Skip to main content
CalvyxDial
Book a demo

Legal

Privacy Policy

Last updated: June 6, 2026

1. Introduction

DevSource.DEV (“Company,” “we,” “us”) operates the CalvyxDial service (the “Service”). This Privacy Policy describes how we collect, use, disclose, retain, and protect personal information in connection with our website, the Service, and related communications. This Policy is incorporated into and forms part of our Terms of Service.

We act as a data controller with respect to information about our customers (the businesses that subscribe to the Service), and as a data processor with respect to the contact data and call recordings that customers upload to or generate within the Service.

The CalvyxDial platform is self-hosted: the database, telephony engine, and recording storage that hold Customer Data run on infrastructure operated and controlled by DevSource.DEV, not on a third-party cloud database. This is a deliberate data-control design choice, described further in Sections 5, 6, and 11.

2. Information We Collect

2.1 Account Information. When customers register or are onboarded by our sales team, we collect business name, primary contact name, email address, phone number, billing address, and authentication credentials (passwords are stored hashed with bcrypt; we never see plaintext).

2.2 Customer Data.Customer Data includes the contact lists, leads, call detail records, recordings, dispositions, notes, SMS message content, and any other materials customers or their authorized users submit to or generate within the Service. Customer Data is stored in our self-hosted PostgreSQL database and recording storage. We process Customer Data only as necessary to provide the Service and on the customer’s instructions.

2.3 Usage Information. We automatically collect technical information about how the Service is used, including IP address, browser type, device identifiers, pages visited, features used, and the timing and duration of sessions. This information is used for security, debugging, billing, capacity planning, and product improvement.

2.4 Communications. We retain copies of communications between you and our support, sales, and billing teams.

2.5 Cookies and Similar Technologies. We use the minimum tracking necessary to operate the Service:

  • Essential, first-party: a session cookie issued by our self-hosted application to keep you signed in. Required for the authenticated Service to work; cannot be disabled while using it.
  • Browser storage (not cookies): theme preference and a short-lived session cache in the browser’s local storage, used to make sign-in faster across page loads.
  • Third-party (only if you follow our demo link): our public marketing site links to a Cal.com booking page for scheduling a demo. Cal.com sets its own cookies only when you visit that page to book; the marketing pages themselves do not embed it until you choose to go there.

We do not run cross-site advertising trackers, behavioral analytics, or third-party tag managers. We do not sell data.

3. How We Use Information

  • To provide, maintain, and improve the Service.
  • To authenticate users and protect Account security.
  • To process billing, invoices, and payments.
  • To communicate about service updates, changes to terms, and security incidents.
  • To enforce our Terms of Service, including investigating prohibited activity and protecting against fraud or abuse.
  • To comply with legal obligations and respond to lawful requests from public authorities.
  • To analyze aggregate usage trends and improve performance, security, and reliability.

We do not sell personal information, and we do not use Customer Data to train artificial intelligence models.

4. Legal Bases for Processing (GDPR)

For individuals in the European Economic Area, the United Kingdom, and other jurisdictions with similar laws, we rely on the following legal bases:

  • Contract — to provide the Service to you under our Terms.
  • Legitimate interests — to operate, secure, and improve the Service, prevent fraud, and enforce our Terms.
  • Legal obligation — to comply with tax, regulatory, and law enforcement requirements.
  • Consent — for any processing not covered by the above bases (revocable at any time).

5. Sharing and Disclosure

We share information only as described below:

  • Subprocessors. The core of the Service is self-hosted on our own infrastructure. We engage a small set of third-party providers for specific functions only — telephony and SMS (Telnyx), edge proxy and encrypted off-site backups (Cloudflare), uptime monitoring (BetterStack), demo scheduling (Cal.com), and marketing-site hosting (Vercel). A current list is published at /subprocessors. All subprocessors are bound by data protection agreements.
  • Legal obligations. We may disclose information when required by valid legal process, court order, or governmental request, or to protect the rights, property, or safety of any party.
  • Business transfers. In a merger, acquisition, or sale of substantially all assets, information may be transferred to the successor entity, subject to this Policy.
  • With consent. For any other disclosure, we obtain explicit consent.

Customer Data is never shared with marketers, advertisers, or unrelated third parties for their own use.

6. Data Location and International Transfers

Customer Data is stored on infrastructure operated and controlled by DevSource.DEV. Encrypted off-site backups of the database and recordings are held in Cloudflare R2. Telephony and SMS traffic is carried by Telnyx (United States). Where a customer is established outside the country in which our infrastructure is located, the customer’s use of the Service involves a transfer of personal data to that location.

Where personal data is transferred from the EEA, the UK, or Switzerland to a country not benefiting from an adequacy decision, we rely on appropriate safeguards, including the European Commission’s Standard Contractual Clauses or the UK International Data Transfer Addendum, as set out in our Data Processing Agreement.

7. Data Retention

We retain personal information for the duration of your subscription and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods:

  • Account information: retained while your Account is active and for up to seven (7) years after termination, where required for tax and legal records.
  • Customer Data: retained for the duration of the subscription and for up to thirty (30) days after termination, after which it may be permanently deleted unless extended retention is requested.
  • Call recordings: retained per the customer’s configured retention policy, capped at the limits stated in the customer’s subscription plan.
  • Audit logs and security records: retained for at least twelve (12) months for security and compliance purposes.
  • Billing records: retained for at least seven (7) years to comply with financial recordkeeping obligations.

8. Your Rights

Subject to applicable law, you may have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Request deletion (subject to our retention obligations).
  • Object to or restrict certain processing.
  • Receive a copy of your personal information in a portable format.
  • Withdraw consent at any time (where consent is the legal basis).
  • Lodge a complaint with a supervisory authority (for EEA/UK residents).

For Customer Data uploaded by a business customer, requests should generally be directed to that customer (the data controller). We will assist that customer in responding to your request.

To exercise these rights, contact us at info@devsource.dev. We respond within thirty (30) days, or sooner where required by applicable law.

9. CCPA / California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and disclose, the right to deletion, and the right to non-discrimination for exercising these rights. We do not sell personal information as defined by the CCPA.

10. Children

The Service is intended for business use by individuals at least eighteen (18) years of age. We do not knowingly collect personal information from children under thirteen (13). If we learn we have collected such information without parental consent, we will delete it promptly.

11. Security

We implement administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, alteration, disclosure, or destruction. These include:

  • Encryption in transit (TLS) at the Cloudflare edge and over the Telnyx carrier trunk.
  • Encrypted, off-site backups of the database and recordings, taken nightly.
  • PostgreSQL row-level security for per-tenant isolation: the application connects as a non-superuser role, and a query scoped to one tenant cannot read another tenant’s data.
  • Per-tenant data scoping throughout the application.
  • Passwords stored hashed with bcrypt; we never store plaintext credentials.
  • Self-hosted core infrastructure under our own operational control.

No system is perfectly secure, and we cannot guarantee absolute security; you are responsible for safeguarding your authentication credentials.

12. Breach Notification

In the event of a data breach materially affecting your personal information, we will notify you and applicable supervisory authorities without undue delay and in accordance with applicable law.

13. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated via email or in-Service notification at least thirty (30) days before they take effect. The “Last updated” date at the top reflects the most recent revision.

14. Contact

For privacy questions, requests, or complaints, contact our Data Protection point of contact at info@devsource.dev. EU/UK residents may also contact our designated representative at the same address.