Privacy Policy

Last Updated: 2025-10-29

Dev Blanket AB ("DevBlanket," "we," "us," or "our") is a Swedish company based in Stockholm, Sweden. We provide software testing services globally and comply with the EU General Data Protection Regulation (GDPR) as our primary data protection framework.

This Privacy Policy outlines how DevBlanket collects, uses, and protects personal information from users of our website and services (collectively, the "Services"). By using our Services, you acknowledge and agree to this Policy.

Important: Our Services are designed to process data related to development and testing environments only. You must not upload, submit, or include any personal data in your test scenarios, screenshots, or other content. You are solely responsible for ensuring your use of the Services complies with applicable data protection laws.

This Policy incorporates our Terms of Service by reference. If you do not agree with these terms, please discontinue use of our Services.

What is Personal Data?

For purposes of this Policy, "personal data" means any information relating to an identified or identifiable natural person, as defined under the EU General Data Protection Regulation (GDPR). This may include your name, email address, phone number, company name, username, IP address, payment information, browser type, device identifiers, or other information collected through your use of our Services.

DevBlanket does not intentionally collect special categories of personal data (such as health information, biometric data, or precise geolocation). You must not include such information in any content you upload to our Services.

Information We Collect

Information You Provide Directly

When you create an account, subscribe to our services, or contact support, you may provide personal data such as your name, email address, phone number, company name, and username. Payment information is processed through Stripe (see Stripe's privacy policy at stripe.com/privacy); we do not store your complete payment card details. Transactional emails are sent via Resend.

Information Collected Automatically

When you use the Services, we automatically collect technical data such as your IP address, browser type, operating system, device identifiers, pages visited, timestamps, and error logs. This data helps us secure and improve the platform.

Usage and Billing Data

We track your usage of the Services, including the number of screenshots generated and your quota consumption, to manage your subscription, process billing, and enforce plan limits. This usage data is associated with your account and may be shared with Stripe for payment processing.

Test Content and Screenshots

You control what test scenarios and content you submit to our Services. You are responsible for ensuring this content does not contain personal data.

Support Communications

When you contact us at help@devblanket.com, we collect the information you provide in your email to respond to your inquiry.

Children's Data

DevBlanket's Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have collected such data, please contact us at privacy@devblanket.com and we will promptly delete it.

Legal Bases for Processing Your Data

DevBlanket processes personal data in compliance with the EU General Data Protection Regulation (GDPR). Where you are located in a jurisdiction with other applicable privacy laws, we will also comply with those requirements.

Under GDPR, we process your personal data only where we have a valid legal basis:

Performance of a Contract

We process your data to provide, maintain, and support the Services under our Terms of Service, including account creation, billing, and service delivery.

Legitimate Interests

We process data to secure the platform, prevent fraud and abuse, generate usage analytics, and improve our Services where these interests are not outweighed by your privacy rights.

Consent

We rely on your consent for non-essential cookies and marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.

Legal Obligations

We process and retain information as necessary to comply with applicable laws, including tax and accounting requirements, court orders, and other legal duties.

How We Use Your Information

We use the personal data we collect for the following purposes:

• Service Delivery: Providing and maintaining the testing Services, managing your account, and processing test requests
• Billing and Payment: Tracking usage quotas, processing payments, and managing subscriptions
• Communications: Responding to support inquiries, sending service notifications, and (with your consent) marketing communications
• Security and Fraud Prevention: Protecting the platform from unauthorized access, abuse, and security threats
• Service Improvement: Analyzing usage patterns and technical performance to improve features and reliability
• Legal Compliance: Meeting tax, accounting, and other legal obligations

Third-Party Service Providers

We use trusted third-party service providers to help deliver our Services:

• Stripe - Payment processing
• Resend - Transactional and marketing emails
• DigitalOcean - Cloud hosting and infrastructure

These providers process personal data only as necessary to perform their services and are contractually required to protect your data in accordance with applicable data protection laws. Each provider maintains its own privacy policy, which you can review on their respective websites.

International Data Transfers

Your data is primarily hosted on servers within the European Union. However, some of our service providers (Stripe for payments and Resend for email) are based in the United States and process data there.

We ensure that any transfers of personal data outside the EU are protected by appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Our service providers' compliance with applicable data protection frameworks

These mechanisms ensure that your data receives an adequate level of protection regardless of where it is processed.

Legal Disclosures

We may disclose personal information if required by law or if we believe in good faith that such disclosure is necessary to:

• Comply with legal obligations, court orders, or valid governmental requests
• Detect, prevent, or investigate fraud, security incidents, or abuse of our Services
• Protect the rights, property, or safety of DevBlanket, our users, or the public

Any such disclosures will be limited to what is legally required and comply with applicable data protection laws.

Cookies

DevBlanket uses only strictly necessary cookies that are essential for the Services to function properly. These include cookies for:

• Authentication and session management
• Security and fraud prevention
• Remembering your preferences and settings

These cookies are required for the Services to operate and do not require your consent under GDPR. We use privacy-friendly analytics without cookies to improve our service. We collect anonymous usage data (pages visited, features used) but do not track personal information or use advertising cookies.

You can configure your browser to refuse cookies, but this may prevent you from using certain features of the Services.

Information Security

DevBlanket is committed to protecting your personal data. We implement reasonable security measures including:

• Encryption: All data transmitted between your browser and our servers is encrypted using HTTPS. Data at rest is encrypted using industry-standard methods.
• Access Controls: Access to customer data is restricted to authorized personnel only. Administrative access to critical systems requires multi-factor authentication.
• Infrastructure Security: We use DigitalOcean's secure cloud infrastructure, which includes automated backups, system monitoring, and physical security controls at their data centers.
• Regular Updates: We apply security patches and updates to our systems promptly.

Your Role: Please keep your account credentials confidential, enable multi-factor authentication if available, and notify us immediately if you suspect unauthorized access to your account.

Security Incidents: In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by law, typically within 72 hours of discovery.

While we implement strong security measures, no system is completely secure. We cannot guarantee absolute security but commit to using commercially reasonable efforts to protect your data.

Data Retention

We retain personal data only as long as necessary for the purposes outlined in this Policy, including:

• Active accounts: Data is retained while your account is active and you use our Services
• After account deletion: Personal data is deleted within 30 days, except where we must retain it for legal compliance, fraud prevention, or dispute resolution
• Backups: Data may persist in backups for up to 90 days before permanent deletion
• Legal obligations: Some data (e.g., billing records) may be retained longer to comply with tax and accounting requirements

To request account deletion, contact us at privacy@devblanket.com.

Links to Other Sites

Our Services may include links to third-party websites or services (such as payment providers or integrations). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal data.

Communications

By using our Services, you agree to receive transactional emails related to your account, billing, and service updates. You may opt out of marketing emails at any time using the unsubscribe link, but you cannot opt out of essential service communications.

To contact us regarding privacy matters, email privacy@devblanket.com.

Contact Information

If you have questions, concerns, or wish to exercise your privacy rights, please contact us:

Email: privacy@devblanket.com
Mail: Dev Blanket AB, Radiovägen 8, 13548, Tyresö, Sweden

We aim to respond to verified requests within 30 days. If you believe your inquiry has not been satisfactorily resolved, you have the right to lodge a complaint with a supervisory data protection authority.

Your Privacy Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal exceptions)
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Restrict Processing: Request that we limit how we process your data
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent for processing that requires it, without affecting prior processing

To exercise any of these rights, contact us at privacy@devblanket.com. We will verify your identity and respond within 30 days. We will not discriminate against you for exercising your rights.

Governing Law

This Privacy Policy is governed by the laws of Sweden. However, where you are located in a jurisdiction with mandatory consumer or data protection rights under local law, those provisions will apply to the extent they provide greater protection.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post any revised policy at devblanket.com/privacy and indicate the "Last Updated" date.

For material changes that reduce your rights, we will provide at least 30 days' advance notice by email or in-product notification. Your continued use of the Services after the updated policy takes effect constitutes acceptance of the changes.

Severability

If any provision of this Policy is found to be unenforceable, that provision will be modified to achieve its intent as closely as possible, or severed if necessary, and the remaining provisions will remain in full effect.