Legal
Privacy Policy
How we collect, use, and protect your data — and the data of businesses and users that interact with our services.
Last updated: April 2025 · DevHeist, Bihać, Bosnia and Herzegovina
01
Who We Are
DevHeist is an IT company based in Bihać, Bosnia and Herzegovina. We develop web applications, chatbot systems, and messaging automation solutions for businesses, with a focus on Messenger and Instagram integrations built on the Meta Platform.
This Privacy Policy applies to:
- Our website at devheist.com
- Software applications and tools developed by DevHeist for our clients
- Any messaging automation systems we operate on behalf of our business clients
02
What Data We Collect
We collect and process only the data that is necessary to provide our services. This may include:
- Contact information — name, email address, and phone number submitted through our website contact form
- Business information — company name, industry, and service requirements provided by our business clients
- Messaging data — messages and basic user information received via Messenger or Instagram, strictly for the purpose of enabling communication between businesses and their customers
- Usage data — technical data such as browser type, IP address, and pages visited on our website, collected via cookies and analytics tools
03
How We Use Your Data
We use the data we collect for the following purposes:
- To respond to enquiries and provide the services requested by our business clients
- To automate and manage customer conversations on behalf of our clients
- To improve and maintain our products and services
- To comply with legal obligations
We collect and process data only as necessary to provide our services. We do not use data for advertising, profiling, or any purpose beyond the services agreed with our clients.
04
Messenger & Instagram Data
Some of our services involve integration with Meta platforms — specifically Facebook Messenger and Instagram Direct — through the Meta Platform APIs. In this context:
- We access messaging data (messages and basic user information) only as permitted by Meta's Platform Terms and the permissions granted by our business clients
- This data is used exclusively to enable communication between the business and their customers — for example, to send automated replies or to display conversations in a management interface
- We do not use messaging data to target advertising, build user profiles, or for any purpose unrelated to providing the messaging service
- We do not sell, rent, or share this data with third parties
- Data accessed via Meta APIs is handled in accordance with Meta's Developer Policies and applicable data protection law
Messaging data accessed through Messenger and Instagram is used solely to provide and improve our messaging automation service. It is never sold, shared, or used for any advertising purpose.
05
Data Sharing & Third Parties
We do not sell or share personal data with third parties, except in the following limited circumstances:
- Service providers — we may share data with trusted technical providers (such as cloud hosting services) strictly for the purpose of delivering our services. These providers are bound by confidentiality obligations
- Legal requirements — we may disclose data if required to do so by law, court order, or governmental authority
- Business transfers — in the event of a merger, acquisition, or transfer of assets, user data may be transferred as part of the transaction
In all cases, we share the minimum data necessary and require recipients to handle it in accordance with applicable law.
06
Data Retention
We retain personal data only for as long as necessary to provide the agreed services, meet legal obligations, or resolve disputes. When data is no longer needed, it is securely deleted or anonymised.
Messaging data accessed via Meta APIs is retained only as long as required to operate the messaging service for our client. Clients may request deletion of their data at any time by contacting us.
07
Security
We take data security seriously and implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include:
- Encrypted data transmission (HTTPS / TLS)
- Restricted access controls — only authorised personnel can access data
- Regular review of our security practices
- Compliance with Meta's platform security requirements for API integrations
No system is completely secure. If you believe your data has been compromised, please contact us immediately at info@devheist.com.
08
Your Rights
Depending on your location, you may have the following rights in relation to your personal data:
- Access — the right to request a copy of the data we hold about you
- Correction — the right to request correction of inaccurate data
- Deletion — the right to request deletion of your data
- Restriction — the right to request that we limit the processing of your data
- Objection — the right to object to processing of your data in certain circumstances
- Portability — the right to receive your data in a portable format
To exercise any of these rights, please contact us using the details in Section 10. We will respond within 30 days.
09
Cookies
Our website uses cookies to improve functionality and understand how visitors use the site. We use:
- Essential cookies — required for the site to function correctly
- Analytics cookies — to understand visitor behaviour and improve the site
- Security cookies — such as Google reCAPTCHA, used to protect our contact form from spam
You can manage cookie preferences through your browser settings. Disabling cookies may affect some functionality of the site.
10
Contact Us
If you have any questions about this Privacy Policy, wish to exercise your data rights, or need to report a data concern, please contact us: