance |
| Process billing and subscriptions | Billing information, plan selection | Contract performance |
| Improve AI quality and platform features | Anonymized usage patterns, aggregated error rates | Legitimate interest |
| Provide customer support | Account info, support communications, project context | Contract performance |
| Send service notifications | Email address, project status | Contract performance |
| Ensure platform security and prevent abuse | Log data, IP addresses, usage patterns | Legitimate interest |
| Comply with legal obligations | As required by applicable law | Legal obligation |
AI Model Training: We do NOT use your personal code, projects, or prompts to train general-purpose AI models. Your data is used solely to provide the Services to you. We may use anonymized, aggregated metrics (such as error rates or feature adoption) to improve platform reliability.
DevCue offers a Bring Your Own Key option that allows you to use your own API keys for third-party AI providers (such as Anthropic Claude, OpenAI, or Google Gemini).
When you provide your own API key:
When you use BYOK, the AI provider you connect processes your data under their own privacy policy. We recommend reviewing the privacy policies of Anthropic, OpenAI, and Google if you use BYOK.
We implement industry-standard security measures to protect your data:
User authentication is managed by Duende IdentityServer, supporting secure OAuth 2.0 / OpenID Connect flows with Google and Microsoft identity providers. Passwords for email-based accounts are hashed using industry-standard algorithms and are never stored in plaintext.
We share data with the following categories of trusted third-party service providers, solely as necessary to operate the Services:
| Provider | Purpose | Data Shared |
|---|---|---|
| Anthropic (Claude) | AI code generation | Prompts, code context (when using DevCue's default AI) |
| OpenAI | AI code generation (alternative model) | Prompts, code context (when selected or via BYOK) |
| Google (Gemini) | AI code generation (alternative model) | Prompts, code context (when selected or via BYOK) |
| Stripe | Payment processing | Billing name, email, payment method, transaction amounts |
| Azure Communication Services | Transactional emails | Email address, email content (account verification, notifications) |
| Google Analytics | Website analytics | Anonymized usage data, page views, referral sources |
| Google / Microsoft (OAuth) | Authentication | OAuth tokens, profile information (name, email, avatar) |
All third-party providers are bound by data processing agreements. We share only the minimum data necessary for each provider to perform its function. We do not sell your data to any third party.
| Data Type | Retention Period |
|---|---|
| Account information | Retained while your account is active; deleted within 30 days of account deletion request |
| Projects and source code | Retained until you delete them or delete your account |
| AI conversation history | Retained per project until you delete the project or your account |
| Server and application logs | Retained for 30 days, then automatically purged |
| Billing and transaction records | Retained for 7 years as required by tax and financial regulations |
| Encrypted backups | Retained for up to 90 days for disaster recovery, then purged |
| Support communications | Retained for 2 years after resolution, then deleted |
When you delete a project or your account, we remove the data from active systems within 30 days. Copies in encrypted backups are purged according to the backup retention schedule above.
DevCue offers a self-hosted option for enterprise customers. When DevCue is deployed on your own infrastructure:
Enterprise customers may also negotiate a custom Data Processing Agreement (DPA) that supersedes relevant sections of this Privacy Policy. Contact sales@devcue.ai for details.
Regardless of where you are located, we provide all users with the following rights. If you are in the European Economic Area (EEA), United Kingdom, or another jurisdiction with similar data protection laws, these rights are guaranteed by law.
You can request a copy of all personal data we hold about you. We will provide this in a commonly used, machine-readable format (such as JSON or CSV) within 30 days.
You can update or correct your account information at any time through your account settings at app.devcue.ai.
You can delete your account and all associated data at any time. Upon request, we will delete your personal data within 30 days, except where retention is required by law (such as billing records required for tax purposes).
You can export your projects and source code at any time from your workspace. You can also request a full data export of your account information.
You can request that we restrict processing of your data in certain circumstances, or object to processing based on our legitimate interests.
Where processing is based on your consent, you can withdraw that consent at any time without affecting the lawfulness of processing performed before withdrawal.
If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. You will not receive discriminatory treatment for exercising your privacy rights.
To exercise any of these rights, contact us at support@devcue.ai. We will respond within 30 days. We may need to verify your identity before processing certain requests.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential / Session | Maintain your login session and CSRF protection. Required for the platform to function. | Session (expires when you close your browser) or up to 30 days for "remember me" |
| Authentication | Store authentication tokens issued by our identity service for single sign-on across devcue.ai subdomains. | Up to 30 days |
| Preferences | Remember your editor settings, theme preferences, and workspace layout. | 1 year |
| Analytics (Google Analytics) | Understand how visitors use our marketing website. Anonymized and aggregated. | Up to 2 years |
You can disable non-essential cookies through your browser settings. Disabling essential cookies may prevent the platform from functioning correctly. We respect Do Not Track (DNT) browser signals for analytics cookies.
DevCue is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take immediate steps to delete that information. If you believe a child under 13 has provided us with personal information, please contact us at support@devcue.ai.
Users between the ages of 13 and 18 may use DevCue only with the involvement and consent of a parent or legal guardian.
DevCue is operated from the United States. If you access our Services from outside the United States, your data may be transferred to, stored, and processed in the United States or other countries where our infrastructure providers operate.
For users in the EEA or UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and appropriate supplementary measures to ensure adequate protection of your data during international transfers.
We will never sell, rent, or lease your personal information, source code, or project data to third parties.
We may disclose your information if required by law, legal process, or government request, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of DevCue, our users, or the public.
In the event of a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the acquiring entity. We will provide advance notice and the opportunity to delete your account before the transfer takes effect, where practicable.
We may update this Privacy Policy from time to time. When we make material changes, we will:
Your continued use of the Services after the updated policy takes effect constitutes your acceptance of the changes. If you do not agree with the updated policy, you should discontinue use and delete your account.
If you have questions about this Privacy Policy, your data, or your rights, please contact us:
We aim to respond to all privacy-related inquiries within 30 days.