Privacy Policy

Last updated: May 31, 2026

This policy explains what information DevStash (“DevStash”, “we”, “us”) collects, how we use it, and the choices you have. It describes how the service actually works today. If something here is unclear, reach out using the contact details below.

What we collect

  • Account information — your name and email address. If you sign up with email and password, we store only a securely hashed version of your password, never the password itself.
  • GitHub profile basics — if you sign in with GitHub, we receive basic profile information (such as your name, email, and avatar) from GitHub through the OAuth connection.
  • Your content — the items, collections, tags, and other knowledge you create and organize in the app.
  • Uploaded files — files and images you upload, stored in object storage on our behalf.
  • Billing details — if you subscribe to Pro, payment is handled by our payment processor. We store a customer and subscription reference, but we never see or store your full card details.

How we use it

  • To operate, maintain, and improve the service.
  • To authenticate you and keep your account secure.
  • To send transactional email such as email verification and password reset messages.
  • To process payments and manage your subscription.
  • To power optional AI features when you choose to use them (Pro). Only the relevant content you act on is sent to the AI provider for that request.

Third-party sub-processors

We rely on a small set of trusted service providers to run DevStash. Each processes data only as needed to provide its part of the service:

  • Neon — managed PostgreSQL database hosting.
  • Cloudflare R2 — object storage for uploaded files and images.
  • Stripe — payment processing and subscription billing.
  • Resend — delivery of transactional email.
  • Upstash — rate limiting to protect the service from abuse.
  • OpenAI — powering AI features (Pro only), used only when you trigger an AI action.
  • Our hosting provider — running the application itself.

Cookies & sessions

We use a single authentication session cookie, managed by NextAuth (stored as a signed JWT), to keep you signed in. We do not use third-party advertising or tracking cookies.

Data retention & deletion

We keep your data for as long as your account is active. When you delete your account, we remove your user record and associated data, including the files you uploaded to object storage. Backups and logs may persist for a limited period before being overwritten in the normal course of operation.

Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data. You can delete your account at any time from your settings, and you can reach us with any other request using the contact details below.

Contact

A dedicated support@devstash.xyz address is coming soon. In the meantime, account deletion is available directly in your settings. This page will be updated with a working contact channel once it is available.