At Dev-Decoder Labs, we operate under a strict zero-persistence protocol. Any data you process through our security tools — including Base64 strings, JWT tokens, log data, IP addresses, file hashes, domain names, or reconnaissance queries — is handled exclusively in volatile server memory for the duration of your request and is never written to persistent storage.

We do not maintain a database of user inputs, scan results, or analysis outputs. When your request completes, the data is discarded. There is no audit trail of what you analyzed.

Our AI-powered tools — including Vulnerability Analyst, Payload Architect, AI Recon, Pentest Pro, Privacy Guard, and Threat Intel Hub — send your query data to external AI providers (Google Gemini and Groq) for processing. These requests are made server-side using our API credentials.

The AI providers' own privacy policies govern how they handle inference requests. We recommend reviewing Google's Gemini API privacy documentation and Groq's terms of service if you have concerns about the handling of specific query content.

We do not send identifying information about you alongside API queries. Queries are sent with our platform credentials, not attributed to individual users.

Dev-Decoder does not employ tracking pixels, third-party marketing cookies, or behavioral analytics scripts. We do not use Google Analytics, Meta Pixel, or equivalent services that track your activity across websites.

Your session identity remains isolated within your local browser environment. We do not fingerprint browsers or correlate sessions across visits.

What we do collect: Standard web server access logs (IP address, timestamp, requested URL, HTTP status code, user agent) are retained for a maximum of 30 days for operational purposes including abuse prevention and infrastructure monitoring. These logs are not analyzed for commercial purposes.

The platform operates on Render's infrastructure with HTTPS enforced on all endpoints. We do not operate our own data centers. Render's security practices and certifications govern the physical and network-level security of our infrastructure.

All communication between your browser and our servers is encrypted in transit via TLS. We enforce HSTS on all subdomains.

License keys purchased for premium tool access are stored only as a hash in our configuration — we do not store personally identifiable information alongside license keys unless you provide it voluntarily during the purchase process.

License key usage (validation attempts and timestamps) may be logged for abuse prevention — specifically to enforce the five-attempt lockout policy and identify credential stuffing against the key validation endpoint.

If you contact us at Bhavesh@dev-decoder.com to purchase a license, any email communication is handled through your email provider and ours and is subject to those providers' privacy practices.

The Threat Intel Hub requires you to provide your own API keys for VirusTotal, AbuseIPDB, OTX AlienVault, Shodan, and Groq. These keys are stored exclusively in your browser's session memory and are never transmitted to or stored on our servers.

When you submit an IOC for analysis, your API keys are sent from your browser directly to our server, used to make the relevant API calls, and then discarded from server memory when the response is returned. We do not log or retain your third-party API credentials.

We may update this privacy policy as the platform evolves. Material changes will be reflected in an updated effective date at the top of this page. Continued use of the platform after policy updates constitutes acceptance of the revised terms.

We do not send marketing emails, so we will not notify you of policy changes via email unless you have specifically requested that.

For questions, concerns, or requests related to this privacy policy or your data, contact us directly: