Contacts
+1 800 529 10 37
Get in touch
Call us: +1 800 529 10 37
Get in touch
Get in touch

1) Who we are

We are a development and consultancy agency focused on Shopify and related services. This policy explains how we handle personal data when you visit our website, contact us, or work with us.

2) Scope

This policy covers personal data we process as a controller: website visitors, prospects/leads, clients and their representatives, vendors, and job applicants. When we handle end-customer data on behalf of a client, we act as a processor under our contract and data-processing terms (see Section 12).

3) Data we collect

  • Contact & lead details: name, email, phone, company, role, website/store URL, project brief, budget/timeline notes.
  • Usage & device data: IP address, browser/OS, pages viewed, timestamps, referring URL, and general interaction data necessary to operate and secure the site.
  • Client relationship data (if you become a client): billing details, contracts/SOWs, project communications, support records.
  • Recruitment data (if you apply): CV/resume and information you submit during hiring.

4) How and why we use data (purposes & legal bases)

  • Respond to enquiries and provide proposals – contract / pre-contract steps.
  • Deliver services and manage projects – contract.
  • Operate, secure, and improve the website – legitimate interests (running a safe, efficient service).
  • Marketing about our services – consent where required; otherwise legitimate interests (B2B context). You can opt out at any time.
  • Legal, tax, and compliance – legal obligation and/or legitimate interests.

5) Sharing

We share personal data only as needed with:

  • Service providers / processors (hosting/infrastructure, email, CRM, analytics, accounting), bound by confidentiality and data-processing terms.
  • Professional advisers and authorities where legally required.
    We do not sell personal data.

6) International transfers

Some providers may process data outside the EEA/UK. Where this occurs, we rely on lawful transfer tools (e.g., adequacy decisions or Standard Contractual Clauses) and apply appropriate safeguards.

7) Retention

  • Leads & enquiries: up to 24 months after the last contact.
  • Client/project & billing records: contract term + 6–10 years (for tax/legal).
  • Recruitment: up to 12 months, unless you ask us to keep it longer.
    We may retain data longer if needed to establish or defend legal claims.

8) Your rights (EEA/UK)

You can access, rectify, erase, or restrict processing, object (including to direct marketing), and port your data. Where we rely on consent, you can withdraw consent at any time.
To exercise rights, email hello@devbox.agency. You may also lodge a complaint with your local Data Protection Authority.

9) Marketing

We may send service information or updates about our services. You can opt out at any time by following the instructions in our messages or emailing us.

10) Cookies & analytics (summary)

Our site may use cookies or similar technologies for essential operation and to understand site performance. You can manage cookies in your browser settings; blocking some types may affect site functionality. We may use analytics tools (e.g., aggregated traffic measurement) that receive IP and usage data to produce reports.

11) Security

We apply reasonable technical and organisational measures (HTTPS, access controls, least-privilege, backups). No system is 100% secure; if a personal-data breach posing risk occurs, we will act as required by law.

12) Acting as a processor for clients

For client projects (e.g., Shopify development, analytics, CRM), we may handle end-customer data strictly under the client’s instructions and our data-processing terms. In those cases, the client is the controller.

14) Changes to this policy

We may update this policy from time to time. The effective date appears at the top.