This Privacy Policy describes how Octidev Ltd (“Octidev”, “we”, “us”) collects and processes information when you use the website at octidev.com, the AI chatbot on this site, or any of our contact forms.
We're a small senior-engineering studio based in Dhaka, Bangladesh. We process data lawfully under the EU GDPR, the UK GDPR, and CCPA. If you'd like to exercise any data right, the quickest path is to email contact@octidev.com with “Privacy request” in the subject.
We collect the following categories, only as needed:
- Contact form / project inquiries. Name, email, company, project description, budget range — whatever you type into our contact form or send us by email.
- AI chatbot conversations.The bot on this site saves the messages you send, the assistant's replies, the page you started chatting from, and any details you share about your project (name, email, company, scope, budget, timeline). This is what powers the lead-qualification flow.
- Technical signals.A salted SHA-256 hash of your IP address (we don't store the raw IP), browser user agent, and an anonymous visitor ID stored in a cookie so we can match your replies to a conversation. We never store your raw IP address.
- Analytics. If you accept analytics cookies, we collect aggregated, anonymous metrics about which pages were visited and how long. Disabled by default until you opt in.
We use the data above to answer your questions, scope your project, send written estimates, and improve the site. Concretely:
- Reply to inquiries within ~4 business hours during EST overlap.
- Score and route leads internally so the right engineer talks to you.
- Improve the chatbot prompts and the website over time, based on aggregated patterns — never on individual conversations we'd single out.
- Comply with our legal obligations.
We don't sell your data, ever. We don't use it to train third-party AI models.
The site is hosted on Vercel and the database (Postgres) on Neon. The chatbot streams responses from Google Vertex AI (Gemini) using server-side credentials — your messages reach Google as part of generating a reply, but your contact info stays on our infrastructure. Email is delivered by your normal email provider when you write to us.
We use these providers under their respective data-processing terms. We don't share your data with anyone for marketing.
Lead and conversation data: kept for up to 24 months after your last interaction, so we can pick up the thread if you come back. Delete on request.
Analytics data: aggregated, no PII; kept for up to 14 months.
Cookie consent record:13 months — the EDPB's recommended max before re-asking.
Under the GDPR / UK GDPR / CCPA you have the right to:
- Access the personal data we hold about you.
- Correct any inaccuracies.
- Delete your data (the “right to be forgotten”).
- Restrict or object to processing (e.g. ask us to stop scoring your lead or chatting with the bot on your behalf).
- Receive your data in a portable, machine-readable form.
- Withdraw consent — disabling analytics or marketing cookies from the cookie preferences modal counts as a withdrawal for those categories.
Send any of those requests to contact@octidev.com. We reply within 30 days; usually much faster.
Security
Octidev's site runs over HTTPS. Sensitive data (admin session, consent, chatbot) lives in HTTP-only cookies signed with HMAC. The admin dashboard is gated by a server-verified password and rate-limited.
That said: no online service is perfectly secure. If you spot a vulnerability, please report it to security@octidev.com.
Contact
Questions, requests, or anything you'd rather just email us about?
Octidev Ltd
House #48, Road #19, Sector #11
Uttara, Dhaka 1230, Bangladesh
Email: contact@octidev.com
See also our Terms & Conditions.